Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I’m not familiar with NordVPN Meshnet but I wanted to chime in that you can use Tailscale with a VPN, but you’ll have to do some routing work between the Tailscale network interface and the VPN one. I do this on a VPS.
This is a decent idea. You can configure the VPS to be an exit node on the Tailnet, and configure the clients to use it as their exit node. Then you'd just need to configure some nftables rules to masquerade (source NAT) to the VPN network interface.
Having said that... At that point, why do you need the other VPN? You can just use the VPS as your exit node.
I do some pretty crazy stuff honestly because I’m really into privacy. Since I’m stuck using a VPS I usually put it in the same country that I’m currently in so that for my end devices it appears I’m just accessing some corporate VPN.
On the VPN I actually have two in-country double hop VPN tunnels. I then have two more double hop VPN tunnels that first go into some random country, then finally to Switzerland (because I love their privacy laws). Those two tunnels are set as two equal cost multipath hops for my Tailscale clients, then they get stuffed into the first set of in-country tunnels.
Iinject random delays to protect against timing attacks too, and on top of all that I run Blocky with an insane amount of blocklists and that traffic also spread between all the tunnels over DoT.
It’s a lot of overkill but I absolutely love having no ads, strong data protection and a higher level of freedom of speech.
Don't do this as it defeats the point of Tailscale
Not really. I use the exit node to forward my “default” traffic through the VPN but I still use tunnels between my end devices too. My wife uses it to print documents from work and hell, I even shut off a lot of services on my LAN and made them Tailscale-only just as a way to force encryption (unnecessarily).
The problem is that it likely will break NAT traversal which means no direct connections.
Tailscale already has VPN integrations. I would recommend that you use that instead.
Tailscale only supports Mullvad VPN and when you do use it you’re stuck with its DNS server. It’s a super basic option and doesn’t allow for much customization.
On the exit node you should be able to setup routing so that traffic goes though a VPN route.
In the end though I honestly don't see much of a use case for VPNs
So you’re just chiming in that people shouldn’t use it because you don’t see the use case for VPNs?