this post was submitted on 06 Jul 2023
99 points (94.6% liked)

Selfhosted

40746 readers
347 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
99
submitted 1 year ago* (last edited 1 year ago) by picklestehbutt to c/selfhosted
 

tailscale.com

I have been using Tailscale VPN with my servers for about 6 months now and I would recommend it to anyone.

I'm running it on both of my Proxmox machines, my laptop, a raspberry pi, and my Android phone. It makes it super easy and secure to access my local services while away from my house.

Very simple set up, minimal initial configuration, and versatile.

There are apps for Linux, Windows, Mac, Android, and iOS.

Is anyone else currently using Tailscale? I'd like to hear what you all think.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

The main benefit is it can punch thorough double NATs. Can't use wireguard if you can't even see your wireguard server when you have a shitty ISP that put their customers behind CGNAT.

[–] porksandwich9113 2 points 1 year ago (1 children)

Not trying to defend CGNAT because I hate it, but as someone who works for what most of you would consider a "good ISP", we use it simply because don't have enough IP addresses to do 1:1 NAT for every connection, and buying the amount of IP addresses required to do so would literally cost us somewhere in the neighborhood of ~4 million dollars - on top of the headache that we don't know the history of these IP addresses which could cause issues if they are on blacklists, etc.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

I understand if it's due to inability to procure more ipv4 blocks as long as the ISP also supports ipv6 properly. Many of those shitty ISPs do not even have that option though.

[–] porksandwich9113 3 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah, we have a full IPv6 deployment on our entire network and have for a many years now. We're a small rural regional coop so we make an effort to do right by our members the best we can. And for the members who really need a rout-able IPv4 IP, we do have limited blocks we can assign to interfaces if they request it.

[–] [email protected] 4 points 1 year ago (1 children)

Then it's not a shitty ISP. My precious ISP not only put that customer behind CGNAT, the CGNAT's IP addresses they use have poor reputation too so their customers sometimes get caught in captcha hell (very annoying when cloudflare doesn't like you because every other sites are behind cloudflare now), doesn't provide static IP address even when I asked to pay for it, and don't even provides IPv6. The only saving grace was 1:1 download/upload ratio, and they implemented government-mandated block list half-assedly (Reddit is banned in my country) so it's easy to circumvent. Once another ISP covered my area, I immediately jumped ship.

The new ISP also has problem with IPv4 allocation. Sometimes I got assigned behind a CGNAT, but restarting the modern is usually enough to get assigned into a publicly routable IPv4. And they actually have IPv6 so the CGNAT isn't as much of an issue. The drawback is asymmetric download/upload speed, and they implemented the government-mandated block list more competently (transparently hijacking all DNS requests, throttling DoH, ip-blocking some blocked websites, sniffing http host header and block it if the website is banned, etc) so I have a bit harder time to unblock everything.

[–] porksandwich9113 2 points 1 year ago

Wow, that sounds like pretty awful internet conditions. What country do you live in if you don't mind me asking?