Nobody needs ocsp or clr in their homelab. And if they’re a trained netsec professional they know that its far better with short-lived certs than any revocation model. Both zerossl and letsencrypt are easy to use - and works flawlessly with something like caddy on a wildcard domain, or an acme proxy. Openssl is easy, and you can clr with that or even use their ocsp for homelab.

Yeah - i mistook it for user keys, not host. Im guessing they used piv/smart-card and not fido, as fido is indeed made with interactive use in mind

Nah - storing cryptographic key pairs is a supported and valid use-case for fido2

Been using this for a while - yubico has a nice guide. Dunno why you struggled to find good info as i can just google «fifo2 ssh» and use the top link

Nevermind - i see OP is trying to reinvent a broken wheel. Ignore my comments on this post

Ive used Secure ShellFish and Remoter Pro for a few years. Both have served me well

But get an external keyboard no matter what client you use. Using on-screen keyboard is pain.

It just lists active tcp connections and their stats including latency. But as someone said most games need in-server support for timing as they use udp

Well - as udp is is stateless theres really no way to measure outside of special handling in the server code.

deleted by creator

Di you know that on windows, the resource monitor will show latency for all tcp connections?

Nah - its not crap, its much better than signal for my low tech friends. You are confusing your ideology with usability.

What caddy does are automatic certs. You set up your web-portal and make a wildcard subdoman that points to your portal. Then you just enter two lines in the config and your new app is up. Lets say you want to put your hone assistant there. You could add hass.portal.domain.tld {reverse_proxy internal.ip:8123 } and it works. Possible with other setups too, but its no hassle

There is also headscale if you want self-hosted, but its not plug and play like tailscale/zerotier and similar mesh-vpn solutions

Then an exit node is what you want. You can set up with vpn like wireguard using port forward on your side. The raspberry would connect using static ip or dynamic dns.

You can get tailscale basic tier for free, and that will provide an easy to use solution

To me it seems like he wants to be able to «bring along» his homenet services without exposing them on the internet.

Tip for OP is to explain wanted outcome, not process to get there. Its hard to do, but gives better results

A service like tailscale will solve the connection to your home net automagically. You are however stuck without routing from friend-net so you cant access homenet devices directly

You can solve this by setting up a reverse proxy like caddy on your raspi, and access home-net web-apps and services through that. Like [assigned-friendnet-ipaddress]:8444 or similar. The reverse proxy would forward this to homenet devices through the tailscale vpn

That’s the main difference between lemmy and early reddit. Reddit had good info from knowledgeable people, and moderation. Here it seems most are 8 years old with 0 knowledge talking shite. Voting to “prove their point”. Like downvoting your reply.