this post was submitted on 15 Apr 2026
43 points (87.7% liked)

Selfhosted

59584 readers
493 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
43
Cloudflare launches private mesh VPN (Tailscale-like) offering (blog.cloudflare.com)
submitted 1 month ago by dabe@lemmy.zip to c/selfhosted@lemmy.world
40 comments fedilink hide all child comments
 

It’s a 10 minute read when it should probably be a 2 minute read, likely due to LLMs fluffing it up (I got that vibe from skimming it). But what do you all think, is there anything in here that would compel you to switch from your current VPN solution to this?

you are viewing a single comment's thread
view the rest of the comments
[–] hertg@infosec.pub 46 points 1 month ago (13 children)

There's nothing I'd like to do more than let the US internet-monopolizing company handle all my vpn traffic /s But without being snarky, for homelabbing purposes just use wireguard directly, it's fun and not that hard to handle. Automate peer configurations using Ansible or some other automation tool if it gets hard to manage manually.

[–] wltr@discuss.tchncs.de 11 points 1 month ago (5 children)

I tried, but I don’t understand how to bypass a cgnat. With Tailscale it just works. Also, I tried Netbird, it’s very similar, and it works well too. I’d love to simplify this, but I have no knowledge at the moment. Would love someone pointing into the right direction.

[–] hertg@infosec.pub 1 points 1 month ago (4 children)

CGNAT and changing IPs make this harder. What I'd consider in this scenario is renting a small vps at a local provider (a tiny/cheap machine is enough). Then use this one as a hop to your network, basically homelab->vps<-client. Here is a post that talks about something like that: https://taggart-tech.com/wireguard/

I haven't used this method personally, but I've done something similar for incoming web traffic before, when you want to host things behind a CGNAT. You can actually keep all the traffic confidential by having just an L4 proxy on the vps, then the http traffic is still end-to-end encrypted between the client and the service, so you don't even have to trust the vps provider when it comes to them snooping. They still get some metadata, but not significntly more than the ISPs.

[–] uzay@infosec.pub 1 points 1 month ago (1 children)

I have done basically that before and it worked. But I find Tailscale with a headscale server easier to manage. Maybe I'll take a look into selfhosting netbird at some point too.

[–] hertg@infosec.pub 1 points 1 month ago

Whatever works for you, and as long as you have an out, that's great. I've just become wary of single-vendor opensource projects to the point where I basically treat them like proprietary software. So far that's worked, but it requires some restraint from using new shiny things

load more comments (2 replies)
load more comments (2 replies)
load more comments (9 replies)