Submitted 4 days ago by Railcar8095@lemm.ee to selfhosted@lemmy.world
First: I’ve tried Tailscale, for some reason it works awful for me so I’m avoiding that option if possible.
I am trying to have a single server that has a VPN port exposed to connect to it, but routes traffic through a comercial VPN (mullvad ideally) to privately share my linux ISOs. So far I haven’t been able to achieve this, it sees I can’t use the VPN server (wg-easy) + VPN (mullvad gui), only the one that start first work.
Has anybody achieve something like this?
I did follow this guide to use WireGuard to connect to my homeserver and use my internal pihole and then connect to the internet with protonVPN.
I’ve done exactly this with wg-easy.
My config here is for v14, you’ll want to pin the image version: github.com/qdm12/gluetun/discussions/1192#discuss…
In the same thread, someone posted a fantastic guide to get it working with v15: blog.bktus.com/en/archives/2918/
V15 was giving me issues because it didn’t allow you to disable ipv6, but apparently the latest edge builds do. I haven’t tried that yet
I’ll try it as soon as I have time!
V15 didn’t work for me, might be the issue you mention, so I’ll stick with 14 for the time being.
Yeah I feel like v15 released a bit too early outside of preview builds. It’s a substantial improvement but doesn’t feel quite ready.
Another option is virtualization.
Separate your sharing server from your remote access server, then have them each connect to a different VPN
This is how I do it.
I have several containers and a couple of VMs running on my one server. My router is also currently virtualized (OpnSense running in a Proxmox VM, works great) and it connects to tailscale and uses subnet routing to allow my LAN devices to be accessed from outside my home without putting them directly on the Internet.
Meanwhile, I have two more VPNs set up for two different sharing servers. All on one physical machine.
I use Zerotier. I have a rpi sharing my Linux isos through a commercial VPN. The RPI has Zerotier as well as my other devices, so I can connect to it from anywhere as if it was on my home network.
just_another_person@lemmy.world 4 days ago
Maybe give Zerotier a shot. Similar premise as Tailscale, but a simplified NAT and routing implementation.
Railcar8095@lemm.ee 4 days ago
Two cases.
One to have my server connect to the internet without exposing my traffic.
The second is to not have to chose between be connected to my server or be connected behind a VPN.
Honestly, if if wasn’t because tailscale is performing badly for the last few months, I wouldn’t have problems using and even paying for it.
HiTekRedNek@lemmy.world 3 days ago
Tailscale can actually use a Mullvad exit point. I don’t know if you knew that …
HiTekRedNek@lemmy.world 3 days ago
TS works better for me than ZT. I started with ZT first, and had random access issues between my android phone, my VPS, and all my local devices.
The local devices could all ping each other’s Zerotier IP addresses, but the vps and phone had issues pinging them, but not each other.
Meanwhile, tailscale is working fine, and I’ve even set up subnet routing so I only need it on my phone, my VPS, and my OpnSense system.
With Zerotier, I couldn’t get routing to work at all.
just_another_person@lemmy.world 3 days ago
Yeah, one or the other works well depending on how your network is deployed. Example: Tailscale gets whacky when dNAT issues are present, but ZT blasts through.
Sounds like OP is having the opposite issue as you.
MasterBlaster@lemmy.world 4 days ago
I had success using openVPN. I set it up, generated certificates, installed it on my phones, tablets, and laptops.
It won’t work when using an external vpn like Express or Mulvad, but while using it, you have secure connection to home. Once done with the home network, turn off the vpn, turn on your commercial vpn.