Comment on Security of running Headscale on a VPS
BCsven@lemmy.ca 3 weeks ago
I can’t offer technical network advice on vps headscale; Personally I’m not confident in my network skills. I would be more inclined to go through the pain of manually setting up wireguard instead of having a tailscale or headscale service-- and skipping the middleman so to speak
McMonster@programming.dev 3 weeks ago
Thanks. Plain Wireguard is an option I’m considering, but it’s also considerably more hassle to configure and maintain, especially as I connect more family members to my network. Headscale also has an extra layer of security in the form of ACLs, which I plan to use on top of basic firewall configuration. I do connect my personal machines with Wireguard, but I use one family member as a Tailscale/Headscale test subject.
As for SELinux, I’ve gave up on it already. It caused me so much headache over the years I disable it with a kernel parameter by default on all machines.
BCsven@lemmy.ca 3 weeks ago
Yeah it definitely is a pain for adding multiple machines.