Right now I use Tailscale to reach all my services when I’m outside my house and I pretty much keep it running all the time on my phone and laptop.
But with big companies invading our privacy and the FCC taking another turn, I’m finally thinking of trying out VPNs. The problem I’ve run into is that running a VPN with Tailscale can be tricky since Tailscale works as a VPN in its own right.
So for you self hosters using VPNs, what’s your setup?
edit
Wow, you all shared some awesome options, thanks for the replies. I have a lot to check out now.
Keegan said:
I have wg-easy set up for phones and most devices.
I also have a container ready to work as an SSH tunnel for network traffic if needed. (No password or sudo required)
Do you access everything through IPs or do you have a domain name you use? I’m trying to find out how to access services behind Wireguard/Tailscale/Zerotier without having to remember all those IPs .
@Alexis
Just get a cheap domain and set up DNS records. Cloudflare will do it for free if you don’t want to self host the DNS. No one should have to remember IPs.
Hunter said: @Alexis
Just get a cheap domain and set up DNS records. Cloudflare will do it for free if you don’t want to self host the DNS. No one should have to remember IPs.
What do you point the DNS to? The Wireguard/Zerotier/Tailscale IP or the local IP of the device you’re connecting to?
Hunter said: @Alexis
Just get a cheap domain and set up DNS records. Cloudflare will do it for free if you don’t want to self host the DNS. No one should have to remember IPs.
Nobody should have to remember IPs.
Honestly if you set up your IPs smartly, it’s not too hard to remember them. The bigger issue is usually ports for me.
@Alexis
You can use local network IPs for DNS in a domain name and have it point to devices not accessible on the internet. The DNS will work as long as your client is online and connected to the same local network.
So you can set a subdomain to lead to something like 192.168.1.103 and access your hosted dashboard with links to other services. If you’re using Cloudflare, remember to turn off proxying for that entry.
@Tarian
I had to set this up recently; it’s a standard part of getting WireGuard running on your network. You need to enable IPv4 routing. Not sure what exactly I did, but Googling WireGuard IP for routing will get you the info you need.
@Drew
Not the OP, but I think they have a domain name that has a DNS A record pointing to their home IP (no proxy). Their WireGuard client connects to that. The DDNS updates the A record if the home IP changes.