On Mon, Apr 20, 2026 at 08:55:38AM +0200, Matthias Petermann wrote: > What I’m currently considering is to move the trust boundary away from the > LAN itself and instead enforce it via a WireGuard overlay. Concretely, all > clients (even those on the local network) would access the NFS server > exclusively through WireGuard.
I've thought about that too; making a kind of more secure version of a vlan(4) though i haven't used either of them. I guess its time for NFSv4? I haven't dug deep into it but i am not that sure what would need to be done. My main annoyance with NFSv3 is the ID numbers but also the fact that all is plain-text over the wire. With regards, Reinoud
