Am I exposing too much?

I used to use ddns to access my computers but now my ISP told me ddns won't work any more and I need to buy static IP. I told them to scram and installed openwrt on my router. I installed zerotier on my router and now everything works as expected.

What I'm doing is I send Wake on Lan packet to my router through zerotier network and my router redirects that package to my pc through local network since my computer is off. Is this setup safe enough or I over exposed some things?

As a first point, remove the forwarding from the wan zone to the lan and vpn zones. That is a major security issue.


You mean that ?

If it is I thought reject forward was enough. Should I select Drop?

No. I mean the forwardings that are shown on the left of that image. You need to click 'Edit' (on the right) for the wan zone and remove everything from the Allow forward to destination zones dropdown.


Like this:


Thank you guys. I guess I got it right this time :slight_smile:

If you don't control the other side of the VPN network, then you should remove the forwarding as well to wan and lan.

1 Like

How have you manage to get two LAN to VPN forwards?

It is zerotier so I removed those forwardings too

1 Like

I've no idea how I managed to do that. I tried to remove one of them but failed to do so :smiley:

Probably some manual work need to be done in the config file for the firewall to fix that…