top | item 22176993

(no title)

tcas | 6 years ago

Do you set up nginx or haproxy as a reverse proxy to the wireguard network, or something else? Been wondering if there's an easy way to expose an internal service like that. TCP seems easy, but UDP seems much more problematic.

discuss

ignoramous|6 years ago

Check out https://tailscale.com/ a mesh VPN built on top of wireguard.

yash1th|6 years ago

I just learned about tailscale today on twitter. Here's the tweet from the founder https://twitter.com/davidcrawshaw/status/1222203472461926401...

Looks really promising

paranoidrobot|6 years ago

Another example of a product that looks interesting, but the folks responsible for marketing it make it a pain in the arse.

This looks like it solves a problem I have. Looks like it might be a commercial product (mentions of Okta and "get started for free"), but I can't find out any more information without signing up which I don't want to do if it doesn't support the configuration I want or is more expensive than my budget for such things.

nif2ee|6 years ago

How does this thing even work? do they host the gateways for you and do the authentication at the start of VPN sessions and generate the wireguard keys for you? so you simply need to connect your networks hosting services and such to their gateways?

unknown|6 years ago

[deleted]

rhn_mk1|6 years ago

I'm doing something similar with a random VPS provider, using and some NAT rules to forward selected ports across the VPN interface. If there's interest, I could write up a more detailed explanation.

oarsinsync|6 years ago

If you've followed standard / generic wireguard configuration, then 'client' peers are all able to route to each other via the server on their wireguard-local peer IPs.

sdan|6 years ago

Traefik.

Recently they started supporting TCP so now I do both HTTP for websites and TCP for databases

sdan|6 years ago

If you need any help, let me know at hn@sdan.cc. I'm going to write a couple blog posts documenting how to do this (because it took me a full brain-wrecking week to figure out how to do this properly).

WireGuard for networking and Traefik for loadbalancing is so easy to do (if you do it correctly).

rid|6 years ago

Are you using TLS over TCP to route to the DBs?