top | item 45172731

(no title)

cyphax | 5 months ago

I've had wireguard in a container for a few years, and it's never failed me. I will say it took me a long time to get the firewall part of the configuration right but the configuration is otherwise simple. When I'm on the road I can access all the things I self host, which I don't have to expose anything of to the outside world.

I also really like using qr codes to transfer a configuration to a phone (mostly used by me once when I replaced my phone): https://www.cyberciti.biz/faq/how-to-generate-wireguard-qr-c...

discuss

SyrupThinker|5 months ago

The amount of people here just exposing their network to Tailscale, and recommending others to do the same, is surprising, to say the least.

I've set up Wireguard on a VPS once six years ago, and nothing needed adjustment since. It is as easy as you make it out to be, and depending on the use case the firewall rules can also be simple.

If I need to add a new device, which is probably a rarity for the average user, and once a year for me, it takes two minutes to edit two files and restart a service.

I can see reasons why one would want to use Tailscale, especially in an organization. But just uncritically recommending it for home-lab like setups seems as harmful as pushing people to Cloudflare for everything.

FrankPetrilli|5 months ago

Inter-node mesh with raw Wireguard is an exercise in patience to say the least; I have a few different colo sites, my house, my phone, LTE/5G hotspots, raspberry pi projects in the field, etc that I want to fully connect together.

Raw Wireguard is fine for a road warrior or site-to-site VPN setup as is common, but when you want multipoint peer-to-peer connections without routing through what might be a geographically distant point, magic DNS, etc, Tailscale really shines through.

If you're paranoid, enable https://tailscale.com/kb/1226/tailnet-lock or run https://headscale.net/ on your own as a control server.

venusenvy47|5 months ago

I've been using Netbird on my home network and on my daughter's laptop to provide remote support while she has been at college. This year she moved into an apartment, which has its own cable modem and router/network that I set up. I haven't figured out how I will configure a "zero-trust" architecture that will allow me to act as remote support for her remote network. I'm not the best at networking and I'm afraid of connecting the networks in a manner that I don't expect. I'd be interested to hear if anyone can suggest how to configure this arrangement. I've always had her leave the Netbird client on her laptop turned off unless she is specifically asking for help. I plan to do something similar, where I would have her remote network normally disconnected from whatever VPN bridge network I set up.

robertlagrant|5 months ago

Speaking of Cloudflare - they do have a similar product[0] :)

[0] https://developers.cloudflare.com/cloudflare-one/connections...

venusenvy47|5 months ago

I have a VPS and have thought about using Wireguard on it for accessing my home network, but I worry that I don't understand the security well enough to use it. Wouldn't less experienced people like myself be safer with Tailscale or Netbird or something that doesn't require extensive knowledge of a publicly-hosted server?

jazzyjackson|5 months ago

whoa that's super useful. I've been trying to figure out what I'm going to do to let my family access my server. What client do you recommend on the phone end? Or does the phone support connecting to wireguard out of the box?

zuhsetaqi|5 months ago

The best client is from WireGuard. It’s super efficient in my experience. It even supports on demand VPN where you can define network it should activate or deactivate the VPN.

cyphax|5 months ago

I use the Android app from Wireguard: https://play.google.com/store/apps/details?id=com.wireguard.... It's pretty basic, but it lets me scan the generated qr codes, and it has an icon in the drawer which makes it easy to access.