Bit warden vault8/27/2023 ![]() I've setup various enterprise grade VPN solutions in the past but for home use (both personally and anyone else who has remote connectivity needs), I'd always recommend vanilla tailscale. The whole pitch of tailscale is that it's a very low-faff secure solution that can safely be recommended to home users that aren't necessarily deeply technical. ![]() While it's only a handful of commands, I wouldn't want to be faffing around with installing CA certs on every device I need to use. I wouldn't personally use openssl to self-generate certificates. Tailscale uses letsencrypt under the covers so yes, the certificate name will be published. Personally, I use the inbuilt tailscale certificate and would recommend anyone else do the same. This of this as just housekeeping tidyup. Disabling dyndns doesn't make you any more or less secure. Dyndns just gives you a DNS name you can remember (and also adjusts when your ISP changes your IP). Yeah, that makes a lot of sense not to expose anything to the internet and use tailscale to provide secure connectivity.ĭisabling forwarding of port 443 is the key bit that cuts off outside access. It doesn't expose any of your native service ports to the internet but the use of automatic name generation does make the DNS name searchable via the certificate ledger. It gives you a VPN protected wrapper to connect to your NAS so that services are only available to VPN authenticated end points. dyndns purely makes a DNS name available on the internet but doesn't make that name searchable and doesn't itself provide any capabilities to secure or protect services on the server end. ![]() Here's some examples of how to do that on an IOS deviceĭyndns and tailscale are quite different offerings. Given the certificate hasn't been generated by a trusted certificate authority, you would then need to install the public CA certificate you used to sign your above certificate into your device. If you don't want to use tailscales auto cert generation, you can use any TLS tool to generate and sign your own certs.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |