TLDR: VPN-newbie wants to learn how to set up and use VPN.

What I have:

Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access – but I don’t know how that works.

  • domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
  • 80,443 fowarded to Nginx Proxy Manager; everything else closed.
  • Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
  • Raspberry Pi running Pi-hole as DNS server for LAN clients.
  • Synology NAS as network storage.

What I want:

  • access services from WAN via Android phone.
  • access services from WAN via laptop.
  • maybe still keep some things public?
  • noob-friendly solution: needs to be easy to “grok” and easy to maintain when services change.
  • stown
    link
    fedilink
    English
    1
    edit-2
    11 months ago

    Recently commented on a different post about setting up a VPN. Check out firezone

    I don’t recommend using Tailscale or anything that relies on a third party.

    • Avid Amoeba
      link
      fedilink
      English
      111 months ago

      You can self-host Headscale to cut the third party out of the Tailscale equation.

      • stown
        link
        fedilink
        English
        111 months ago

        If you’re going to do that you may as well cut out the extra server/service and run regular wireguard.

        • Avid Amoeba
          link
          fedilink
          English
          111 months ago

          Not quite, it’s still much more useful because you can connect multiple devices, have users, and relay when some devices can’t see each other, among other features.

          • stown
            link
            fedilink
            English
            111 months ago

            You can do all of those things with wireguard as well… I’m not seeing any benefit to running Tailscale/headscale.