8685e - 2y
Quick tip: after you've configured Wireguard and closed the SSH port in your VPS dashboard firewall config, don't also disable it in UFW. At minimum you need to keep something like: ufw allow from (address the peer uses) to (address ssh listens to) Additionally you may also want to check if you can actually login to your VPS using some sort of virtual screen, before you do scary things. Though I suppose if you don't keep your root password around, nobody can steal it! https://maideveloper.com/blog/how-to-reset-linux-root-password
Some #WireGuard lessons I learned the hard way. Don't bother connecting a laptop via a mobile hotspot: 1. When using the mobile app, your laptop simply ignores the VPN (at least with GrapheneOS) 2. When using a regular mobile connection and the WireGuard client on macOS, you'll get handshake at best Don't try to connect to a server on your local network. When connecting to a remote server, your firewalls may bite you: 1. On the client machine itself, e.g. on macOS you may need to manually add the app to firewall app list 2. Your router might be blocking UDP packages that the server os replying with. https://github.com/GrapheneOS/os-issue-tracker/issues/21452
