I'm considering switching from VPN to Port forwarding for remote access and wanted opinions on convenience vs safety risks. Currently using VPN on a UDM-Pro, but Android 12 doesn't allow L2TP and UDM-Pro doesn't support IKEv2, so I'm at an impasse. I have looked into ZeroTier and Tailscale, but so far haven't been able to replicate the same VPN experience. Setting up a Wireguard or OpenVPN server on windows may be beyond my skill level. Wife would probably prefer ease of port fowarding, just one less button to hit.
Blue Iris is on a static IP Windows machine which is also used for Plex (which has a port forwarded), HomeSeer home automation, and family data backup. The server is on our main LAN as opposed to a vLan so the home automation and data backup is easier to use. The camera IP's are firewalled where they can only communicate to the Blue Iris machine.
If I open up a port for Blue Iris, but in the UDM-Pro block most of the suspect countries in Geo Filtering, would that help mitigate attacks? If for some reason the Windows machine was compromised, would only the Blue Iris software accessible, or could someone access other data on the server (i.e. our data backups, home automation, etc)? Someone seeing the feed of an outside camera is one thing, but having access to data is another.
Blue Iris is on a static IP Windows machine which is also used for Plex (which has a port forwarded), HomeSeer home automation, and family data backup. The server is on our main LAN as opposed to a vLan so the home automation and data backup is easier to use. The camera IP's are firewalled where they can only communicate to the Blue Iris machine.
If I open up a port for Blue Iris, but in the UDM-Pro block most of the suspect countries in Geo Filtering, would that help mitigate attacks? If for some reason the Windows machine was compromised, would only the Blue Iris software accessible, or could someone access other data on the server (i.e. our data backups, home automation, etc)? Someone seeing the feed of an outside camera is one thing, but having access to data is another.