top | item 46491897

(no title)

ZeWaren | 1 month ago

I use wireguard as my main VPN to connect to my homelab from my phone and my laptops.

I also have an OpenVPN as a backup option, running behind sslh. My same port on my router (443) serves both a webserver hosting photos, and that OpenVPN instance. This allows me to VPN into my home in most firewalled office networks.

discuss

bayindirh|1 month ago

Why not using tailscale/headscale, which removes the requirement to expose home network to internet at all?

lurking_swe|1 month ago

i’m assuming because of the “web server hosting photos”. Probably Immich if i had to guess?

tailscale is fine if you’re somewhat tech savvy, but it’s annoying to show all your friends and family how to “correctly” access your web server. Too much friction. First download the tailscale app, sign in, blah blah. Then you also are unnecessarily bogging down everyone’s smartphone with a wire guard VPN profile which is…undesirable.

I like tailscale and use it for some stuff. But for web servers that i want my whole family (and some friends) to easily access, a traditional setup makes much more sense. The tradeoff is (obviously) a higher security burden. I protect the web apps in my homelab with SSO (OIDC), among other things.