There are ~50,000-60,000+ available IP ports. If you had Wireguard configured correctly and running on every single one of them a port scanner would get exactly the same result as if every port was closed. Wireguard is completely silent unless the correct key is provided.

The “script kiddies” could scan every port for months and they’d get the same result. There is no known way to even know there’s an open port much less know that Wireguard is running on it AND have the correct key for access.

I understand being gun shy after your experience (I would be too), but that experience has nothing to do with what happens when you open a port for Wireguard.

deleted by creator

When I looked into this configuration a few years ago the security improvements seemed minimal. Adding yet another provider to the mix plus the additional risk of a server misconfiguration didn’t seem to be worth the trouble unless I was dealing with CGNAT.

Besides hiding endpoints from your ISP and exposing them to the VPS, how much security does this really add?

DDNS (Dynamic DNS), one 3rd party service I do use.

My network is reached by URL, not IP (although IP still works). When my IP changes the router updates the DDNS service in minutes. Lots of providers out there and it’s easy to switch if needed. I like DuckDNS. It’s free or you can choose to donate a bit to cover their expenses.

I think you’re overthinking it. Wireguard is considered the “gold standard” and an excellent solution for what you’re trying to do. Open ports can be a concern, but an open Wireguard port is completely silent when not in use and does not respond unless it receives the correct access keys. That makes it invisible to port scanners.

Wireguard on my OpenWRT router works flawlessly. If the router is working the WG endpoint is too, and there are no 3rd parties involved. Tailscale provides much the same thing, but as I understand it requires the involvement of multiple 3rd party services. I’ve been burned too many times by terms of service changes and security breaches so I wanted to avoid relying on any corporate entities wherever possible.

Tasker brings up the tunnel on my phone automatically whenever I’m not connected to my home wifi and drops it when I get back home, so my home servers are always available. My biggest problem when not at home is Verizon’s crappy mobile network.

IMO it’s worth the effort to properly configure Wireguard and get your servers working. Once you get it set up you probably won’t have to touch it for years.

Pretty sure a decent amount of them are bots.

Could be, but those bots must be programmed to simulate actual Maggots. They don’t know how to spell, capitalize or use punctuation, much less write more than a single barely comprehensible sentence.

I found it useful for some things. We have a pack of coyotes in town that preys on dogs and occasionally is spotted in the neighborhood. It was also useful for business & contractor recommendations, but have to otherwise agree with you.

It goes deeper with Nextdoor. During Covid someone living next to a local evangelical church posted pictures of a packed event where no one was wearing a mask. Some of those pictures included the backs of a few kid’s heads.

The “Good Christian” church members complained that he was a pedophile and Nextdoor deleted his account! This could not be done by moderators and required Nextdoor executive approval.

Nextdoor is a Maggot haven from top to bottom.

Even in my relatively liberal U.S. city, Next Door is overrun by Magats who are cheered on and protected by right-wing Magat moderators. It needs to die and this looks like a great replacement.

Mine does that too, but LG’s app required fine location permissions to be always on. No way in hell I’m going to let LG track my every move so I can be alerted when the fridge door is open or the washer’s done. They’d have to buy me dinner first.

It took a bit of effort and finding a really stable Linux distro on my hardware. For me that was Linux Mint.

Switching was made relatively easy by dual-booting and running Linux as much as possible while going back to Windows if I didn’t have time to figure something out. After few months of this I wasn’t using Windows at all and eventually deleted the partition.

Your assumptions are no longer accurate.

For one thing Lithium-ion batteries are becoming common in consumer UPS models including those from Cyberpower, Eaton, and APC.

There is no memory effect and they don’t need to be discharged and recharged regularly.

Similar to a mechanical device that wears out faster with heavy use, the depth of discharge (DoD) determines the cycle count of the battery. The smaller the discharge (low DoD), the longer the battery will last. If at all possible, avoid full discharges and charge the battery more often between uses. Partial discharge on Li-ion is fine. There is no memory and the battery does not need periodic full discharge cycles to prolong life. - https://www.batteryuniversity.com/article/bu-808-how-to-prolong-lithium-based-batteries/

The risk of fire is extremely low. For a high quality charge limited lithium ion battery in a controlled environment it is about the same as a UPS with lead acid batteries.

Your chance of being struck by lightning in the course of a lifetime is about 1 in 13,000. Lithium-ion batteries have a failure rate that is less than one in a million. The failure rate of a quality Li-ion cell is better than 1 in 10 million. https://www.batteryuniversity.com/article/bu-304a-safety-concerns-with-li-ion/

Battery swelling (not caused by manufacturing defects) is primarily caused by overcharging, deep-discharge, physical damage, and heat, none of which are problems for my server installation.

The risk of fire from parking your car in your garage is hundreds of times higher than using a laptop as a server.

After having my server fail to recover after a power failure while I was out of town for an extended period, I moved all important server apps to an relatively inexpensive (<$200) laptop.

The battery is firmware limited to a 70% charge which means it will last for years with no significant safety concerns. Even at a partial charge, Debian indicates 7 hours of run time when the power fails (I’ve had none longer than 4), and it’s unaffected by power blinks. It saves a bit of electricity too and costs $150 less per year to run than my old UPS alone.

It’s been running for nearly 2 years without a hitch.

You win, but you definitely need to find other hobbies.

44 automations? HA!

I have a small home and currently have over 200 automations. Maybe I need to find other hobbies.

Thought of another one…

I bought some TP-Link wifi bulbs that were flaky from the start. After some investigation I discovered that these particular bulbs felt it important to phone home to China every few seconds and became very, very unhappy if the lines were down. After a short tantrum they would reset their wifi connection before regaining consciousness. What that meant in my 3 bulb fixture was that when my “lights off” scene was triggered and my firewall was blocking their corporate masters, one or more of the bulbs was often in a stupor and would remain on indefinitely.

Did I just go spend $25 on some new, decent bulbs that actually worked? Nope - no way some stinking TP-Link bulbs were going to win! Instead I spent hours creating multiple redundant automations that checked for each possible failure state, kept polling the bulbs until their tantrum ended and they regained consciousness, and then turned off whatever bulbs were left on.

Every time I turned off the lights I was able to declare victory. After I felt they had learned their lesson I bought some Zigbee bulbs that actually work.

Suggestion for enhancement: Have the LEDs start out yellow and after a couple of minutes turn them red because entry has likely become hazardous.

Thanks for that. You reminded me of something similar I posted here.

What a wonderfully ridiculous waste of time and effort. I hope your daughter realizes how lucky she is.

Thanks for that. Now I need a new dishwasher.