I have some devices on my local network that are wired-only, or have unreliable Wi-Fi. Instead of running ethernet to the room that contains these devices, I opted to create a wireless bridge using a MikroTik hAP AC2 wireless router I had lying around. When configured as a wireless bridge, the MikroTik router will connect a wired network to a wireless network.
Additionally, as this works as a bridge, there is no sort of NAT (network address translation) running, so it will appear on the same network as the rest of your devices.
For a very long time, I have been using SSH tunneling to access my selfhosted services. This works great, but exposes your server to a multitude of threats. I had to implement additional defenses, such as the Fail2Ban daemon to automatically ban IPs after multiple failed login attempts.
I decided that a better option would be to simply implement a VPN. I ended up choosing WireGuard as it’s built into the kernel, and offers great throughput if I needed to transfer files over the VPN.
This guide will show you how to create a minimalistic adblocking DNS server. This is a great alternative to Pi-Hole, which requires being run on a Raspberry Pi or in a Docker container.