TLDR: VPN-newbie wants to learn how to set up and use VPN.
What I have:
Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access – but I don’t know how that works.
- domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
- 80,443 fowarded to Nginx Proxy Manager; everything else closed.
- Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
- Raspberry Pi running Pi-hole as DNS server for LAN clients.
- Synology NAS as network storage.
What I want:
- access services from WAN via Android phone.
- access services from WAN via laptop.
- maybe still keep some things public?
- noob-friendly solution: needs to be easy to “grok” and easy to maintain when services change.
You can self-host Headscale to cut the third party out of the Tailscale equation.
If you’re going to do that you may as well cut out the extra server/service and run regular wireguard.
Not quite, it’s still much more useful because you can connect multiple devices, have users, and relay when some devices can’t see each other, among other features.
You can do all of those things with wireguard as well… I’m not seeing any benefit to running Tailscale/headscale.