Tailscale is wireguard with automatic configuration. OPs problem will remain: it needs an app
Comment on Using Fail2ban to protect exposed services
redlemace@lemmy.world 3 weeks ago
Exposing services to the internet is a whole other game. Try wireguard first, i never had issues and use it mostly from my tablet.
WhyJiffie@sh.itjust.works 2 weeks ago
30p87@feddit.org 3 weeks ago
My primary scare is wg being another potential single point of software failure, preventing remote access
TBi@lemmy.world 3 weeks ago
You can run it on two servers at once. I have WireGuard running on my router (which can’t give full speed) and my server (which can run at full speed). Also running on another machine for fun.
paequ2@lemmy.today 3 weeks ago
I am kinda interested in WireGuard, but how does it work with multiple non-PC devices on different home networks? Tailscale runs seamlessly on my Arch laptop, but Android, TVs, and streaming sticks have hiccups from time to time.
I have services that I want to share with my non-techie family. If a service stops working, they suck at debugging and fixing the issue on their own.
Creat@discuss.tchncs.de 3 weeks ago
Tailscale is WireGuard under the hood, if you didn’t know. It’s an overlay network that uses WireGuard to make the actual connections, and has some very clever “stuff” to get the clients actually to connect, even if behind firewalls without needing port forwarding.
Using WireGuard directly basically just changes the app you use, which may or may not help with your issues. But the connecting technology is the exact same.
null_dot@lemmy.dbzer0.com 3 weeks ago
I’ve never used tailscale but use wireguard extensively.
There’s not much of a learning curve for you as the administrator. You have to discard some misconceptions you might bring from other VPNs but really after 30 minutes of looking at configs you’ll get it.
I use wireguard for my small team of 5 people to access self hosted services. You install wireguard, load the config, and then it just works.
The trick, if it can be called that, is using public dns for private services.
On your server, suppose you have service-a service-b and service-c in containers with ip addresses in the 10.0.2.0/24 range. Then you’d have a reverse proxy like traefik at 10.0.2.1. You’d also create a wireguard container with an IP in that same 10.0.2.0/24 range, and configure it’s wireguard adapter to be 10.0.12.1 or soomething so you have “2” for the containers and “12” for the wireguard clients.
Then in wireguard configurations you direct all traffic for 10.0.2.0/24 through the tunnel but everything else just uses their devices normal internet connection.
Finally create a public dns record pointing to the reverse proxy like *.mydomain.com > 10.0.12.1
now whatever.mydomain.com will resolve to your reverse proxy but is still only available to devices connected to the wireguard container on your server.
watson387@sopuli.xyz 3 weeks ago
DuckDNS is great for this. Been using it for years.
Fedegenerate@lemmynsfw.com 3 weeks ago
I use tailscale for my non-tech family.
I run a rPi with tailscale, pihole and nginx on it in their house. They connect to the their WiFi, get adblocking for free. They go to “homarr.sever” pihole captures this sends it to nginx and gets reverse proxies to a homarr LXC on my server. From their they can click links to the services which are at on “service/.######.xyz”. Again pihole captures the request, sends it to nginx which reverse proxies it over tailscale to the appropriate LXC.
CocaineShrimp@sh.itjust.works 3 weeks ago
Bookmarked this to try this setup next weekend!
Fedegenerate@lemmynsfw.com 3 weeks ago
Honestly, I wouldn’t.
I only run it this way because a VPS had 0 WAF, and I’m terrified of opening ports. VPS is the well trodden ground, there’s tonnes of guides. Mines a hack job borne of necessity, it works though, and I am proud of what I cobbled together.
It was my first time solving my own problems. I had my meager skill set, a basic idea of what I wanted, some vague notion of how I was going to achieve it, and a thick forehead to smash against the problem till it gave way for me.