1 yr. ago • 98%

Setting up your own VPN

What do you guys use / recommend to set up your own VPN to access your LAN services remotely?

65 comments

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters

CF CloudFlare

DNS Domain Name Service/System

VPN Virtual Private Network

VPS Virtual Private Server (opposed to shared hosting)

4 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.

[Thread #6 for this sub, first seen 19th Jul 2023, 10:30] [FAQ] [Full list] [Contact] [Source code]

47
- Good bot.
  
  13
  
  great bot
  
  7
Wireguard (if you can open udp ports)

45
- That's what I'm using, though I've used wg-easy, which made the setup, well, easy.
  
  10
  
  Yup, WG easy works pretty well
  
  3
- Permanently Deleted
  
  5
People seem to like and recommend Tailscale. I have not gotten to setting it up. My setup involves reverse proxy with treafik and my services in docker. Any suggestions on how what I need to do would be welcome.

14
- This is the exact script I use to install tailscale on my VPN server
  
  Installing Tailscale
  
  curl -fsSL https://tailscale.com/install.sh | sh
  
  Enable IP forwarding
  
  echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf sudo sysctl -p /etc/sysctl.conf
  
  Advertise subenets and exit node
  
  tailscale up --advertise-exit-node --advertise-routes=192.168.0.0/24,192.168.2.0/28,192.168.5.0/24,192.168.10.0/24
  
  12
  
  Thank you for message, i appreciate the effort.
  
  Where I struggle is the part where i need to expose my subnet within Tailscale. I don’t have any machineip:port delegated to the services anymore.
  
  I got a domain name through CF, and have traefik generate unique url links as *service.mydomain.com that routes it to the specific service running in docker on my localmachine. It also takes care of certificates. Calling that service url only works within the local network.
  
  In my docker compose set up, I removed all the ports as I dont access the services via ip:port. I hope this makes sense to you.
  
  So it seems I need to configure Tailscale in such a way I can tunnel to my home network and then make the service.mydomain.com call. And that is where it got too complicated for me right now.
  
  I also fail to understand if I need to run Tailscale native or in (the same) docker env.
  
  2
- I've been using it for maybe a year now and it's been rock solid. Highly recommended.
  
  1
tailscale 100 times over

8
I've never had issues with my plain old OpenVPN setup

8
Was running Wireguard and am now in the process of changing over to Tailscale (Headscale).

It uses Wireguard for the actual connections but manages all the wireguard configs for you.

5
- Why have you decided to switch?
  
  4
  
  Getting the configs to work with my personal devices was already a little finicky but doing that for not-so-technical family members was starting to be a bit too much work for me.
  
  I'm hoping that Headscale will cut that down to pointing their app at the server and having them enter their username and password.
  
  6
i have pivpn (wireguard+pihole) running on a pi zero and it is rock solid

5
@Coldus12 I got wireguard hosted on my openwrt router. Straightforward and no fuss.

4
My MikroTik has built in WireGuard functionality so it was an easy pick 😁

4
Permanently Deleted

4
- Here is an alternative Piped link(s): https://piped.video/watch?v=Bo2AsW4BMOo
  
  Piped is a privacy-respecting open-source alternative frontend to YouTube.
  
  I'm open-source, check me out at GitHub.
  
  7
PiVPN. single line install script. Couldn’t be easier. Now if you have a shitty ISP like yours truly that can prevent you from being able to.

4
Check out Slack Nebula.I personally like it very much and used it to build a software-defined WAN to support my family's needs. I use a point to point WireGuard tunnel between my VPS and my home network to support self-hosted instances of Mastodon and Lemmy.

3
https://github.com/kylemanna/docker-openvpn

3
- I use this too. It is excellent
  
  2
Tailscale all the way.

3
Not many people here use openmediavault it seems, but Its wireguard plugin is super nice.

2
Check netmaker for wireguard vpn if you want a ui, but its straightforward to set it up manually.

1
While I’ve never used it personally I’ve heard good things about cloudflare tunnel.

0
- Depends on the use case. Cloudflare tunnels are great for accessing services, but not your network. I have a dockerised vscode instance behind a cloudflare tunnel attached to a personal domain that uses white listed emails as authorisation. Fantastic set up, can access my coding environment from anywhere with an internet connection as long as I can click the verification link in my emails.
  
  To access my network itself though, wireguard is better. I just use pivpn (coupled with pihole for on the go adblock) on a rpi.
  
  2
I use this one-liner to set up an IPsec VPN server:

wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh

-10
- Security 101: Never blindly run shell scripts from a random comment on the internet.
  
  24
  
  It’s also piped to sudo so that’s super cool too
  
  9
  
  A good tip in itself, but you can also look at the source and feel good or bad about it. I didn't expect so many downvotes
  
  https://github.com/hwdsl2/setup-ipsec-vpn
  
  3
  
  Tbf, a lot of applications and tools provide installation scripts in lieu of more elaborate manual setup. Doesn't make it safer, but if you want to install something, you have to trust the source with shell access at some point anyway.
  
  0