Right now I’ve been using Tailscale because it automatically adapts to my network conditions. If I’m at home, it’ll prioritize local network connection, but when I’m out and about, it’ll automatically beam a direct connection or use a relay.

One gripe I have about it is I can’t run it alongside my normal VPNs on my mobile devices. I have to choose between one or the other.

I have tried Cloudflare Tunnel before, but using it for streaming, like Jellyfin, is forbidden. There’s also the added latency and slowness to having to hop through multiple DCs to reach Cloudflare and back.

  • 𝕽𝖔𝖔𝖙𝖎𝖊𝖘𝖙@lemmy.worldEnglish
    4·
    1 year ago

    I’ve tried quite a few services and eventually I mostly settled on running my own WireGuard VPN.

    But honestly these days I just use tailscale.

    The convenience is really unmatched, and my only qualm was that you had to let them hold the keys in exchange for the convenience of a cloud service to manage everything.

    But now with Tailnet Lock you can designate devices as signing nodes which effectively means those devices now hold your keys and tailscale really has no disadvantage over setting up your own WireGuard server manually.

    While also being loads easier and more feature-rich.

    If anything the user-friendliness probably ultimately makes it more secure than for inexperienced users to try to set up something similar manually.

    Their free plan is also quite comfortable with 3 users and 100 devices and virtually all of the features available in the premium/enterprise plans.

    Honestly I was very wary of them at first but I’ve really grown to appreciate tailscale to the point I probably sound like a shill

  • nomadjoanne@lemmy.worldEnglish
    2·
    1 year ago

    Https and a server. If hosting at home just leave a high numbered port open. If on a vps then you should be able to use any port you want.

  • Vake@lemmy.worldEnglish
    2·
    1 year ago

    I just have all my services exposed through reverse proxy with whatever authentication they have on their webpage. I see most people using VPN which I know is the more secure option but I like the zero setup of just typing in the name of the service I want to go to and just having it work. Is there a better way to secure this?

    • dinosaurdynasty@lemmy.worldEnglish
      4·
      1 year ago

      Do authentication in the reverse proxy if you can (e.g., basic auth or forward auth like Authelia, the second also has the benefit of SSO).

  • Decronym@lemmy.decronym.xyzBEnglish
    2·
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CGNAT Carrier-Grade NAT
    DNS Domain Name Service/System
    IP Internet Protocol
    NAT Network Address Translation
    SSL Secure Sockets Layer, for transparent encryption
    SSO Single Sign-On
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    7 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.

    [Thread #33 for this sub, first seen 13th Aug 2023, 06:05] [FAQ] [Full list] [Contact] [Source code]

  • Drusenija@lemmy.worldEnglish
    1·
    1 year ago

    I use ocserv to provide a Cisco AnyConnect compatible VPN server. There’s an SSL proxy running on port 443 of my gateway so the VPN is only accessible using the right domain name, and the server is running in a Docker container.

    Main reason I go for ocserv over OpenVPN or Wireguard is when I used to travel to China for work I found it was able to get past the Chinese firewalls. No idea if it still holds true but a few years ago it was fine.

  • Appoxo@lemmy.dbzer0.comEnglish
    1·
    1 year ago

    Did run a VPN on my firewall which broke for whatever reason.

    For access to my *arrs I run a reverse proxy and authelia for access regulation.