Vpn.
Openvpn or wireguard.
this post was submitted on 15 Aug 2023
9 points (84.6% liked)
Selfhosted
39282 readers
279 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
Tailscale. Download it and you'll be up and running in 5 minutes. Don't use cloudflare tunnels unless you plan on opening it up to the public. Then you can go that route.
Second on that. The whole "it just works" slogan was frustrating when it didn't work at first, but once it finally for running it was great
What exact route did u advertise? I'm having trouble getting it working
Trust me, you don't want to get instructions from me. Just look at my post/comment history haha everything I touch breaks in ways that are hard to diagnose. I had to reach out to tech support, they got back to me in <12hrs
Hey, I'm testing it and I have it installed on my phone/PC/TrueNAS but having trouble getting access remotely (testing on data).
I think I have the part "Advertise Routes" wrong, how to I know what IP to put in exactly
You put the ip address that tailscale gives you along with the port number of your NextCloud instance.
Is the port number the 4 numbers after the : which I use as a url to access Nextclouds web gui?
Also that means I should be adding two routes?
Yes the port number is the last 4 digits after the :.
Tailscaleip:nextcloudport
Sorry for the questions, how do I know which Tailnet IP to use? Each device seems to get a different address and a I tested a couple and neither worked
A tutorial I watched used 192.168.3.0/24. I tested this and it didn't give me any errors and it connected to tailscale, but I couldn't actually access things remotely
For restricted access, I add a Cloudflare Application in front of the Tunnel to provide authentication. Work's like a charm, and the user never hits my services unless they successfully authenticate.
Your nextcloud isn't public facing?
I don't think so? It's whatever the default is aha I am new to networking like this
Out of curiosity what are you using nextcloud for? Most people use it for public facing collab and sharing, and it's an absolute beast to maintain because it's so complicated.
I've been running it for years with very little maintenance... What about it is a "beast?"
Just google "nextcloud frustration"
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| CGNAT | Carrier-Grade NAT |
| IP | Internet Protocol |
| NAT | Network Address Translation |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
5 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #46 for this sub, first seen 15th Aug 2023, 02:15] [FAQ] [Full list] [Contact] [Source code]
TrueNAS has an OpenVPN plugin available, which is typically the recommended option.
If you are using Scale, it has been depreciated. Rather inconvenient for me as I have to come up with a new solution.
Yea, I didn't like that they are going to drop support in the next version or whatever. Not sure if it's their intended replacement, but Wireguard is installed by default in TrueNAS Bluefin. I recently switched to that, and I find the performance is way better than OpenVPN.
My recommendation would be some kind of VPN. If your looking for something plug and play and free, look into zerotier.
If your home internet connection sits behind CGNAT, like me, just buy a cheap vps and set up your own wireguard network.
Both solutions avoid exposing your services directly to the public internet which reduces attack vectors and adds an extra layer of encryption.
Idk what CGNAT is tbh so I doubt it.
Other comment mentioned OpenVPN, would you say Zerotier is an easier option?
I had literally just set this up on my truenas instance yesterday (even though I've been using ZeroTier for some time). The key thing to recognize is that truenas whipes out any modifications to its system after a reboot, hence the need for this script.
https://alan.norbauer.com/articles/zerotier-on-truenas
I've heard great things about tailscale, but just have had an opportunity to try it.