this post was submitted on 05 Nov 2023
58 points (95.3% liked)

Selfhosted

39964 readers
363 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hello I've been using cloudflare to get remote access for the couple apps I selfhost, but lately I've been hearing about the wonders of tailscale.

It seems that the free tier is enough for my use. Which would be a safe option to have remote access for my 3D printer? Also how are both in terms of privacy?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago (1 children)

That wouldn't help with accessing their home network.

I would use wireguard at home for this, but we have CGNAT so that is impossible/hard so I just use tailscale, which uses WireGuard anyways.

[–] [email protected] 1 points 1 year ago (1 children)

Yes it would. If wireguard is hosted in a vps, they can setup a client on their home network and mobile device, bypassing their home and isp nat.

[–] [email protected] 1 points 1 year ago (1 children)

WireGuard wouldn't work with CGNAT. The two servers can't connect. I can't get it to work anyways.

If it weren't for CGNAT, are you saying that OP could connect all their servers to the VPS using WireGuard and then OP could connect to the VPS? In that case it seems easier to just host a wireguard on one of the servers at home and I highly recommend doing that if you don't need to deal with CGNAT.

I think you could host your own Tailscale server on a VPS and then use tailscale on the servers and your client computers/mobile to bypass CGNAT. That's basically what I am doing right now, except I haven't hosted my own Tailscale server.

[–] [email protected] 1 points 1 year ago (1 children)

I think you have a misunderstanding about wireguard clients.

As long as the server isn't behind a cgnat, a connection from the client to the server can be made. It does not matter if the client is behind a cgnat or not. If that were true, privacy vpns like proton and mullvad would not work.

That said, tailscale is easy to setup compared to a wireguard tunnel, but wireguard has potentially more performance because tailscale uses wireguard-go rather than wireguard kernel.

[–] [email protected] 1 points 1 year ago (1 children)

I haven't tried reversing it like that, but I was under the impression that there were no specific servers or clients in WireGuard land and that both devices had to connect to each other and authenticate.

I have never really thought about how the servers of VPN providers are supposed to work if this was the case.

I guess I just got confused when I tried setting it up someday.

I haven't benchmarked it personally but apparently tailscale and WireGuard are very similar in performance due to optimization done by tailscale. I think they wanted to push the improvements upstream but I am not sure if that happened or if it's still waiting.

[–] [email protected] 1 points 1 year ago (1 children)

I believe performance is situationally dependent, so it may or may not be faster, but it theoretically is. I personally choose wireguard over tailscale because it's one less 3rd party involved, not for potential performance increases.

[–] [email protected] 2 points 1 year ago

That's fair. I use Wireguard somewhere else for the same reason.