I am thinking of spinning up a VPS to host my coordination server like netbird. I also would be using this to point my domain at the VPS to then shuttle things such as email and other things as I do not want to expose my IPs as the first layer; would rather it be the VPS static IP address and then route from there.
Would I put a PfSense firewall at the VPS as well or is this not needed? Trying to figure out if this is the best way to defend myself. Thanks for the input.
Not sure what threat model you are trying to defend against by hiding your public IP, but with an overlay VPN such as Netbird you can set it up to be the coordination server and should also be able to set it up as an exit node.
I have dynamic and static IPs in the bubble I am dealing with so I figured its easier to connect everything with an overlay VPN + I plan on hosting some services and would rather the VPS be the front end and then route things on the backend (don’t know if that makes sense). If I am using the VPS as my coordination server and exit node, do I have to install a firewall on the VPS as well?
If you want to harden the VPS system then a firewall with rules only allowing ports needed is a good idea.
If you are just routing email traffic through your VPS then it isn’t giving you any security benefits. For services on your LAN, sure, but not public stuff.
Also, why (and how) would you put pfsense on your linux VPS? I get the feeling most people here believe netgate sprinkles fairy dust over their FW. Your VPS almost certainly has basic FW rules by default - and no services listening on public ports except SSH. No fairy dust needed.
Your instinct to segment this from your network is good. You can flip this on it’s head and just run this on a server isolated inside your LAN. Assuming you have a static or sticky dynamic IP. Unless you like spending money support big cloud providers?