Selfhosted

46671 readers

1434 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

VPN server on router or within home network? (discuss.tchncs.de)

submitted 2 weeks ago by ratzki@discuss.tchncs.de to c/selfhosted@lemmy.world

40 comments fedilink hide all child comments

Hi, looking for some advice to set up a VPN server to get into my home network when traveling.

I have a NAS and an openWRT AP within the network. My router is provided by the ISP and with a built-in VPN. Being a hobbyist in networking, I would like to tab your brains for suggestions and know how:

Should I get my own router to run a wireguard VPN off the router directly, i.e. on the edge of the network, OR run a VPN service off the openWRT AP or the NAS, i.e. from within the home network?

Thanks a lot for your help!

you are viewing a single comment's thread
view the rest of the comments

[–] rtxn@lemmy.world 11 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Tailscale. It does some UDP fuckery to bypass NAT and firewalls (most of the time) so you don't even need to open any ports. You can run it on individual hosts to access them directly, and/or you can set it up on one device to advertise an entire subnet and have the client work like a split tunnel VPN. I don't know about OpenWRT, but both pfSense and OpnSense have built-in Tailscale plugins.

People are freaking out about their plan to go public, but for the moment, it's a reliable, high quality service even on the free tier.

I've also used Ngrok and Twingate to access my LAN from outside, but they simply use relay servers instead of Tailscale's black magic fuckery.

[–] fragrantvegetable@sopuli.xyz 1 points 1 week ago (2 children)

It does some UDP fuckery to bypass NAT and firewalls

I wouldn't be surprised if they use hole punching. It's an old but effective technique which Skype famously used back in its heyday.

[–] girsaysdoom@sh.itjust.works 1 points 1 week ago

It does a few techniques depending on the type of network and security obstacles. They posted an article on it that's interesting.

I'd also check out pangolin or headscale like others recommeded though since you're already looking to self-host.

[–] rtxn@lemmy.world 1 points 1 week ago

It's based on hole punching, but with extras. The clients punch a hole in their respective firewalls then the service connect the holes so the clients end up communicating directly with each other. They have a lengthy blog post about NAT traversal.