"
thanks, do you think the use of suricate makes sense in the scenario of opening the port (+caddy, mtls, authelia) ?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: To open or NOT open ports (Port opening vs Tailscale), secure remote access
June 24, 2025, 11:55:24 PM #2
General Discussion / Re: To open or NOT open ports (Port opening vs Tailscale), secure remote access
June 24, 2025, 10:02:38 PM
moin Patrick :D,
right now I am using the wireguard vpn of fritzbox sometimes. But the problem with the vpn switching stays. So it's a little bit annoying for me to have the vpn activated and to switch from one vpn to the other. Of course it's more privacy friendly because of the omission of meta data. But another concern is that if someone grabs the wireguard conf he can also easily connect to it (without entering any password or so) I don't like the idea. So I think I would rather use Tailscale.
My question is: Would my setup with the open port (+mtls, authelia, crowdsec) be ok or should I go another path. Are here any users who went this way?
right now I am using the wireguard vpn of fritzbox sometimes. But the problem with the vpn switching stays. So it's a little bit annoying for me to have the vpn activated and to switch from one vpn to the other. Of course it's more privacy friendly because of the omission of meta data. But another concern is that if someone grabs the wireguard conf he can also easily connect to it (without entering any password or so) I don't like the idea. So I think I would rather use Tailscale.
My question is: Would my setup with the open port (+mtls, authelia, crowdsec) be ok or should I go another path. Are here any users who went this way?
#3
General Discussion / To open or NOT open ports (Port opening vs Tailscale), secure remote access
June 24, 2025, 06:36:40 PM
Hi,
so I thought about these scenarios (Opening ports vs Tailscale) for a long time and I am still unsure what suits me better. For a long time I used Cloudflare tunnels and it was very convenient, but now I am more privacy conscious and want to ditch cloudflare because of their ability to see/read the data at their side (= data is unencrypted).
Now I am thinking of either using Tailscale where I don't have to open any ports or going the oldschool way: Opening port 443 or 80.
Back in the old days many people and blog posts suggested the latter one (probably because there were no other solutions back then) or just use a VPN.
The most negative point for me using Tailscale is that the VPN client has to be activated the whole time on my phone. I am using other VPNs too and have to disable the connection and connect to another VPN. Also I dislike the key symbol in the status bar when VPN is active :D.
Second negative point is that Taiscale gets meta data and maybe in future they decide to restrict things more, who knows?
On the second scenario with the opened port I plan to do the following:
-open port 443
-activate geoip block on opnsense to only allow my home country to connect
-set up caddy reverse proxy on opnsense and to use mTLS with my own certificate. Users who don't have the mTLS cert gets blocked.
-use authelia on my server where I put it in a separate vlan for safety
-use crowdsec
-put docker machines in a separate vlan (risky ones like vaultwarden also in a separate one)
So if we take these 2 scenarios: Is it now ok to open the port 443 or to just use Tailscale? I am asking because somehow everywhere nowadays it is not suggested to open ports anymore. Is it really this bad?
P.s. I don't want to pay for extra services like an extra VPS or something.
Thank you and I am excited to hear what you guys think and how you handle the secure remote access.
so I thought about these scenarios (Opening ports vs Tailscale) for a long time and I am still unsure what suits me better. For a long time I used Cloudflare tunnels and it was very convenient, but now I am more privacy conscious and want to ditch cloudflare because of their ability to see/read the data at their side (= data is unencrypted).
Now I am thinking of either using Tailscale where I don't have to open any ports or going the oldschool way: Opening port 443 or 80.
Back in the old days many people and blog posts suggested the latter one (probably because there were no other solutions back then) or just use a VPN.
The most negative point for me using Tailscale is that the VPN client has to be activated the whole time on my phone. I am using other VPNs too and have to disable the connection and connect to another VPN. Also I dislike the key symbol in the status bar when VPN is active :D.
Second negative point is that Taiscale gets meta data and maybe in future they decide to restrict things more, who knows?
On the second scenario with the opened port I plan to do the following:
-open port 443
-activate geoip block on opnsense to only allow my home country to connect
-set up caddy reverse proxy on opnsense and to use mTLS with my own certificate. Users who don't have the mTLS cert gets blocked.
-use authelia on my server where I put it in a separate vlan for safety
-use crowdsec
-put docker machines in a separate vlan (risky ones like vaultwarden also in a separate one)
So if we take these 2 scenarios: Is it now ok to open the port 443 or to just use Tailscale? I am asking because somehow everywhere nowadays it is not suggested to open ports anymore. Is it really this bad?
P.s. I don't want to pay for extra services like an extra VPS or something.
Thank you and I am excited to hear what you guys think and how you handle the secure remote access.
#4
23.7 Legacy Series / Multiple Instances from same service, Heavy RAM usage
August 31, 2023, 03:46:53 PM
Hello,
I was not aware that there were the upgrade to 23.7 ???. I upgraded today. But the problem is different. Suddenly this morning the internet was very slow and when I checked the opnsense dashboard I saw that over 90% of the RAM was used (from 16Gig). Normally a maximum of 10-20 % is used. I did a Zenarmor update like 2 days ago but I don't know if thats the reason.
I searched a little bit and found out that from a plugin or service there are many instances running parallel. So how can I fix the problem? For example on the picture you can see that adguard home is running 11 instances. Should I clean install everything?
Thanks for the help & best Regards :)
EDIT: I don't know why but everything is now.
I was not aware that there were the upgrade to 23.7 ???. I upgraded today. But the problem is different. Suddenly this morning the internet was very slow and when I checked the opnsense dashboard I saw that over 90% of the RAM was used (from 16Gig). Normally a maximum of 10-20 % is used. I did a Zenarmor update like 2 days ago but I don't know if thats the reason.
I searched a little bit and found out that from a plugin or service there are many instances running parallel. So how can I fix the problem? For example on the picture you can see that adguard home is running 11 instances. Should I clean install everything?
Thanks for the help & best Regards :)
EDIT: I don't know why but everything is now.
Pages1
