I’m currently running both a home server and a VPS. The former is not reachable through the internet, only through vpn. The latter hosts public services.

The VPS is regularly cutting it very close with storage and today I messed up and crashed the whole stack trying to make an impromptu backup. Lesson learned: we need more storage! I could just rent more storage but just today I updated my home server with 16 TB of raid 1 enterprise HDDs.

So I thought I could maybe do a (wireguard) VPN tunnel directly to some storage service that I host on my homeserver. The upload is not great but realistically I dont need much. The important stuff stays on the VPS. Mainly videos, pictures and other stuff that doesnt get accessed a lot should go there. The rest should be “cached” at the VPS.

I would have to host wireguard on a server port, only have it access one folder which doesnt contain anything important, forward the port on the router and have the vps have the keys. Even if someone gets into the VPS and steals the keys, they only get that one file storage folder.

Has anyone done this? Are there services that do this or do I just host wireguard and thats it?

Thanks for reading. Have a good one! :)

  • istanbullu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    5
    ·
    7 months ago

    I have a orangepi at home with a 2tb usb disk. I made it reachable via wireguard, and works very well as a samba server. No need to open any ports.

    • haui@lemmy.giftedmc.comOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      7 months ago

      Very cool.

      How exactly did you manage to make it available without forwarding a port? If the server is behind your routers with no way through, a vpn shouldn’t reach it either.

      • BreakDecks@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        7 months ago

        A VPN eliminates the need for port forwarding.

        Edit: Not talking about a “privacy VPN”, but an actual VPN that lives up to the name “Virtual Private Network”, where you are connecting to the private network you wish to access.

        • haui@lemmy.giftedmc.comOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          7 months ago

          I totally get that with a vpn that goes from a device within a closed network to a public one but my impression was that the commenter before me meant going from a public device to a device in a protected network which I found hard to believe

          • zooi@feddit.nl
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            They said “no need to open any ports” but that is false. The wireguard port obviously has to be opened for the VPN to work.

            • haui@lemmy.giftedmc.comOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              Thats how I view it as well. I love to learn so I‘m not evasive of the idea that I missed something. But from the downvotes and no meaningful answers except yours I derive that there might be a misunderstanding.

          • BreakDecks@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            going from a public device to a device in a protected network

            You mean the literal function of a VPN?

            • haui@lemmy.giftedmc.comOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              I‘m not sure you understand how a vpn works. It usually connects to the outermost part of a network (the router in my case) and then enters through there. The vpn port is always open and thats why I asked since you said thats not the case. (Incase that comes up: there are setups where another port is used for „knocking“ and opens up the entry port. Still one port has to be open to receive anything)

              Also, you have no reason to talk down to me. We might have had a misunderstanding here, idk. I‘m just asking to find out what you meant.

    • N0x0n@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      Well, you still have to open wireguard’s UDP port to make it reachable outside your LAN.

      Just sayin’ 🤷