this post was submitted on 04 Mar 2026
32 points (86.4% liked)

Selfhosted

59976 readers
108 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
32
How to access home network (eg, VPN) without port forwarding? (feddit.uk)
submitted 3 months ago* (last edited 3 months ago) by Flax_vert@feddit.uk to c/selfhosted@lemmy.world
35 comments fedilink hide all child comments
 

So basically, I will be away from home for several weeks. Unfortunately, this became the perfect time for our home router to start acting out and factory resetting itself. We are awaiting a new router for replacement, but the time is tight.

My stuff is ethernetted in, so that connectivity isn't an issue - the issue is that I couldn't actually connect to the router to restore services even if it had internet by fixing all the settings including port forwarding.

What I would like would be the ability to have a VPN perhaps connected to my homelab, so I can hop on the router and restore the settings if this issue happens while I'm away. Any ideas?

Edit: I settled on Netbird. Thank you for your help!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Onomatopoeia@lemmy.cafe 1 points 3 months ago (1 children)

The more open ports, the larger the attack surface.

That's all.

And today with the script kiddies out there, port scans happen all the time.

I've had a consumer router become almost useless from all the attempted connections on an open port someone found that I had up for a week.

Months later I'd still get hits on that port though it had been closed.

[โ€“] spaghettiwestern@sh.itjust.works 1 points 3 months ago* (last edited 3 months ago)

There are ~50,000-60,000+ available IP ports. If you had Wireguard configured correctly and running on every single one of them a port scanner would get exactly the same result as if every port was closed. Wireguard is completely silent unless the correct key is provided.

The "script kiddies" could scan every port for months and they'd get the same result. There is no known way to even know there's an open port much less know that Wireguard is running on it AND have the correct key for access.

I understand being gun shy after your experience (I would be too), but that experience has nothing to do with what happens when you open a port for Wireguard.