Hello nerds!
How do you go about accessing your self-hosted resources when you’re away from home?
I’ve used portforwarding, VPN, Tailscale and Headscale in that order but recently switched to Nebula.
Tailscale/Headscale was probably better than Nebula, but I just couldn’t stand trusting either Tailscale or the VPS used to host Headscale.
With Nebula I don’t need to trust the lighthouses, because they can’t access my network even if compromised. I also really like the built-in firewall that’s looking at node certs when filtering traffic.
Good old WireGuard. Takes 20 seconds to add a new peer if I want to invite someone new. Don’t really get the point of using proprietary solutions like ZeroTier or Tailscale for this.
Choose either or with or many upto you.
Tailscale, Wireguard server, zerotier, Cloudflare Tunnels
My primary are Tailscale for LAN only applications on cloud and home. Cloudflare tunnels for access over internet for some applications.
Mainly i stick with Tailcsale but for few applications to share with friends and family whom i don’t want to have the access of the whole Tailscale network so CF tunnel with Zero Trust authentication on all applications with OCID hosted at home (Authentik)
Currently working on deploying Headscale (Self hosted Tailscale) to have complete control over my network rather than relying on Tailscale Control node.
I have wiregard server on my unraid server and I have a backup on a raspberry pi
Wireguard to my pFsense VM. Drop the gun, walk away.
My router came with a wireguard gateway. As I have a dynamic IP I set wireguard up with a ddns domain pointing to my IP.
I use port forwarding with Nginx and Crowdsec for the services I want widely exposed, and Wireguard for those I want accessed only by myself.
If you don’t trust Tailscale OR THE VPS YOU ARE ROOT ON YOURSELF, you should maybe not host anything.
Also: you probably haven’t understood how Tailscale works: it only mediates the connection but the provider servers are not in between two participants in your network (except relay). Those are direct connections.