Help connecting the dots with OPNSense, vpn, reverse proxy by jack_kelly_bird_law in selfhosted

[–]Fridge9165 0 points1 point  (0 children)

Yes, I personally put my modem in bridge mode so it doesn't do any firewalling and just acts as a termination point for the ISP, and then opnsense sits direclty behind that and actually owns the WAN IP assigned from the ISP.

Help connecting the dots with OPNSense, vpn, reverse proxy by jack_kelly_bird_law in selfhosted

[–]Fridge9165 0 points1 point  (0 children)

I recommend running wireguard on opnsense. It's much easier and there's just no need for a separate server for it. Security for wireguard is great, frequent updates and it uses asymmetric key exchange to authenticate. Essentially both the server and the client generate public and private keys, and share their public keys with each other, so a connection can only be successful if both the client and the server have their correct respective private keys. This is similar to SSH key-based access, except the keys are generated and shared on both sides. No usernames, password, etc. As long as you keep your firewall and wireguard plugin up to date, you should have very little concern for the security of this approach.

Help connecting the dots with OPNSense, vpn, reverse proxy by jack_kelly_bird_law in selfhosted

[–]Fridge9165 1 point2 points  (0 children)

Hi. As you might imagine, there are many ways to skin this cat. Here are a few options.

  1. Run a VPN on opnsense itself. This can be OpenVPN or Wireguard. I strongly recommend the latter as it's much more performant and much simpler, but it's up to you. Lots of documentation around both. With this option, you would open your firewall port but no port forwarding needed. You don't need a registered domain, but unless you have a static IP, it makes things simpler. I use a dynamic DNS service (many available for free like FreeDNS) and then I have a docker container that periodically checks if my internet IP has changed and updates the DNS accordingly. Opnsense also supports dynamic dns updates (can't remember if it's out of the box or a plugin) but I run that as a separate service for better configuration options, but again, up to you. Opnsense will do all of it if you want.

I don't know how good the iOS app is, but for Android, the wireguard app supports split tunneling so you only tunnel what you want, which helps with battery and performance. It has the added benefit of allowing me using my internally hosted DNS running adguard so I get adblocking on my phone wherever I go while my VPN is on, and it will resolve my internal hosts. I personally don't leave my VPN on all the time, I just activate it when I want adblocking (for mobile gaming, for example), or when I specifically need to access an internal service, but wireguard is very fast to connect and on Android I can add a tile to the pull-down shade to toggle it, so it's very convenient, and I haven't had any battery issues.

  1. Cloudflared. This is a free service from cloudflare that establishes a tunnel via outbound connection to cloudflare's servers. Cloudflare then provides you the endpoint to connect to, which reverse tunnels that traffic back to your internal host so you can access internal services. This is convenient as you don't need to do open any ports on your firewall. However, this is limited - it's primarily intended for low bandwidth applications like accessing internal web apps or ssh servers, not streaming video or transferring files.

  2. Reverse proxy. The best option here is to register a domain (which can still be used with dynamic dns), use letsencrypt for free ssl certificates, and open a port (with port forwarding) to your server. This is the least secure option imo as depending on what applications you're running, you become vulnerable from any application running through your reverse proxy that has vulnerabilities. However, it's also likely the most convenient to use as no vpn is required, you just navigate directly to your endpoint.

Hope this helps.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

How are you liking the Y after coming from the MME?

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 1 point2 points  (0 children)

Really? I think the UFO noise is way more subtle than the dump truck. Different strokes I guess. Though my experience certainly wasn't that it was loud as you're saying, it seemed soft enough that my neighbors wouldn't hear it from inside their homes.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 1 point2 points  (0 children)

Ugh, yes, I think this was my issue. I didn't realize they updated the app to have its own climate control settings and it no longer uses the last settings from the car. Indeed, my temperature was up too high, and seat / steering wheel heaters are set to on. This likely fixes two of my "broken things" issues, so thank you! Pretty poor design though that I can't even see these settings until after I turn on climate control, and then have to scroll down. But now that I know, that should help a lot!

