Does this guide cover what you need?
I have my own domain registered at Cloudflare and use Cloudflare DDNS in Docker along with WireGuard on my MikroTik router.
Pippin said:
I have my own domain registered at Cloudflare and use Cloudflare DDNS in Docker along with WireGuard on my MikroTik router.
You use WireGuard with Cloudflare DDNS? Is that behind a proxy?
@Blai
Not the person who posted this, but I think they just have a domain name with a DNS A record pointing to their home IP (no proxy). Their WireGuard client resolves and connects to it. The DDNS updates that A record if the home IP changes.
@Laine
Exactly.
Pippin said:
I have my own domain registered at Cloudflare and use Cloudflare DDNS in Docker along with WireGuard on my MikroTik router.
MikroTik is the best. But I wish I had thought to get a CHR license before buying a lot of hardware.
This is a great way to explore more advanced networking.
You can pair Tailscale with Mullvad exit nodes.
Other than that, I run both Tailscale and another VPN without issues on Fedora. This setup should work on a rooted Android device, too.
Brook said:
You can pair Tailscale with Mullvad exit nodes.
Other than that, I run both Tailscale and another VPN without issues on Fedora. This setup should work on a rooted Android device, too.
That was one simple option I found while researching. I will probably go with it. I already have a paid Proton plan because I use their other services.
@Dax
If you have a VPN, you can create a Tailscale exit node that routes through a VPN in a container using Gluetun. The only limitation is that the server itself cannot connect because it forms a feedback loop. I set this up with my Proton and Tailscale, and it works smoothly.
Edit: For Android, just choose the exit node with the VPN. On other devices, set it up with tailscale up.
@Valen
I run ProtonVPN on my phone and switch to Tailscale when I want access to servers on my Tailnet. I have one acting as an access node behind a ProtonVPN tunnel set on the router level with an IP rule. The Tailscale app drains the battery, or I’d keep it on all the time.
I think you can run Tailscale as a container and set network_mode to “service:gluetun” to keep the exit node separate from a dedicated ProtonVPN instance if you want to avoid using the same VPN server IP as your local host. Setting up firewalls is easier than tweaking iptables for Docker networking or LXCs.
Brook said:
You can pair Tailscale with Mullvad exit nodes.
Other than that, I run both Tailscale and another VPN without issues on Fedora. This setup should work on a rooted Android device, too.
This is my current method. I use PIA for tasks I don’t want running in my local network.
I use my pfSense router with OpenVPN.
I expose public services through Cloudflare proxy.
Only Cloudflare IPs are approved to connect to my pfSense external IP on those ports.
I run an OpenVPN server on pfSense for remote access with clients on my devices.
Set up a cheap VPS and install Tailscale there. A great feature is the ability to use a device as an exit node on the fly.
I have my main server at home and a VPS in a different country. The VPS runs Tailscale, WireGuard (for mobile), and Xray (as a backup), Headscale, and several other services.
@Bex
Do you own a domain, or is everything dependent on VPN?
Campbell said:
@Bex
Do you own a domain, or is everything dependent on VPN?
Yes, I own a domain. I have several public services configured at home and on the VPS. I use Technitium with split horizon for it to work with the VPN.
@Bex
I’ll check more about Technitium.
Campbell said:
@Bex
I’ll check more about Technitium.
Split horizon can be set up on most DNS servers; Technitium has extra features like DNS zone transfer if you have multiple servers or need SRV and TXT records.
I use WireGuard on Unifi router.
Zaden said:
I use WireGuard on Unifi router.
Can you share more detailed info? My USG Pro 4 doesn’t seem to support WireGuard directly in the controller I’m running. I’ve been trying to configure it through the command line but it’s pretty new to me.