All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Tips for getting end-to-end encryption to home LAN
Currently I run the following setup to connect to web apps in my home LAN:
- VPS is connected to the LAN VM using a WireGuard tunnel
- VPS runs nginx, with proxy_pass to the LAN VM
- Client connects to VPS using WireGuard (other tunnel than the one mentioned earlier)
- I can visit web apps hosted in the LAN VM from outside my LAN, using two WG tunnels*
I can also skip the second WireGuard (client <-> VPS) tunnel if I want to, and just visit the VPS address itself, but this is just for testing purposes.
But now I want to have end-to-end encryption, so the VPS only sees encrypted traffic.
Thought of adding HTTPS to client <-> VPS and VPS <-> LAN VM is not the solution because decryption will take place on VPS.
With both WG tunnels active, traffic will be decrypted and encrypted on the VPS, so no E2EE.
I can disable the IPv6 firewall on my ISP router but I rather leave that on, and access my LAN stuff through a VPS using WG.
Any ideas/thoughts? All feedback is appreciated.
Comments
I think this is what you might be interested in: https://www.procustodibus.com/blog/2021/12/wireguard-e2ee-hub-and-spoke/
But it would require you to abandon running nginx on the VPS and instead everything is handled on your LAN VM.
Why can't the client connect directly to the LAN VM via WireGuard? Use an IPv6 address or port forwarding to allow access to it externally.
I believe zerotier is the easiest solution
I can’t seem to find the port forwarding option in my ISPs router.
Don’t know if it’s available.
Using IPv6 to connect directly isn’t really an option for me since I don’t want to turn off the firewall for my whole network, and that seems to be the only option.
The firewall doesn't let you open just a single port??
What's the model number of the router?
https://yggdrasil-network.github.io/
I managed to open up a port on my router over IPv6 to set up a tunnel to my LAN, as @Daniel15 suggested, thanks
I added IPv4 port forwarding as well in case IPv6 is not available.
Now I don't use the VPS.
It seems to fit my needs, will test it the coming days/weeks.
Thanks all for your replies.