I installed OpenWrt on my home router and set up wireguard on it.
If you have dinamic IP address assigned by your ISP, like me, you also have to setup a dynamic dns updater on the router. I use duckdns.org.
Then you have to open the port for wireguard on the router.
Here’s a video guide on how to do it:
https://www.youtube.com/watch?v=Bo2AsW4BMOo
Depends on the use case. Cloudflare tunnels are great for accessing services, but not your network. I have a dockerised vscode instance behind a cloudflare tunnel attached to a personal domain that uses white listed emails as authorisation. Fantastic set up, can access my coding environment from anywhere with an internet connection as long as I can click the verification link in my emails.
To access my network itself though, wireguard is better. I just use pivpn (coupled with pihole for on the go adblock) on a rpi.
Getting the configs to work with my personal devices was already a little finicky but doing that for not-so-technical family members was starting to be a bit too much work for me.
I’m hoping that Headscale will cut that down to pointing their app at the server and having them enter their username and password.
I came here to say exactly this - WireGuard is great and easy to set up, but it gets harder as you add more people, especially less technical ones, as getting them to make keys and move them around etc becomes a headache. Tailscale also minimizes the role of the central server, so if your box goes down the VPN can still function. Tailscale can also do some neat stuff with DNS that’s pretty nifty.
One thing that helped a ton with that for Wireguard (for either you or anyone else reading this) is: You can generate QR codes for a peer’s full Wireguard config! So you can create the images on your computer and then a non-technical user can just scan the code to get configured.
Tbf, a lot of applications and tools provide installation scripts in lieu of more elaborate manual setup. Doesn’t make it safer, but if you want to install something, you have to trust the source with shell access at some point anyway.
Check out Slack Nebula.I personally like it very much and used it to build a software-defined WAN to support my family’s needs. I use a point to point WireGuard tunnel between my VPS and my home network to support self-hosted instances of Mastodon and Lemmy.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
tailscale 100 times over
Wireguard (if you can open udp ports)
That’s what I’m using, though I’ve used wg-easy, which made the setup, well, easy.
Yup, WG easy works pretty well
deleted by creator
I installed OpenWrt on my home router and set up wireguard on it. If you have dinamic IP address assigned by your ISP, like me, you also have to setup a dynamic dns updater on the router. I use duckdns.org. Then you have to open the port for wireguard on the router. Here’s a video guide on how to do it: https://www.youtube.com/watch?v=Bo2AsW4BMOo
Here is an alternative Piped link(s): https://piped.video/watch?v=Bo2AsW4BMOo
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
Tailscale all the way.
I’ve never had issues with my plain old OpenVPN setup
While I’ve never used it personally I’ve heard good things about cloudflare tunnel.
Depends on the use case. Cloudflare tunnels are great for accessing services, but not your network. I have a dockerised vscode instance behind a cloudflare tunnel attached to a personal domain that uses white listed emails as authorisation. Fantastic set up, can access my coding environment from anywhere with an internet connection as long as I can click the verification link in my emails.
To access my network itself though, wireguard is better. I just use pivpn (coupled with pihole for on the go adblock) on a rpi.
Was running Wireguard and am now in the process of changing over to Tailscale (Headscale).
It uses Wireguard for the actual connections but manages all the wireguard configs for you.
Why have you decided to switch?
Getting the configs to work with my personal devices was already a little finicky but doing that for not-so-technical family members was starting to be a bit too much work for me.
I’m hoping that Headscale will cut that down to pointing their app at the server and having them enter their username and password.
I came here to say exactly this - WireGuard is great and easy to set up, but it gets harder as you add more people, especially less technical ones, as getting them to make keys and move them around etc becomes a headache. Tailscale also minimizes the role of the central server, so if your box goes down the VPN can still function. Tailscale can also do some neat stuff with DNS that’s pretty nifty.
One thing that helped a ton with that for Wireguard (for either you or anyone else reading this) is: You can generate QR codes for a peer’s full Wireguard config! So you can create the images on your computer and then a non-technical user can just scan the code to get configured.
I use this one-liner to set up an IPsec VPN server:
Security 101: Never blindly run shell scripts from a random comment on the internet.
A good tip in itself, but you can also look at the source and feel good or bad about it. I didn’t expect so many downvotes
https://github.com/hwdsl2/setup-ipsec-vpn
It’s also piped to
sudoso that’s super cool tooI sure hope there isn’t a
rm -rffloating around in there somewhere… kind of like a certain past incident with major gaming client.I want to know more 😳 do you have something? A link?
In the Steam Linux client, there was this line:
rm -rf "$STEAMROOT/"*.If the variable
$STEAMROOTisn’t defined (or is an empty string), it basically runsrm -rf "/"*, which means delete all subfolders of /.😱😱😱😱😱😱😱😱😱 I don’t know how to express how much this shocked me
Tbf, a lot of applications and tools provide installation scripts in lieu of more elaborate manual setup. Doesn’t make it safer, but if you want to install something, you have to trust the source with shell access at some point anyway.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
4 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.
[Thread #6 for this sub, first seen 19th Jul 2023, 10:30] [FAQ] [Full list] [Contact] [Source code]
Good bot.
great bot
THE BEST bot
MVP bot
https://github.com/kylemanna/docker-openvpn
I use this too. It is excellent
Check out Slack Nebula.I personally like it very much and used it to build a software-defined WAN to support my family’s needs. I use a point to point WireGuard tunnel between my VPS and my home network to support self-hosted instances of Mastodon and Lemmy.
@Coldus12 I got wireguard hosted on my openwrt router. Straightforward and no fuss.
Not many people here use openmediavault it seems, but Its wireguard plugin is super nice.
i have pivpn (wireguard+pihole) running on a pi zero and it is rock solid
My MikroTik has built in WireGuard functionality so it was an easy pick 😁