> It's far quicker and easier to hit a toggle in JuiceSSH
termux via F-droid is far better now than JuiceSSH Pro. Termux:Widget let's you launch an SSH tunnel script with one click. I stopped using JuiceSSH Pro more than a year ago once I realized this.
> Unfortunately I refuse to participate in the Facebook ecosystem so I can’t comment on if Facebook Groups is a suitable replacement
I really resent having FB pushed on me. I don't have an account and don't plan to, even if it's to be a member of one FB group. My HOA tried that and I pushed back hard. There are many other options over FB. We just use email.
In the past few years whenever I re-watch 2001 when Dave is shutting down HAL, I see a spaceship capable data center. And HAL sings "Daisy.." finally at the foundational, bare metal layer.
If you are already running a VPS, the SSH -J option is useful if you don't want to expose your SSH to your home public address.
You create an SSH reverse tunnel (-R option) from a server in your home network to your remote VPS. This gives you a localhost port on your VPS to your server SSH port. Something like:
ssh -NT -R 2222:localhost:22 vpsuser@yourvps.com
From your laptop, use your your VPS address and localhost port in the -J option. Something like:
This is my experience as well. I have a couple PINE64 devices, a Rock64 (Rockchip RK3328) and a RockPro64 (RK3399). And an N150 device.
Both ARM64 devices run headless, make use of GPIO, and have more than enough CPU. In fact, these are stable enough that I run BSDs on them and don't bother with Linux.
The Rock64 runs FreeBSD for SDR applications (e.g. ADS-B receiver). FreeBSD has stable USB support for RTL-SDR devices.
The RockPro64 runs NetBSD with ZFS with a PCIe SSD. NetBSD can handle ARM big.LITTLE well. I run several home lab workloads on this. Fun device.
I also have an N150 device running the latest Debian 13 as my main home lab server for home automation, Docker, MQTT broker, etc.
In short: SBCs are cheap enough that you can choose more than one, each for the right task, including IoT.
OpenBSD makes it easy to try IPv6 tunnelbroker.net with NAT64/DNS64 if your ISP only has IPv4 ("one more lab test away.." they say).
This has worked for me well for a couple years. I do use a VLAN to keep the IPv6-only network separate (homelab) from video streamers in the household.
In my pf.conf:
# IPv6 tunnel
block in log on $tun6_if all
block in quick on $tun6_if inet6 from fd00::/8 to any
antispoof quick for $tun6_if
# allowed icmp6
pass in quick log on $tun6_if inet6 proto icmp6 icmp6-type {
unreach, toobig, timex, paramprob, echoreq
}
# MSS clamping 60 bytes less than HE 1480
# 20 byte IPv4 tcp header + 40 byte IPv6 ip header
match on $tun6_if all scrub (random-id max-mss 1420)
reply