Comment

Comment on Using Tailscale As A Traditional VPN

just_another_person@lemmy.world ⁨1⁩ ⁨week⁩ ago

Visibility how? You don’t need to open any ingress ports on the VPS instance unless you plan on reverse proxying something back to your client node. Your client visibility will be to any endpoint you connect to, and any DERP servers you get proxied through from Tailscale.

source

Sort:hotnew top

F04118F@feddit.nl ⁨1⁩ ⁨week⁩ ago
The way I understand it, there’s 2 use cases for a VPN, with different concerns and providers:

having access to your private home network from anywhere, through an encrypted tunnel (Tailscale, Wireguard on the router, etc)

having your outgoing traffic to the internet go through an anonymized exit node so that your ISP can not watch or sell what you are doing (ProtonVPN, Mullvad VPN, etc)

Is Tailscale fit for the second? I thought not, as the exit node is not an anonymized VPN server but one of your own machines.
source
- effward@lemmy.world ⁨1⁩ ⁨week⁩ ago
  If you create little solar-powered micro computers and toss them onto the roof of a bunch of random businesses with public Wi-Fi, then run them as exit nodes then you could bounce your connection around through a random set.
  
  I didn’t come up with this, I think it was a plot point in some novel I read.
  
  source
  - F04118F@feddit.nl ⁨1⁩ ⁨week⁩ ago
    That’s crazy and genius!
    
    “I don’t do cloud computing, I do solar computing”
    
    source
- just_another_person@lemmy.world ⁨1⁩ ⁨week⁩ ago
  Yes, OP understand that, which is why he is asking about security to the exit node on a Tailnet.
  
  source
irmadlad@lemmy.world ⁨1⁩ ⁨week⁩ ago
I’m sorry…I’m just asking all the stupid questions up front.

source
- just_another_person@lemmy.world ⁨1⁩ ⁨week⁩ ago
  They’re good questions. I wasn’t being rhetorical 🤣
  
  It’s hard to know exactly where your concern about visibility lies, hence my question 😉
  
  source
  - irmadlad@lemmy.world ⁨1⁩ ⁨week⁩ ago
    Nah, it’s good. I do have a knack for asking silly, basic questions. I certainly don’t have the networking prowess and certifications that some of the group here has, and I just want to be cautious, perhaps overly cautious when implementing what I have proposed. I know what an overlay vpn does, and I know what a traditional vpn like say, PIA, does. I just want to proceed with caution because the end use has serious implications if improperly deployed. At the very least I want to make myself confidant that I have covered all bases.
    
    source
    just_another_person@lemmy.world ⁨1⁩ ⁨week⁩ ago
    Well if it demystifies Tailscale a bit, just think of it like a traditional VPN with specific controls over the traffic flow. It’s e2e encrypted between every node, and you control the exit node. You’re use-case would work just like OpenVON, for example, where your client traffic exits where you decide (your VPS).
    
    If you really want a deeper understanding, have a looke at Headscale and maybe set it up on your VPS. You use your same Tailscale client, and just register it with the Headscale instance on your VPS. Just setting it up will give you a tutorial on how Tailscale works in general. You can ping me with questions, or the Discord is really active and responsive.
    
    source