this post was submitted on 06 Jul 2023
98 points (94.5% liked)

Selfhosted

40394 readers
393 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

tailscale.com

I have been using Tailscale VPN with my servers for about 6 months now and I would recommend it to anyone.

I'm running it on both of my Proxmox machines, my laptop, a raspberry pi, and my Android phone. It makes it super easy and secure to access my local services while away from my house.

Very simple set up, minimal initial configuration, and versatile.

There are apps for Linux, Windows, Mac, Android, and iOS.

Is anyone else currently using Tailscale? I'd like to hear what you all think.

you are viewing a single comment's thread
view the rest of the comments
[–] einsteinx2@programming.dev 0 points 1 year ago (2 children)

I still don’t fully understand the benefit over plain WireGuard for a home lab use case…

I set up wg-easy (WireGuard socket container with built in web interface to easily generate certs for clients) in about 5 minutes on an odroid (like a raspberry pi). Opened a single port on my router. Generated certs for my phone and laptop using the web interface in about 30 seconds. Changed one line in my client configs to only route network on my home’s IP range over the VPN so I can connect without disrupting my internet connection. Then I just activate the VPN and I can access all of my home services. (writing all that out kind of makes it sound complicated but literally this was done in like 10 minutes total and never had to touch it again except to log into the web admin to make certs for new clients occasionally)

Since Tailscale is a mesh VPN like Nebula, wouldn’t I need to install and set it up on all of my servers and VMs instead of just one to access everything? And then every new VM I make I would have to manually set that up too? Wouldn’t that be harder to setup over all than a single wg-easy container?

I feel like maybe I don’t fully understand how Tailscale works because it never seemed more convenient or better than vanilla WireGuard and it just uses WG protocol under the hood anyway but with the added dependency of a 3rd party service I have to trust and that can go down disabling my access to my home network…

[–] jmshrv 4 points 1 year ago (1 children)

For Tailscale you just have to install it, start the service, and log in. If you want to install it on just one server and have it act as a gateway to the rest of your network, you can use subnet routers.

[–] einsteinx2@programming.dev 3 points 1 year ago

Interesting… I also saw some people post about the self hostable open source version Headscale, so I’m going to play around with it. Tailscale gets recommended so often there must be something to it, I was just always put off by having to rely on a company to access my personal stuff which is sort of the whole reason I self host in the first place… but if I can self host the Tailscale coordinator that changes things.

I’ve been happy with vanilla WireGuard for my use case but it’s always nice to learn about other options.

[–] einsteinx2@programming.dev 0 points 1 year ago

I don’t think I can edit comments, but I meant to say we-easy is a WireGuard docker container, not a “socket” container lol