I know VPN tools such as WireGuard enable a remote Client to connect with another computer over the internet using encryption. I have read this introduction to WireGuard:
https://www.thomas-krenn.com/en/wiki/WireGuard_Basics
I know an attack on the Linux Server in diagram below comes via port knocking at the firewall to scan for open ports. In diagram below DietPi Server is a Debian-based flavor of Raspberry Pi OS behind home router firewall with non-static IP location:
Client Browser (roaming IP) <-- Port 80 --> (roaming IP) DietPi server
Client SFTP App (roaming IP) <-- Port 22 --> (roaming IP) DietPi server
Client VPN App (roaming IP) <-- Port select --> (roaming IP) DietPi Wireguard
I think the router blocks port 80 and 22 by default. In the past I opened port 22 on router, setup free dynamic DNS service, and sent traffic to Ubuntu 8.0 server on my LAN, and then within minutes the hard drive LED starts to show the disk spinning to log brute force attacks.
Does WireGuard obscure or eliminate the visible ports? Does it reduce resources used to secure against and monitor brute force attacks? I imagine so but have not found a reference that makes sense to me as a potential new VPN administrator.
I basically want to know if WireGuard solves any setup problems on the client side, to minimize User support problems, and if it provides better solutions to brute force attacks. I need to restrict User rights on the server side and I guess that means configure Linux user and group permissions or other Linux tools whether or not I am using SFTP or VPN to let users access the server?
I know SFTP needs a client side app like Filezilla or WinSCP or CyberDuck.
I am aware that there are Desktop VPN and Terminal VPN client apps. But I don't know how the User interface works on the Client via Wireguard.
Is the WireGuard client app itself like the other Terminal or Desktop emulators?
