Comment on Help with iptables, using nixos setting up a wiregaurd server for friends
just_another_person@lemmy.world 5 days ago
Well you’ve definitely overcomplicated things by introducing a lot of different variables into the mix. What you’ve set up is a hat on a hat. An abstraction on top of another abstraction.
Let me break it down and just ask: are you just trying to ensure your friends can only access certain addresses on your network, and you’re using Tailscale ACLs for that purpose? It sounds like you just want proper routing security at the edge of your network and are going this route to avoid having to do that maybe?
Tailscale has a place and works great for lots of things, but using it like this is going to cause all kinds of problems eventually. You’re basically just advertising a bunch of confused routes to the coordinator like this, and DERP connections will eventually fail or freak out because you’re providing multiple paths to different things if I’m reading this right. You’re also introducing A LOT of network overhead because of this, and I can forsee a lot of connectivity issues in gaming throughput if that’s the main purpose.
Steamymoomilk@sh.itjust.works 5 days ago
ok ill try to explain to the best of my ability and simply it.
i no longer want to use tailscale, because of accounts. i used to use tailscale for the minecraft server i want my friends to be able to acess only 192.168.8.170 on my local network and all other traffic to not be routed through my vpn but my friends to have acess to there internet on there LAN. example, we can play minecraft on the server on my network and we can be in a group call in signal. meaning friend 1 and 2 are using there internet connection locally, and only 192.168.8.170 being routed.
We also had some connectivity issues with tailscale, where friend 1 would be on and friend 2 would lag out of the server randomly. when if we played a game through steam we wouldnt have any connection issues. my friend is also very forgetful and cant log into his tailscale account, which is another reason why i wanna ditch tailscale.
just_another_person@lemmy.world 5 days ago
Okay then if Wireguard, you need to punch through your NAT and allow that port access to the world, then to fix your outing issue, you need to look up split-tunneling. That should solve the issues you’re seeing if I’m reading this right.