top | item 46582312

(no title)

alpn | 1 month ago

> I'd rather expose a Wireguard port and control my keys than introduce a third party like Tailscale.

I’m working on a (free) service that lets you have it both ways. It’s a thin layer on top of vanilla WireGuard that handles NAT traversal and endpoint updates so you don’t need to expose any ports, while leaving you in full control of your own keys and network topology.

https://wireplug.org

discuss

copperx|1 month ago

Apparently I'm ignorant about Tailscale, bacause your service description is exactly what I thought Tailscale was.

SchemaLoad|1 month ago

The main issue people have with Tailscale is that it's a centralised service that isn't self hostable. The Tailscale server manages authentication and keeping track of your devices IPs.

Your eventual connection is direct to your device, but all the management before that runs on Tailscales server.

hamandcheese|1 month ago

This is very cool!

But I also think it's worth a mention that for basic "I want to access my home LAN" use cases you don't need P2P, you just need a single public IP to your lan and perhaps dynamic dns.

digiown|1 month ago

Where will you host the wg endpoint to open up?

- Each device? This means setting up many peers on each of your devices

- Router/central server? That's a single point of failure, and often a performance bottleneck if you're on LAN. If that's a router, the router may be compromised and eavesdrop on your connections, which you probably didn't secure as hard because it's on a VPN.

Not to mention DDNS can create significant downtime.

Tailscale fails over basically instantly, and is E2EE, unlike the hub setup.

kevin_thibedeau|1 month ago

A public IP and DDNS can be impossible behind CGNAT. A VPN link to a VPS eliminates that problem.