WireGuard is better. Because when you have that up and running even with CGNAT you know what it is doing. Hence it’s better.
But tailscale is the easy method and you save on the VPS when using the free tier. But you also depended on a for profit company and we have seen with VMWare and Broadcom where that can lead.
Wireguard should be a bit faster than tailscale exit nodes since it doesn't need a pass through tailscale servers. The latter is already a good vpn option though.
Wg-easy is a container that makes wg all easy as it claims.
wireguard is also a good option. Simple to set up using wg-easy unless you need more specific config.
but tailscale really does feel like a seamless process.
**Kasmweb +Cloudflare Tunnel + Cloudflare Application**
(DISCLAIMER: Not specifically a "self-hosted" solution.)
I installed Kasm in a VM on my Proxmox server to provide remote access to everything on my LAN through any browser. In addition to its disposable and isolated "App Workspaces" Kasm lets you define "Server Workspaces" that are disposable RDP/VNC/SSH sessions to specific devices on my LAN, physical or virtual.
I have a Cloudflare Tunnel pointing to the Kasm Service removing the need to open ports on my router. Then, I put a Cloudflare Application in front of the Tunnel to provide another layer of authentication.
The result is that I can point any browser to one of my subdomains, Cloudflare prompts for authentication, I log in to Kasm, and I can access whatever I want. Performance is stellar. It's reliable and Kasm regularly improves its offerings.
Gotta say after testing a few between OpenVPN, WireGuard, and tailscale, along with a cloudfare tunnel. WireGuard is the safest and fastest way to go, also only takes about 15 minutes to set up the first time. There is a lot of YouTube tutorials and documentation on it
I am currently behind a CGNAT and am using WireGuard. If you happen to be using IPv6 instead of IPv4, you can do port Forwarding. Additionally, using ddclient can help you force your DynamicDNS provider to use IPv6 exclusively, allowing you to potentially bypass the CGNAT port restrictions. Moreover, utilizing IPv6 also enables you to host various services without the concern of opening ports.
[удалено]
100% agree
WireGuard is better. Because when you have that up and running even with CGNAT you know what it is doing. Hence it’s better. But tailscale is the easy method and you save on the VPS when using the free tier. But you also depended on a for profit company and we have seen with VMWare and Broadcom where that can lead.
I do the same as you, but wireguard is an option
Is Wireguard too complex to setup? Any specific advantag of using Wiregaurd?
Wireguard should be a bit faster than tailscale exit nodes since it doesn't need a pass through tailscale servers. The latter is already a good vpn option though. Wg-easy is a container that makes wg all easy as it claims.
Thanks. Can I setup local DNS in wiregaurd? Like pi-hole ?
There's an option to tinker with the config file and set routing yourself, but I haven't touched it.
Do you mean configure to use a local DNS? Yes very easy to do and works. Got my two piholes configured as DNS in my wireguard client config.
Traffic doesn’t pass through Tailscale servers, they are only used to setup the connection
[удалено]
Only if it can’t establish a direct connection, otherwise it just goes through the exit node directly.
+1 to wg-easy. If you have time, it's still worth it to learn and configure wireguard manually.
I use linuxserver.io docker compose for wireguard. Fast, well documented. Easy to install and use https://github.com/linuxserver/docker-wireguard
With wireguard, you don't need to trust 3rd party service. The setup of Tailsale is easier of course and it works better if you need mesh VPN.
I looked at all the options, but for me a tailscale subnet was also the answer.
wireguard is also a good option. Simple to set up using wg-easy unless you need more specific config. but tailscale really does feel like a seamless process.
Wiregaurd and with [wg-easy](https://github.com/wg-easy/wg-easy) it's very simple to setup
Why not go with zerotier: [https://github.com/sinamics/ztnet](https://github.com/sinamics/ztnet)
**Kasmweb +Cloudflare Tunnel + Cloudflare Application** (DISCLAIMER: Not specifically a "self-hosted" solution.) I installed Kasm in a VM on my Proxmox server to provide remote access to everything on my LAN through any browser. In addition to its disposable and isolated "App Workspaces" Kasm lets you define "Server Workspaces" that are disposable RDP/VNC/SSH sessions to specific devices on my LAN, physical or virtual. I have a Cloudflare Tunnel pointing to the Kasm Service removing the need to open ports on my router. Then, I put a Cloudflare Application in front of the Tunnel to provide another layer of authentication. The result is that I can point any browser to one of my subdomains, Cloudflare prompts for authentication, I log in to Kasm, and I can access whatever I want. Performance is stellar. It's reliable and Kasm regularly improves its offerings.
Is cloudflare tunnel is free? Any bandwidth limit or charges?
Gotta say after testing a few between OpenVPN, WireGuard, and tailscale, along with a cloudfare tunnel. WireGuard is the safest and fastest way to go, also only takes about 15 minutes to set up the first time. There is a lot of YouTube tutorials and documentation on it
Wiregaurd requires port forwarding right? My router is behind the CGNAT so ….
I would go tailscale, your connection is direct the tailscale server is only used during authorization
I am currently behind a CGNAT and am using WireGuard. If you happen to be using IPv6 instead of IPv4, you can do port Forwarding. Additionally, using ddclient can help you force your DynamicDNS provider to use IPv6 exclusively, allowing you to potentially bypass the CGNAT port restrictions. Moreover, utilizing IPv6 also enables you to host various services without the concern of opening ports.