Hi!
I often read suggestions to use something like Tailscale to create a tunnel between a home server and a VPS because it is allegedly safer than opening a port for WireGuard (WG) or Nginx on my router and connecting to my home network that way.
However, if my VPS is compromised, wouldn’t the attacker still be able to access my local network? How does using an extra layer (the VPS) make it safer?
Is it for security? I think is mostly recommended because your home router is likely to have a dynamic address.
This is in regards to opening a port for WG vs a tunnel to a VPS. Of course directly exposing nginx on your router is bad.