Right now, I am using Tailscale to access all my services when I’m outside my home, and I keep it active all the time on my phone and laptop.
With all the big companies messing with privacy rules, I want to try VPNs. But, I found out that running a VPN along with Tailscale is tricky since Tailscale is a VPN too.
So to all you self-hosters using VPNs, what setup do you have?
edit
Thanks for all the great options you shared. I have a lot to look into now.
Blakely said:
I use wg-easy for phones and most devices.
I also have a container set up as an SSH tunnel for backup network traffic (no password or sudo required).
Do you use IPs to access everything, or do you have a domain you work with? I’m trying to find a way to access services behind WireGuard/Tailscale/Zerotier without struggling to remember all the IPs.
@Vale
Get a cheap domain and create DNS records. If you don’t want to self-host DNS, you can use Cloudflare for free. No one should have to memorize IPs.
Breck said: @Vale
Get a cheap domain and create DNS records. If you don’t want to self-host DNS, you can use Cloudflare for free. No one should have to memorize IPs.
What would you direct the DNS to? The WireGuard/Zerotier/Tailscale IP or the local IP of the device you want to reach?
Breck said: @Vale
Get a cheap domain and create DNS records. If you don’t want to self-host DNS, you can use Cloudflare for free. No one should have to memorize IPs.
No one should have to memorize IPs.
To be honest, if you set up your IPs smartly, it shouldn’t be too hard to remember them. The real issue is usually the ports, at least in my experience.
@Reed
To be honest, if you set up your ports well, it shouldn’t be hard to remember them. The real issue is always… No, I disagree. Use DNS. Set up a homepage. Use reverse proxies. It will save you headaches.
@Voss
I use all those methods too, and I’d always suggest them for user-friendliness. Still, you’ll want a memorable IP or a list of IPs handy in case your DNS server or reverse proxy fails.
@Vale
Just so you know, you can use local network IPs for DNS in the domain name, allowing it to point to devices that aren’t reachable online. As long as your client can access the internet and is on the same network as those devices, the DNS will resolve.
For instance, you could make a subdomain point to 192.168.1.103, which leads to your hosted dashboard containing links to your other services. If you use Cloudflare, you will need to turn off proxying for that entry.
@Brynn
I just had to do this the other day, and it’s a very standard feature for setting up WireGuard on your network. You need to enable IPv4 routing. I’m not exactly sure what I did, but if you google WireGuard IP for routing, you’ll find the answers.