Try with kasm.

Honestly, you don’t feel the lag of the connection (unless is a severe limited one) it also allows multiuser simultaneous connections.

Check and come back to ith yiur feedback!!!

I would recommend an LDAP sever for user Auth.

There you can create/authenticate user with a central repo in a machine independent fashion. Also having the possibility to allow /egate specific services from the central database is a big plus.

It seems difficult at the very beginning but it quickly pays off. Give it a try

Yes, definitely you will get a better deal going with a home made solution here.

Buuuut, there is an important point to highlight: The probability of synology fucking your data up is much lower than the average selfhoster. Unless you already know almost perfectly pros, cons, and how to solve problems without a data loss, you are not better than the average.

As an example, I went with a synology box even if I consider myself better than the average because the data in my nas is extremely (but really extremely) important to me and my wife. And the price was a reasonable fine in order to keep that data safe.

So, evaluate yourself : if. The data is really important and you are not a really good sysadmin then go with a professional solution. If not then go in DIY solution and learn in the process.

Just my two cents

Totally overkill if you cut the specs to the half I have the feeling they are still overkill

The only point are the hdds and the mass storage, I can not decide if it is a lot or not, but for your list I would say that you can even go one order of magnitude down. But it mainly depends if the number of Linux isos you want to archive

My points are totally in the other direction:

• stable, this is critic, if the app is not able to performs its duties with. 2 weeks uptime, then it is bad. This also applies to random failures. I don’t want to spend endless days to fix it
• docker, with a all-in-image, and as a nice to have the possibility to connect external docker composes for vpn, or databases
• a moderate use of resources, not super critic, but nobody likes to have ram problems

And then as a second league that lean the balance:

• integration with LDAP or any central user repo
• relatively easy to backup and restore
• relatively low level of break changes from version to version
• the gui / ease of use (in like with the complexity of the problem I want to address)
• sane use of defaults and logging capabilities

That’s all from my side

Totally agree with the first point, it is a limitation, and the guest wifi sticking to a eth port is just a patch. One that works but still a patch.

But I don’t see the point of the prefixes. What do you mean? I also have a custom domain and a local dns server y can use the domain even internally. I just simple ignore that…

Fritzbox boxes.

They tick all the checkboxes

• good standards support (including dect protocol if you want to have an ip phone or even iot protocols)
• fast wifi speeds
• cheap (at least for the second hand in ebay)
• super stable, never had a problem with them in 5 years or more
• fast roaming support out of the box

It is a well known brand in Germany but pretty unknown outside that country. Honestly it is the best bang for buck I was able to get.

Honestly, I would spend 10 minutes checking on them

No idea at all, but I am highly interested in your experience. So it would be great if you could came here back to share it with us

This is the answer

Yes, it will be enough if your services are not exposed via port forwarding , tailscale / zerotier are super convenient for this.

Honestly, if I were you I would start thinking in having a small computer just to act like a proxy / firewall of you synology, or even better, just run the applications on that computer and let the nas only serve files and data.

It is much easier to support, maintain and hardening a debain with a minimal intallation than nay synology box just because the amount of resources available to do so. In this easy way you could extent the life of your nas far beyond the end of life of the Sw

Don’t make it available from internet. This will solve the issue.

If it is not possible, once the cve is published and properly described, perhaps there is another way to secure it via an external proxy or even a waf.

If you have unsupported Sw, it is always a pain in the ass to keep them secure so try to figure out always the first point

Can someone be so kind to explain me what I am seeing?

Because it seems like I am not celvee enough to get it

The answer is mTLS.

But you will run into the key distribution problem. But if your number of devices is manageable, it could be the solution

This thing reduces the attack surface of the inmich installation.

If it is good, or bad or fitting to your security model can only be said by you. But honestly it sounds like a sensible thing to do

OK, thanks for the feedback. Perhaps I am doing something terrible wrong with it.

I will recheck the system again.

Thanks

Would you mind to elaborate a bit more about your experience witht he sophos?

I got a reused xgs115 a few months ago and I found the experience not so pleasant. The device lags a lot with the web page interface, the learning curve is steep in my opinion and I have problems to setup some services in a reliable way (they tends to hangs up, but this is perhaps my own problem)

Do you know by chance if they are able to have the Ds-lite tunnel for an ipv6 to ipv4 working?

How the average quality from those IKEA plugs?

In my experience Ikea quality in electronics range from ok to a big ball of crap without any apparent way to distinguish in which side they are.

Thank for the suggestions, I will take a look because it is true that I focused myself on the link manager but perhaps a link sync tool could do the job.

Thanks again

I didn’t know floccus, I will take a look.

Thanks for the suggestion

Thanks for the suggestion, but as far as I know there is not any plugin for the browser available, right?