I have wireguard set up now and its working completely fine now. Thanks for the recommendation!

I added a final edit where it turns out I just mistyped the public key and the rest of the config was completely fine. Oops lol. Thanks for your input on this I really appreciate it. Now final question. Since my server now works on a whitelist basis, it should be reasonably safe to leave the port open indefinitely going forward? If not, is there more I should consider doing to increase security?
Thanks again :)

So I got home and fixed my port-forwarding rule, but I can’t get my phone to connect. That aside, I’m now a bit lost as to how to get access to baikal , or anything else… I can’t seem to find any resources that explain how to do this either. Do you know of anything I can read to try to set that up?

Edit: I sorted out reaching the baikal server from the VPN. Still working on getting my android phone to work with wireguard tho :/

Edit: I apparently can’t read and mistyped a key value. Turns out everything has been working this whole time 🤦

I think I’ve configured it all (using the the link the other person sent). I think I screwed up the port forwarding tho and I’m not home to fix it for now.

Everything looks like it should work but only time will tell lol. Thank you again for your help!

This seems promising for simplicity. I’ll check it out!

So I’m just taking a look at wireguard on android. I just need to point a specific address to wireguard and it takes care of it then? This seems relatively straightforward to configure.

Last question (hopefully). I’m running this server off a pi with bullseye. The guide on their site for setting up a server uses buster but the client uses bullseye. The buster version needs to setup unstable release packages but the bullseye client doesn’t. This should mean that I’m good to just grab the default Debian package on bullseye?

Thank you very much for your help with this!

Are these all roughly equivalent in security? Or is it a case of some of these being a bit less complex to set up but you sacrifice security? I’ll look into these options though. Thank you

So if I understand this correctly, I configure wireguard on the server end and port forward to the IP for the wireguard interface? and then configure devices to send packets through their wireguard interface for specific applications to get synced up? Thanks for your reply :)