If I’m understanding what you want to do, I have this set up on an OpenWRT router with multiple remote endpoints used for different devices. Our phones go to a hosted Wireguard server in one city, PCs to an OpenWRT router in a different location, and IOT devices that aren’t blocked and guest devices exit access the Internet locally. With some additional work you should also be able to have remote devices connected via WG exit wherever you like.

Policy Based Routing on OpenWRT makes this possible and it should be doable as long as the devices you want to allow to exit the remote server are included in that server’s “Allowed IPs” setting. (Maybe there’s a way around that, but I haven’t had to deal with it.)

As others have said, get something that works with OpenWRT. It’s unbelievably flexible and the OpenWRT forum can be really helpful, both for finding ways to implement things and for solving problems.

It’s amazing how much damage those scammers cause.

Last year I ran into a retired neighbor at Staples buying a new laptop because her existing machine had been hacked. She came back after leaving it running to find someone was logged in remotely. They drained $8k from her retirement account. Turned out 6 months earlier she got a call from “Microsoft” asking to connect to her machine because they “noticed it had a problem.”

Most of the people I know are computer illiterate. They know nothing about PC’s and don’t care to learn because they think of PCs as appliances. They want word processing, email, photos, and web, and don’t give a damn what’s going on under the hood. Microsoft support is generally pretty bad, but it’s far better than none at all.

That lack of any support (except me) is the only reason I haven’t moved friends and family to Linux.

And Maga will cheer for a 3rd term.

For non-enterprise users only two things:

1. Zero reasonably priced options for support when things go wrong.
2. Breaking changes caused by updates that make that support necessary.

If my neighbor’s Windows or Apple machine breaks they can call Microsoft or Apple, the PC manufacturer or a bunch of different support providers. Microsoft provides free support if one of their updates causes problems.

I can’t find any Linux support aimed at home users, only very expensive enterprise support options.

Meta’s done worse: https://www.hipaajournal.com/meta-facing-scrutiny-over-use-of-meta-pixel-tracking-code-on-hospital-websites/

Meta Pixel is a snippet of JavaScript code that can be used by website owners for tracking user activity through the use of cookies.

The problem is the data collected via this code snippet may be sent to Meta, and may include patients’ protected health information. Meta is not a business associate of HIPAA-covered entities, and under HIPAA compliance rules, any data transmitted to Meta would require patient consent to be a HIPAA compliant website.

Criminal and civil judgements are dwarfed by the huge profits generated by the violation of privacy laws. Shareholders and C-Suites don’t care where the money is coming from as long as it keeps coming.

Debian 12, Mint, Pi OS, Windows 11, Android. Works perfectly on all of them.

Also check out Syncthing. I have it running on my Pi5, PCs and my Android phone. The phone’s photos directory and lots of other files are automatically synced to my server and computers. No open firewall port is needed, everything is encrypted in transit and it supports trusted and untrusted hosts. Syncthing supports pretty much any topology, but I’ve found using star topology is easiest to manage.

I have everything route through the tunnel and my router. Along with allowing instant access to everything I self-host and my home server through VNC, it allows me to use Adguard Home for phone DNS lookups no matter where I am. Theoretically my cell carrier should no longer be able to see any of my Internet traffic which I consider an added bonus. I’ve found no downside except some weirdness from Google if I’m out of the country for an extended period.

I self-host various applications and have been really happy with Wireguard. After watching just how hard my firewall gets hammered when I have any detectable open ports I finally shut down everything else. The WG protocol is designed to be as silent as possible and doesn’t respond to remote traffic unless it receives the correct key, and the open WG port is difficult to detect when the firewall is configured correctly.

Everything - SSH, HTTP, VNC and any other protocol it must first go through my WG tunnel and running it on an OpenWRT router instead of a server means if the router is working, WG is working. Using Tasker on Android automatically brings the tunnel up whenever I leave my house and makes everything in my home instantly accessible no matter what I’m doing.

Another thing to consider is there’s no corporation involved with WG use. So many companies have suddenly decided to start charging for “free for personal use” products and services, IMO it has made anything requiring an account worth avoiding.

Besides the miserable experience unchecked advertisements cause, it is simply not safe to allow those advertisements to load.

A few years ago (before SSDs were common) I noticed unusual hard disk activity when loading a popular link aggregation site. A bit of investigation turned up a Trojan on my system. After removing it and reloading that site, my PC was immediately reinfected. The site owner denied any responsibility and said it was the advertising company’s fault.

The way the Internet operates now means no one is responsible for the content their site provides or the damage they cause. Imagine if restaurant owners were able to deny responsibility for the atmosphere in their restaurants or food poisonings they caused? IMO it’s the same thing.

Advertisers and websites have created the “dark traffic” mentioned here by repeatedly poisoning the public and they deserve the massive loss of revenue their behavior has caused.

2nd this configuration. My firewall rules block all external camera traffic and Frigate (once configured) is superb at detecting people without false alerts. All recordings are stored locally. It is disturbing just how much traffic smart devices try to send to China and Amazon, even when not subscribed to cloud services.

Home Assistant makes everything ridiculously flexible and is configured to turn on camera sirens if someone is detected at night or while my alarm system is armed, and disable sirens and alerts when doors have been opened or the alarm has just been turned off. The open Wireguard ports appear closed to scanners so I’m also reasonably comfortable with network security.

Glad to hear they’ve added headless support. Will have to take another look.

When I tried RustDesk it was not able to easily function on headless systems, including servers and my desktop PC if the monitor was powered off. Has that changed?

Anydesk and Teamviewer don’t have that problem, but both companies have had hacking incidents and Teamviewer actually blamed their users instead of taking responsibility. Allowing 3rd parties of any type remote access to my computers is IMO just asking for trouble, especially for always-on systems.

Wireguard plus VNC isn’t as seamless but it works fine the vast majority of the time. When I occasionally need features that VNC doesn’t support, NoMachine is a full-featured, free for non-commercial use alternative that works great with WG.

Edit: It looks like the latest release of NoMachine now offers a intermediate network service that operates like Teamviewer and Anydesk. Access via intermediate network ID is not enabled by default, so with it disabled it should theoretically be more secure than the other apps.

Returned a multi-week Hertz rental a couple of days ago and had to fight with the staff to get to get a written acknowledgement of no damage.

Customers are supposed to just trust Hertz employees will self-report damaging the car after it has been turned in? Absolutely laughable considering how many times rental companies try to screw over their customers.

This is great info and I won’t be renting from Hertz again.

AtariDump@lemmy.world wrote:

Great; how do I get my Mother to do that over the phone?

That’s not going to scale as I share out my server.

Are you incapable of recognizing that in this context my comment was a joke? What the fuck is wrong with you?

That’s not going to scale…

How many mothers do you have?

It’s not a cake walk, but I’ve something similar for a friend who can barely turn on his PC.

The OpenWRT router was fully configured before shipping it to him and the existing router’s needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn’t easy, but he ultimately succeeded.

3 - An OpenWRT router with Wireguard connecting to another router 1000 miles away will do the trick.