Hello I am wondering if there is increased network/packet security by connecting to a server over ssh through a VPN hosted by that same server as opposed to without first tunneling by VPN. I imagine with or without tunneling through a VPN there would be latency/speed differences too?

  • Ponziani@sh.itjust.worksOP
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    But wouldn’t the port being open alert anyone who looks for that? Network security is not my specialty but I believe I have read that people can ping/scan ip addresses easily and quickly to determine if any ports are open / forwarded, so if Wireguard was used or any VPN software, they could pick up on that as an attack vector?

    • towerful@programming.dev
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      Wireguard uses UDP.
      Wireguard also strives to be “silent” for bad traffic/connection attempts. I’ve tried a cursory look to find more information on it, but nothing that explains it simply.

      Either way it doesn’t turn up on port scans.

      • Ponziani@sh.itjust.worksOP
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        But the router must forward the port to allow the VPN to be utilized , meaning that port being forwarded can be scanned/detected i thought?

        • damium@programming.dev
          link
          fedilink
          English
          arrow-up
          3
          ·
          7 months ago

          It depends on how the router responds to other non-forwarded ports. For UDP an open port with no response is the same as a dropped packet. A scanner will only know if the device sends an ICMP response back to indicate that it is closed.