this post was submitted on 08 Apr 2025
34 points (97.2% liked)

Selfhosted

46210 readers
301 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
34
Using Tailscale As A Traditional VPN (lemmy.world)
submitted 2 weeks ago by irmadlad@lemmy.world to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

I am toying with the idea of using one of my Tailscale instances as traditional VPN, using the exit node features. I think I have that part down to a note as far as what has to be done in order for this to happen.

My question is if there are any security risks or security provisions that need to be made to keep the envelope secure. I am the only user of my Tailscale network, so I don't have to worry about another user jacking things up. However, I am concerned about the implications of the visibility of the exit node I would be connecting to.

you are viewing a single comment's thread
view the rest of the comments
[–] just_another_person@lemmy.world 5 points 2 weeks ago (8 children)

Visibility how? You don't need to open any ingress ports on the VPS instance unless you plan on reverse proxying something back to your client node. Your client visibility will be to any endpoint you connect to, and any DERP servers you get proxied through from Tailscale.

[–] irmadlad@lemmy.world 1 points 2 weeks ago (3 children)

I'm sorry...I'm just asking all the stupid questions up front.

[–] just_another_person@lemmy.world 1 points 2 weeks ago (2 children)

They're good questions. I wasn't being rhetorical 🤣

It's hard to know exactly where your concern about visibility lies, hence my question 😉

[–] irmadlad@lemmy.world 1 points 2 weeks ago (1 children)

Nah, it's good. I do have a knack for asking silly, basic questions. I certainly don't have the networking prowess and certifications that some of the group here has, and I just want to be cautious, perhaps overly cautious when implementing what I have proposed. I know what an overlay vpn does, and I know what a traditional vpn like say, PIA, does. I just want to proceed with caution because the end use has serious implications if improperly deployed. At the very least I want to make myself confidant that I have covered all bases.

[–] just_another_person@lemmy.world 1 points 2 weeks ago

Well if it demystifies Tailscale a bit, just think of it like a traditional VPN with specific controls over the traffic flow. It's e2e encrypted between every node, and you control the exit node. You're use-case would work just like OpenVON, for example, where your client traffic exits where you decide (your VPS).

If you really want a deeper understanding, have a looke at Headscale and maybe set it up on your VPS. You use your same Tailscale client, and just register it with the Headscale instance on your VPS. Just setting it up will give you a tutorial on how Tailscale works in general. You can ping me with questions, or the Discord is really active and responsive.

load more comments (4 replies)