![](https://feddit.de/pictrs/image/4116753e-547b-404a-a523-f57570cf11c0.webp)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
Put your external facing services behind the VPN, or at least put them in a separate VLAN that’s firewalled in such a way that they can’t reach the rest of the network if they become compromised.
Put your external facing services behind the VPN, or at least put them in a separate VLAN that’s firewalled in such a way that they can’t reach the rest of the network if they become compromised.
I would advise that you instead also connect the Windows machine to the VPS with WireGuard as 10.1.0.3, basically mirroring what you’ve done on the Ubuntu server. The routing will be a mess otherwise. Another option is running the WireGuard tunnel on your gateway with something like OPNsense.
Does the machine running the WireGuard tunnel to the VPS acts as a “router” aka gateway for the network? Otherwise the windows machine doesn’t have a return path for the connection.
I would assume no since Valetudo has its own API.
S920
I’m running this as my router. It handles a 500/500mbit connection over WireGuard for me without a problem. CPU usage can spike up to 80% when I push it as much as I can, so depending on how it scales I’m not 100% sure how it would handle 1gbit routing+vpn for example.
Make sure mDNS is working properly in your network.
Same! Which version do you use? Small or big?
I would say there are better methods to solve this problem these days than a script. Check out Ansible or NixOS.