Being attacked!

[tekguru]

Yep great minds, I've already changed the port the VPN uses

Tailscale - hmm I've given it a look-see but I can't see it being much use to me as my main purpose in putting a VPN on the NAS was to access the web portal on the router and it seems you can't use it for that?

 

[tekguru]

The reverse proxy in DSM is for Web services and OpenVPN and L2TP/IPsec are not. So for these it’s port forwarding.

And I just worked out I can use RP to access the routers admin page (as it's a web service) so the VPN can be switched off completely......... I will do a bit more testing first though just in case.

-- post merged: 14. Aug 2022 --

So this begs the question which is more secure:

- To access the router web page via VPN and internal IP
- To access the router web page via RP

Surely the VPN is more secure and safer from external access?

 

[Rusty]

Surely the VPN is more secure and safer from external access?

Personally, I would stick with a VPN to access such a "delicate" element. Using any method of VPN (open, ipsec, wireguard etc) would be better than actually putting your router UI on the web via RP. Ofc you can protect that RP host with more rules, but I'm sure you could find other services that would benefit from VPN access than just the router UI.

my2c

 

[tekguru]

Yep that is what I was thinking too. I'll document what I've done then remove the Reverse Proxies.