@Nate
That’s right.
Taliesin said:
I have my own domain on Cloudflare, using Cloudflare DDNS docker, and I run WireGuard on my MikroTik router.
Mikrotik rocks. I only wish I’d thought about getting a CHR license before purchasing a lot of hardware.
Perfect way to explore advanced networking.
@Remy
At least you have a valid license with MikroTik hardware 
You could use Tailscale with Mullvad exit nodes.
Otherwise, I run Tailscale and some other VPN on Fedora without issue. It can also work on a rooted Android device.
Westin said:
You could use Tailscale with Mullvad exit nodes.
Otherwise, I run Tailscale and some other VPN on Fedora without issue. It can also work on a rooted Android device.
Yeah, that was the only simple-sounding solution I found when researching. I’ll probably go with this since I already have a Proton plan from using their other services.
@Chancey
If you have a VPN, you can create a Tailscale exit node that routes through a VPN in a container with Gluetun. The downside is the server itself can’t connect because it creates a feedback loop. I do this with Proton and Tailscale and it works great.
Edit: You just choose the exit node with the VPN on Android, but for other devices, you do it when you start Tailscale.
@Lennon
I run ProtonVPN on my phone and switch to Tailscale when I need access to servers on my Tailnet. One’s set as an access node, which is behind a ProtonVPN tunnel at the router level with an IP rule. The Tailscale app seems to drain my battery like crazy so I wouldn’t keep it running all the time.
You can actually run Tailscale in a container and set the network_mode to “service:gluetun” to have the exit node connect with a separate ProtonVPN instance if you want to avoid sharing the same VPN server IP as your localhost. You’d just need some firewall setups, but it’s much easier than setting up iptables or dealing with Docker networking or LXC setups!
Westin said:
You could use Tailscale with Mullvad exit nodes.
Otherwise, I run Tailscale and some other VPN on Fedora without issue. It can also work on a rooted Android device.
I’m doing that now. Plus PIA for anything I don’t want running on my home network.
I use pfSense with OpenVPN.
I use public services via Cloudflare proxy.
Only Cloudflare IPs are allowed to connect to my pfSense external IP on those open ports.
OpenVPN server is running on pfSense for remote access with clients on my devices.
Get a cheap VPS and install Tailscale there. A great feature is that you can switch to using a device as an exit node (like turning it into a classic VPN) on the fly.
I have a main server at home and a VPS in another country. My VPS runs Tailscale, Wireguard (for mobile) and Xray (just in case), Headscale, and a few other services.
@Tenny
Do you own a domain or is everything done via VPN?
Wei said:
@Tenny
Do you own a domain or is everything done via VPN?
I have a domain and several public services, both at home and on the VPS. I use Technitium with split horizon to make it function correctly with the VPN.
@Tenny
I’ll check out Technitium.
Well, split horizon is doable on many DNS servers, Technitium just has additional features like doing DNS zone transfers if you run several servers or add SRV and TXT records.
Wireguard on my router.
Zariah said:
Wireguard on my router.
Can you share more details? The USG Pro 4 doesn’t seem to support it natively in the controller I self-host. I’ve tried setting it up from the command line, but I’m new to Unifi hardware and couldn’t get it to work.
Edit: I think I overused ‘natively’.
Zariah said:
Wireguard on my router.
Same here, I have Wireguard on my UDM Pro.
Using Unifi Teleport.
I just use Headscale self-hosted.