Connecting to remotely nodes, what's the best option? Tor, TailScale... \ stacker news ~bitcoin

Connecting to remotely nodes, what's the best option? Tor, TailScale...

2958 sats \ 18 comments \ @02a0eb55b5 17 Jun 2023 bitcoin freebie

Hey there,

Have been running few nodes and always struggling to understand what's the best/secure/private/anonymous option to connect remotely to the node to perform some maintenance.

As ssh is not always available, have been exploring connecting to nodes remotely (outside the local network) with a Tor browser and also using the IP provided by TailScale

Any feedback on these two will be much appreciated or in case other options ara available please share your solution(s) below

Thanks in advance

view all related items

220 sats \ 4 replies \ @ek 17 Jun 2023

I like WireGuard since I like to control the whole stack.

I rent a nanode on Linode (now Akamai) for $5 per month which acts as my VPN Gateway.

The hardest part is to configure that VPN Gateway but if you are interested, I can explain how to do it and share my config.

I wanted to do a blog post on my website about how to setup WireGuard to connect all your devices together anyway. Would even be my first blog post then :)

20 sats \ 0 replies \ @DarthCoin 17 Jun 2023

Wireguard is good !

10 sats \ 0 replies \ @mo 17 Jun 2023

A guide on how to set up Wireguard will be great and highly appreciated!

0 sats \ 0 replies \ @andy 18 Jun 2023

Check out StaticWire (https://github.com/AndySchroder/StaticWire). It's a wireguard tunnel rental service that I've created that provides dedicated public static IPv4 addresses that's lightning enabled. You can skip all the fuss about dealing with a VPS and setting up and managing the wireguard server. Currently StaticWire has a simple command line interface to coordinate the rental of the tunnel, but I'm working on a web interface as well.

0 sats \ 0 replies \ @pepe78 18 Jun 2023

check this https://github.com/angristan/wireguard-install/blob/master/wireguard-install.sh

40 sats \ 0 replies \ @DarthCoin 17 Jun 2023

You could use Tailscale just fine (ssh or full remote desktop). What you can do is to limit the access to that, only from specific IP(s) and users. For example you could use a specific VPN IP always to access your node. That way you limit drastically all possible intrusions. And if you travel a lot (so you will have a dynamic IP), using that VPN helps you also for many things.

But the general rule is to limit the times you were doing these remote maintenance.

1 sat \ 1 reply \ @billiam 17 Jun 2023

VPS Nginx rev proxy with let’s encrypt certificate routing to my local backend where the backend ports are ssh remote forwarded to the the VPS. Used that to expose 8080 ports (lnd rest).

0 sats \ 0 replies \ @ursuscamp 18 Jun 2023

I used to do this, then I discovered Tailscale and switched everything over to it. It’s so easy to setup that it completely blew my mind.

0 sats \ 0 replies \ @0298e6e22c 21 Mar

are you connecting via ssh throught tor? I think that's the best option.

0 sats \ 0 replies \ @Busybe3z 18 Jun 2023

𝐇𝗼𝐰𝐝𝐲 𝐝𝗼 ? 🤠 👋

0 sats \ 0 replies \ @Bear 18 Jun 2023

I did a wireguard on a router level, it was easier to setup with my router so it now gives me access to the entire network and I can ssh or enter Thunderhub on my phone from anywhere. worth the effort imo.

0 sats \ 0 replies \ @JesseJames 17 Jun 2023

TailScale or Cloudflare tunnel, whatever works the best is a working premise

0 sats \ 0 replies \ @028ff21d26 17 Jun 2023

Wireguard or OpenVPN are your best solutions.

0 sats \ 0 replies \ @xmrk2 17 Jun 2023

Note that you can connect by ssh over tor, see https://juraj.bednar.io/en/blog-en/2021/12/15/tor-as-a-tool-for-remote-access-to-a-computer-via-ssh/ .

No public IPv4 needed, it is free of charge, but a bit slow of course.

0 sats \ 1 reply \ @022a8a1886 17 Jun 2023

Running a own reverse proxy server, using https & fail2ban, login in your applications.

10 sats \ 0 replies \ @_redacted 17 Jun 2023

Depending on use case this can be a good option but is considered fairly risky. Every application exposed is additional surface area for attack. If the services don't need to be exposed to the public than it is safer to not expose them. Tailscale/Wireguard/other-VPN will expose 1 thing (the VPN) and the rest of the services are safely behind the VPN.

0 sats \ 0 replies \ @philipleonardgriffiths 6 Jul 2023 freebie

If you want more secure/private/anonymous option, I would suggest OpenZiti. Its an open source project I work on which allows anyone to embed zero trust networking and SDN principles into almost anything for any use case. Most important, it removes the need for inbound firewall ports, VPNs, public DNS and more. Think Tailscale but focused on connecting services rather than devices/hosts, with some concepts of Tor built into it.

0 sats \ 0 replies \ @dfn 18 Jun 2023 freebie

I use https://www.netmaker.io - a mesh network built upon WireGuard, and It's open-source with self-hosted solution!

Here's a video that made me go for Netmaker: