![](https://midwest.social/pictrs/image/00ee272c-7b85-45e7-9611-c24607c92ca5.jpeg)
![](https://programming.dev/pictrs/image/028151d2-3692-416d-a8eb-9d3d4cc18b41.png)
I set up a wireguard VPN network between my computers and servers, and then firewalled off all services except Wireguard, and a few services on one server. That one server is my weak point, but even it has sshd firewalled off except through the Wireguard subnet.
It’s stupidly easy to set up WG subnetworks. I’m not a networking guy, and it was trivial for me to do. If u can run an ssh server, you can set up a Wireguard subnet: just do it.
Wireguard really changed the landscape, for me, and my entire approach to networking. Suddenly, VPNs became fast and easy, and where previously impractical for casual (hobbyist) admins, it made creating enterprise-grade secure subnets easy. It’s astonishingly stable and reliable, such that my initial concerns about cutting off all access except through the VPN - once a truly nerve-wracking concept - is now a no-brainer. It’s made my network administration easier and more secure. My firewalls are simpler.
Wireguard is one of the biggest high-impact, low-visibility networking game changers I’ve seen in decades.