When I cruise around the net I sometimes use Mullvad as an ass-guard.
When I connect to my own server I have SSH, and if I ever need to access a local port I use port redirect over the SSH tunnel.
As a backup of a backup, if I am at a site that blocks access to remotes on port 22, I have sslh running on port 443 in front of my nginx, intercepting TLS for nginx, SSH and openVPN (running in docker) all on the one port, so I have options…
Started with exposed domains with NPM, SSL certificates, etc. Tried out CloudFlare tunnels and wasn’t satisfied, so I landed on Tailscale. Dead simple to set up and use. Fast, secure, what more to ask for?
For starters the CF tunnel means your service is publicly accessible and Tailscale or Wireguard it won’t be.
I have been experimenting with Tailscale and it’s just not fast enough for our needs. It’s insanely simple to setup and get guys going on it, but in the end we couldn’t get more than ~20mbit or so, if even that. Looking forward to giving Netmaker a shot (Still a Wireguard Kernel as Tailscale), but we need to be able to switch allowed access between different groups of external users throughout the day. Ideally in a way that only requires a click or two, or can be somehow automated into a click or two.
I use Wireguard and Tailscale. Some networks block Wireguard connections. Tailscale always works.
Some networks block Wireguard connections.
Dollars to doughnuts they’re blocking the default Wireguard port. Change your wireguard port to something like 8080 or 8443 and you’ll almost certainly make it through
I wanna host everything myself, but also love tailscale, so I’m using tailscale with headscale… It’s so convenient to not open up ports, especially since I don’t have a static IP
I use WireGuard. It is sufficient for me, because I have no need to make my services publicly visible.
How do you access those services from a public network? Say, you want to access something while working from your office or a friend’s computer.
How do you access those services from a public network?
With Wireguard?
Sure, but what if that computer doesn’t have wireguard installed. I don’t see any other way except exposing the service to the public.
I use Tailscale, and you can set up a subnet router for that particular use case.
I’ve used IPSec to connect to my home (and office when I had my own company) networks. It has never failed me and the client is built right into my iphone and mac.
I use cloudflare with overseerr
I use both. Cloudflare is for public facing services. Like overseerr and wizarr.
Tailscale is how I access my private services and dashboards.
I use all three.
-
CF tunnels to access generic apps I want public.
-
Tailscale to have remote access to my home network.
-
Wireguard tunnel going to a VPS for apps that I don’t feel comfortable running through CF due to the bandwidth (Jellyfin, AzuraCast).
I totally could move everything that’s on CF tunnels over to Wireguard, but I see no need to do it. Cloudflare is trustworthy enough and I like the additional protection it offers.
CF tunnels to access generic apps I want public.
I totally could move everything that’s on CF tunnels over to Wireguard, but I see no need to do it
How would you keep the public apps public if you require a wireguard connection to access them?
-
wireguard because no one else needs to know what services i run in my local network
For work, Tailscale between vps and server. It works like cloudflare tunnels but doesn’t have the issues with the TOS excluding media streaming etc.
Keeps the internal server relatively safe and we can stream media/serve media content.
Cloudflare is our registrar and dns provider.
Yes.
I use all three for different purposes.
It all depends on what my requirements for self hosting some are.
To access my stuff at home and elsewhere from anywhere I use Twingate. I don’t expose anything from my home via Cloudflare. I do use cloudflare WAFs for stuff on my VPSs.