I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

  • sandwichsaregood@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    7 hours ago

    I agree that there is some value to obscurity generally, but Wireguard already evades port scans and fingerprinting. Unless a packet is signed with a known key, it gives no response to traffic, so scanners and fingerprinters see a closed port. You ISP can identify WG traffic while you are connected by inspecting your traffic, but random scanners won’t see anything. Look on shodan, you won’t see Wireguard.