In the new UI, top center is a box called "Internal Services" which includes WAN ssh, WAN telnet and WAN web, They are all active by default (v3.24.10.0). In the minimal "Latest Docs" section I see that WAN telnet is "disabled" and ssh/web are enabled, maybe that is a new default setting. As I understand it, these allow control access to the node's settings from the WAN/Internet. I'm concerned about security and being able to telnet into my tunnel server node's CLI from the internet doesn't seem very secure. As I understand it, telnet is password free and wide open. SSH is probably OK and I don't know about WAN web. My inclination is to have mesh members with nodes connected to the WAN, mostly tunnel servers and clients, deactivate all 3 WAN interfaces. I did this to my tunnel servers and they appear OK. As I understand it ssh and web will still be available over the mesh/LAN. Is there something I'm missing? I can't imagine adjusting the nodes from the WAN side. Many/most of you have more experience. Any comments/suggestions?
Thanks! Lee
Thanks! Lee