this post was submitted on 30 Dec 2023
38 points (93.2% liked)

Selfhosted

40727 readers
332 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Currently I set up Tailscale in my Synology NAS and I can access selfhosted services on my phone using the Android app. I want to use some services in my work PC too but I'm blocked from installing any software. So my question is, is there any solution that allows me to connect to selfhosted VPN via browser extension? (Just like NordVPN, I can install the browser extension to use it and I don't need the Windows app.)

all 16 comments
sorted by: hot top controversial new old
[–] AtariDump 22 points 1 year ago* (last edited 1 year ago) (2 children)

I’d be very wary about trying to bypass any workplace restrictions (which includes using a non-company VPN etc. etc.) to access self-hosted services.

Remember, your work computer belongs to the business (unless you’re self employed).

Depending on your line of work this could range from a slap on the wrist onto immediate termination and fines.

[–] [email protected] 3 points 11 months ago

Yeah, that is the unfortunate reality. The better way is going through your IT department to get those extra things you need for work. If you are found out, and I am sure IT will eventually be able to, you will be in trouble.

[–] [email protected] 2 points 11 months ago

Also very good advice

[–] valkyre09 11 points 1 year ago (2 children)

I use Cloudflare tunnels for this very reason, you can protect access to the page behind a login (I use azure AD).

It basically acts like a reverse proxy allowing me access to those local resources without anything being installed on the client computer.

[–] thefactremains 3 points 1 year ago (1 children)

This is the right answer.

The only other solution I can think of would be to put a device in the middle (such as this router).

[–] [email protected] 1 points 1 year ago

Or you can use the CF Tunnel equivalent from Tailscale, called Funnel.

https://tailscale.com/blog/reintroducing-serve-funnel

[–] k4j8 1 points 11 months ago

I had the same problem as OP. My solution was to port forward to my server but then block connections from all IP addresses accept from my work, which I added to an allowlist.

It's working well so far, but I think the Cloudflare tunnel is the better option.

[–] [email protected] 8 points 1 year ago (1 children)

Maybe look into deploying a Socks5 proxy (e.g. socks5-server)? Then you can use socks5 browser extensions like FoxyProxy

[–] [email protected] 2 points 1 year ago

https://shadowsocks.org/ should be a good option, easy to install, encrypted, and password protected

[–] [email protected] 5 points 1 year ago

Most "VPN" browser extensions (if not all of them) aren't actually doing a VPN connection but just change the proxy setting in the browser. This is because as a browser extension they wouldn't have enough permissions/power to establish a real VPN connection.

So if you want to use a browser extension you have to run a proxy server, or as other said, just use cloudflared as running a proxy server attracts bots from all over the world

[–] bruhduh 2 points 11 months ago* (last edited 11 months ago)

https://github.com/MHSanaei/3x-ui plus foxyproxy or Proxy SwitchyOmega if you're using chromiums

[–] [email protected] 1 points 11 months ago

Configure the Funnel feature in Tailscale.

Funnel enables non-Tailscale clients to access specified resources in your Tailscale network via an encrypted tunnel provided by Tailscale.org.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

Portable Apps or Scoop or if Linux, Appimage?

[–] [email protected] -1 points 1 year ago* (last edited 11 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
NAS Network-Attached Storage
SSH Secure Shell for remote terminal access
VPN Virtual Private Network

3 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

[Thread #387 for this sub, first seen 30th Dec 2023, 10:35] [FAQ] [Full list] [Contact] [Source code]