What do you guys use / recommend to set up your own VPN to access your LAN services remotely?
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters | More Letters |
---|---|
CF | CloudFlare |
DNS | Domain Name Service/System |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
4 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #6 for this sub, first seen 19th Jul 2023, 10:30] [FAQ] [Full list] [Contact] [Source code]
Wireguard (if you can open udp ports)
That’s what I’m using, though I’ve used wg-easy, which made the setup, well, easy.
People seem to like and recommend Tailscale. I have not gotten to setting it up. My setup involves reverse proxy with treafik and my services in docker. Any suggestions on how what I need to do would be welcome.
This is the exact script I use to install tailscale on my VPN server
Installing Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
Enable IP forwarding
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
Advertise subenets and exit node
tailscale up --advertise-exit-node --advertise-routes=192.168.0.0/24,192.168.2.0/28,192.168.5.0/24,192.168.10.0/24
Thank you for message, i appreciate the effort.
Where I struggle is the part where i need to expose my subnet within Tailscale. I don’t have any machineip:port delegated to the services anymore.
I got a domain name through CF, and have traefik generate unique url links as *service.mydomain.com that routes it to the specific service running in docker on my localmachine. It also takes care of certificates. Calling that service url only works within the local network.
In my docker compose set up, I removed all the ports as I dont access the services via ip:port. I hope this makes sense to you.
So it seems I need to configure Tailscale in such a way I can tunnel to my home network and then make the service.mydomain.com call. And that is where it got too complicated for me right now.
I also fail to understand if I need to run Tailscale native or in (the same) docker env.
You can run tailscale client on the host, not in a container. Then for the domain names, create a DNS record either in the public DNS (or I think you can do it in the internal tailscale DNS) that points a wildcard for your subdomains (*.domain.com) to the IP of the container host within the tailnet. Do “tailscale --status” on any device joined to the tailnet to see the IP addresses inside the tailnet. Then all of the devices will make their DNS request to either your upstream DNS or the internal one, they get the response back that they need to send their http request to the container host within the tailnet, it sends on the default 80 or 443 ports for http and https respectively, and then your reverse proxy handles the rest.
I’ve never had issues with my plain old OpenVPN setup
tailscale 100 times over