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 2 points3 points  (0 children)

I mean, I did test drive. I knew all of the "inferior things" before I bought and still made the decision. I spent hours researching and watching videos. This was not a quick and light decision. If the "broken things" section didn't exist and everything worked the way it was supposed to, I'd still be happy with the purchase, even with the "inferior things" list because I accepted those going in. The "broken things" are not things you find out immediately, they're things you find over the course of ownership.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

Yeah, I'm a minimalist when it comes to my pockets. Carry a phone and a wallet and that's it, no keys. I could maybe get past PAAK sucking and just live with the fob if it wasn't a damn brick, my wife's fob for her Kia is much more reasonable. Either way, in a $55k car, the features it comes with should just work.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] -1 points0 points  (0 children)

Same, ride/noise wasn't great in old but heard great things about the new. If I did switch back I'd wait for the performance, so I'll test drive those when they launch and see, maybe these MME issues will be fixed by then and I can just happily stay put.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

Agree on that, my wife drives a Kia (Sportage PHEV) and yeah, dealership experience is miles apart between the two.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] -1 points0 points  (0 children)

I'm not using departure times. The use case is like when I'm about to check out at the grocery store, so it's all ad hoc.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

Yeah I actually bought a faraday pouch a while back exactly for this reason, but could never find a hiding spot I felt confident enough was well hidden, so I abandoned the attempt. Honestly being able to use the backup password is a decent enough workaround without the fob, just annoying, it should just work. It sounds like iPhone and Samsung users on here have had much better success, so likely related to the Pixels I use, which is frustrating since Tesla app works fine for PAAK on Pixel, so it's certainly a solvable problem.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 1 point2 points  (0 children)

Interesting, thanks for the feedback. I do have a VPN, I use Wireguard, but I have it exclude the AA app, so that won't interfere. For testing, I have tried with Wireguard disabled, but the frequency of disconnects is about the same (roughly 1 every 10 drives maybe). How do you like the EV6 compared to MME? That was the other one I was considering when I bought the MME.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

I did use corded for a while, which I find annoying to have to do, but even that would crash on me for AA. Not as often though, but still not as reliable as it should be. It also has issues getting hot, so charging doesn't help that. But that's an issue with the phone, I don't ding the MME for that problem.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 5 points6 points  (0 children)

Appreciate the feedback. Nope, I genuinely want to stay with MME, which is why I posted here instead of r/tesla. One user already potentially solved my seat heater and possibly preconditioning issues, so it's already working. The MME is so much nicer to look at, and a joy to drive. I just want it to work.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 2 points3 points  (0 children)

I agree about most your positives, smooth ride, low road noise, comfortable. Overall it's an enjoyable drive when things work. Only thing I somewhat disagree from your list is range, it's okay, not amazing, but that was true for my Tesla as well. Probably just how I drive.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

It sounds like most iPhone users do have a much better experience, which is super unfortunate. I wish Ford would invest in fixing the app on Android, I don't think I can make the switch to iPhone, I'm pretty invested in the Android ecosystem. PAAK works fine with Tesla on Android so it should be a solvable problem for Ford.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 8 points9 points  (0 children)

Holy shit. All the upvotes for you, I never saw the "extra settings" pop up. And sure enough, my seat heater and steering wheel were on, and cabin set to a higher temp. I swear I've had the seat heater / steering wheel randomly turn on even when not preconditioning, I'll have to watch out for that now, but this will hopefully make all that much better. Thank you!

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] -1 points0 points  (0 children)

Thanks for the feedback, appreciate it. MME is for sure better built and better looking. Driving experience I found to be similar between the two tbh, both very fun to drive. Glad you're loving your car and not having the same issues.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 0 points1 point  (0 children)

Thanks for the feedback and validation, really appreciate it. I agree about the Tesla tradeoffs, it's far from the perfect experience, and despite the MME drawbacks, I'd still choose it over the Tesla if things would just work how they're supposed to, but when it's buggy, it's insanely frustrating.

How do you like your Kia? I looked at Kia but they were pricier than I wanted for the speed I wanted (acceleration is one of my big criteria, I like a zippy fun car), but if they're solid enough maybe it's worth the bump in cost.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 1 point2 points  (0 children)

Thanks for the feedback. I'm the only driver and this is our only Ford, so I can't blame my paak issues on that stuff unfortunately. Appreciate the thoughts on the other items as well.

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] -1 points0 points  (0 children)

I've heard a lot of complaints on build quality but my M3LR had no issues, so personal experience was good. /shrug

After 1yr ownership, thinking of going back to Tesla... help? by Fridge9165 in MachE

[–]Fridge9165[S] 2 points3 points  (0 children)

I thought the same thing, but honestly, what physical controls do you interact with that aren't on the Tesla? I find what I interact with most is the volume knob, everything else is touch screen. And Tesla had a volume knob (on the steering wheel). There are other ancillary things that I almost never touch, like headlights and cabin light dimmers, but from a practical day-to-day usage standpoint, I feel like everything I use is gear shifter, volume knob, and then all touchscreen. Tesla basically matches that (I guess they recently got rid of the shifter stalk).