All,
I am currently a member of a North Texas AREDN mesh network that is very successful and growing regularly. Since mountains and valleys are non-existent here, many of us have tunnel clients and tunnel servers configured so all on the mesh have decent connectivity and backup connections.
I have been in InfoSec for a couple of decades, and as such, _any_ security risk is generally a red flag for me.
I need to set port forwarding on my home router for my handful of WireGuard Tunnel Servers, and am requesting from the collective brain trust on this forum any workarounds, or risk analysis that lowers vulnerability concerns as far as opening ports on a home router to the Internet. Having a bad actor destroy or infiltrate the mesh, or a bad actor compromising my home LAN would be a worst-case scenario I am trying to avoid.
As far as port forwarding ports 5525-5534, I can and have done this, short-term; however my home router will not act as a firewall so I can't create rules for just WireGuard traffic protocols. I know I can setup a PFsense or OPNsense FW; however, am researching paths that are secure, with less overhead. Please advise on any input regarding this.
Second path I was toying with is x86 AREDN software on a VM on a hosted network (cloud, etc.) for my mesh node. Granted, this would be Internet only, and no RF, but for now, this would be fine.
Anyone have pertinent experience with either path? Constructive input would be greatly appreciated.
Regards,
Mark
I am currently a member of a North Texas AREDN mesh network that is very successful and growing regularly. Since mountains and valleys are non-existent here, many of us have tunnel clients and tunnel servers configured so all on the mesh have decent connectivity and backup connections.
I have been in InfoSec for a couple of decades, and as such, _any_ security risk is generally a red flag for me.
I need to set port forwarding on my home router for my handful of WireGuard Tunnel Servers, and am requesting from the collective brain trust on this forum any workarounds, or risk analysis that lowers vulnerability concerns as far as opening ports on a home router to the Internet. Having a bad actor destroy or infiltrate the mesh, or a bad actor compromising my home LAN would be a worst-case scenario I am trying to avoid.
As far as port forwarding ports 5525-5534, I can and have done this, short-term; however my home router will not act as a firewall so I can't create rules for just WireGuard traffic protocols. I know I can setup a PFsense or OPNsense FW; however, am researching paths that are secure, with less overhead. Please advise on any input regarding this.
Second path I was toying with is x86 AREDN software on a VM on a hosted network (cloud, etc.) for my mesh node. Granted, this would be Internet only, and no RF, but for now, this would be fine.
Anyone have pertinent experience with either path? Constructive input would be greatly appreciated.
Regards,
Mark