Hey all. I am heading off to college soon and want a way to tunnel into our home network, large emphasis on it being secure as my dad is in IT lol. Sorry if this is a common question.
I would also appreciate some guidance with regards to what software to use, I had been assuming I would go with PiVPN (wireguard) but am open to anything that would run on Linux or MacOS (server-side) if it would work better.
Some of the things I have considered are:
- 2FA - But now that I think of it, this is probably overkill. I will really be the only one connecting, and I don’t see myself leaking the keys (or whatever they’re called).
- Email upon connection/disconnection - Probably just going to end up as spam filling up my inbox?
- Weekly email report with all incoming connections, usage stats etc. - This one probably makes sense. Not entirely sure how I would go about doing this with PiVPN but it does sound like it is possible.
I was originally going to make a post asking how to implement the above features. But as you can see, I am wondering whether a lot of these ideas would have been overkill. So, I thought I would shift the question to a more general one about how I should secure my VPN setup. Please share anything that you personally do to keep your network safe.
Thanks for any advice!
2FA - But now that I think of it, this is probably overkill.
2FA is never overkill, it’s an absolute essential piece of anything internet facing, especially something as sensitive as the VPN connection.
Other items you listed are good, I have notifications for failed logins setup and test them every couple months. It’s also good practice to build a VPN VLAN and only allow the bare minimum of what you need out of that VLAN. Example: Does a VPN client need RDP/SSH access to the entire network or maybe just a jumpbox? Does a VPN client need Samba for the entire network or just a single file server? Etc.
Separate service. operate network separate items. Intervlan routing between them if needed. complicated but “secure”
only you and dad can asses risk vs outcome and cost to cover both. Also the same issue for profit
I have pfsense after my modem, I configured OpenVPN and with my laptop I can travel anyplace and vpn home. Configuration was easy for me.
I’m not so knowledgeable about networking but would this essentially be setting up a separate VLAN for when I’m VPN’d in?
In my case our “homelab” is essentially only a single NAS - and that is both the only thing I want to access and the only thing we really want to protect. So unless I’m misunderstanding your comment I don’t think this would really help - but I could be wrong.