2024-06-07, 03:50 PM
1. They do the same thing in different ways. Most people here that use VPNs for remote access prefer Tailscale.
2. Tailscale does NOT require you to open any ports on your router. PiVPN does.
3. If you use Tailscale you do NOT need to use a dynamic DNS. With PiVPN you do. OpenVPN (the underlying VPN application of PiVPN) does not make it easy to change the VPN address on the client side of things if your IP were to change. Having a DDNS address addresses that issue.
4. Since this only applies to PiVPN, OpenVPN can be configured to use either a username and password for access OR a pre-shared key (you should do pre-shared keys). With pre-shared keys, a person that stumbles on your VPN will have a much harder time gaining access. But, it is not better than tunneling to your, I'm assuming, VPS with Wireguard.
5. There are people scanning the Internet all. The. Time. You should be less concerned about people finding your server and more about whether they can get in. Because, I guarantee you, someone is port scanning your IP right now. Keep in mind these are usually low effort script kiddies looking for Windows XP machines. We are not worth the effort of hacking by actual skilled hackers. As long as you keep your OS and apps up-to-date no one is getting in.
6. There are a couple ways. If you're using docker, you can specify that your media directories are read only. Thats a concrete way of limiting write access to your media. In Jellyfin, Dashboard > Users, there is a setting per use whether they can delete media or not. If you aren't using docker, you can change the permissions on your media files so that the jellyfin user only has read permissions.
2. Tailscale does NOT require you to open any ports on your router. PiVPN does.
3. If you use Tailscale you do NOT need to use a dynamic DNS. With PiVPN you do. OpenVPN (the underlying VPN application of PiVPN) does not make it easy to change the VPN address on the client side of things if your IP were to change. Having a DDNS address addresses that issue.
4. Since this only applies to PiVPN, OpenVPN can be configured to use either a username and password for access OR a pre-shared key (you should do pre-shared keys). With pre-shared keys, a person that stumbles on your VPN will have a much harder time gaining access. But, it is not better than tunneling to your, I'm assuming, VPS with Wireguard.
5. There are people scanning the Internet all. The. Time. You should be less concerned about people finding your server and more about whether they can get in. Because, I guarantee you, someone is port scanning your IP right now. Keep in mind these are usually low effort script kiddies looking for Windows XP machines. We are not worth the effort of hacking by actual skilled hackers. As long as you keep your OS and apps up-to-date no one is getting in.
6. There are a couple ways. If you're using docker, you can specify that your media directories are read only. Thats a concrete way of limiting write access to your media. In Jellyfin, Dashboard > Users, there is a setting per use whether they can delete media or not. If you aren't using docker, you can change the permissions on your media files so that the jellyfin user only has read permissions.
Jellyfin 10.10.7 (Docker)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1
![[Image: GitHub%20Sponsors-grey?logo=github]](https://img.shields.io/badge/GitHub%20Sponsors-grey?logo=github)
Ubuntu 24.04.2 LTS w/HWE
Intel i3 12100
Intel Arc A380
OS drive - SK Hynix P41 1TB
Storage
4x WD Red Pro 6TB CMR in RAIDZ1