TLDR: VPN-newbie wants to learn how to set up and use VPN.

What I have:

Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access – but I don’t know how that works.

  • domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
  • 80,443 fowarded to Nginx Proxy Manager; everything else closed.
  • Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
  • Raspberry Pi running Pi-hole as DNS server for LAN clients.
  • Synology NAS as network storage.

What I want:

  • access services from WAN via Android phone.
  • access services from WAN via laptop.
  • maybe still keep some things public?
  • noob-friendly solution: needs to be easy to “grok” and easy to maintain when services change.
  • @BearOfaTime@lemm.ee
    link
    fedilink
    English
    811 months ago

    If the access is just for you then don’t bother with VPN, just use Tailscale, and install the client on your other devices (they have clients for every OS).

    This creates an encrypted virtual network between your devices. It can even enable access to hardware, like printers (or anything with an IP address and an Admin interface) by enabling Subnet Routing.

    If you do need to provide access to specific resources for other people, you can use the Funnel feature, which provides an entrance into your Tailscale Network for the specified resources, fully encrypted.

    And if you have friends who use Tailscale, using the Serve option, you can invite them to connect to your Tailscale network (again, for specified resources) from their Tailscale network.

    • @PlexSheep@feddit.de
      link
      fedilink
      English
      111 months ago

      I second this. Wireguard, openvpn, various docker containers offering these, I’ve been through with them.

      The regular openvpn or wireguard tools are good if you only need a dumb von, but if you want some kind of special routing or overlay network, tailscale has just been so easy.

      I selfhost it completely too, using a headscale control server.