Hi folks, I’m just getting into this hobby thanks to the posts in this community. So far, I’ve installed Ubuntu server 22.04 on an old laptop and got paperless working, and I’m pretty pumped. Now I would like to access it outside of my home network on my phone.

I have a Netgear R7000 with Advanced Tomato installed. Here’s my plan, but I don’t know if it would work… So I’m hoping for a peer review of sorts.

  • Get openVPN working on the router as a server.
  • make a certificate for my phone and use it as a client.
  • use my fedora laptop as the CA (?).

I think I need to use easy-RDA to make the keys and certificates…

Does that sound about right? It’s this a good approach or is there something better/easier/more effective?

If there’s a great tutorial around for accessing the home network externally, I’d super appreciate it. Would obviously prefer to do it myself and not pay for a service… I’ve been enjoying the learning experience!

    • Dark Arc@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I think it’s pretty secure and it will be getting better soon. In reality, I think it’s much more secure than what most people will end up with otherwise.

      ZeroTier is open source, long running without incident, and the traffic is encrypted between peers.

      The threat model is basically two fold though, in theory someone who has control of the ZeroTier roots (if you’re not using your own controller, if you’re using your own, then s/their roots/your roots/) could add routes to your devices, and add/remove devices that are part of your confirmation.

      The encryption also doesn’t currently have perfect forward security, so if there’s a compromise in one of your connections, in theory some past state of that connection could be decrypted. In practice, I’m not sure this matters as traffic at a higher level for most sensitive things uses its own encryption and perfect forward security (but hey maybe you have some software that doesn’t).

      The other thing I will note about that last point is that they’re working on a rust rewrite that will have updated crypto, including perfect forward security.

      • RustedSwitch@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Thank you for the write up! Very helpful.

        The use case I was wondering about is batch printing from a cloud solution. The print batch files could be encrypted, but I work with multiple solutions and I’m not confident that all of them encrypt those files. If it’s possible to crack old batches, that could expose sensitive information.