this post was submitted on 17 Sep 2023
94 points (99.0% liked)

Linux

48153 readers
741 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

If you're not familiar with Tailscale it's a very user-friendly "overlay network" that lets you securely connect all your devices no matter where they are over the internet.

No need to forward ports on your router to access your home network anymore. And no need to set up VPNs manually either. Just install Tailscale on all your devices and log in with Gmail or other providers.

Tailscale has official apps for Windows, Mac Android and iOS.

Thanks to a project called Trayscale we now have a GUI app for managing Tailscale on GNU/Linux as well.

You can easily install it using a flatpak.

top 16 comments
sorted by: hot top controversial new old
[–] [email protected] 33 points 1 year ago (2 children)

Although I use Tailscale, the control servers are closed source. For those of you who like self hosting though, there is a project called Headscale that implements them anyways https://github.com/juanfont/headscale

[–] [email protected] 8 points 1 year ago

Quite important detail. Ty for the info

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

But you need to pay for a VPS to use Headscale behind NAT. If you're already paying for VPS it makes sense to use Headscale. But if you don't then you have to consider the price of a VPS vs Tailscale's free plan. Even if Tailscale eliminates that free plan, as long as they keep it around $4/mo they will still be a better option than a cheap VPS – assuming, again, that you don't have a VPS and the only reason you'd get one is for this purpose.

[–] [email protected] 1 points 1 year ago

That's a complicated way to say:

  • You can either run a server (headscale)
  • Or use a manage service (tailscale)

Both comes at a cost, generally, but free options are available depending on your needs.

[–] [email protected] 4 points 1 year ago

I'm using Tailscale Status Gnome extension which works pretty well. But good to see alternatives that is not tied to specific DE.

[–] [email protected] 3 points 1 year ago (3 children)

Is it that hard to setup Wireguard or OpenVPN? The popularity of this here perplexes me.

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago)

it's a mesh network built on wireguard. it's not just a direct connection to another PC on your network. you can select exit node devices on the fly and control acl's and access based on groups in their admin panel.

and yes, if you want a properly secured vpn setup without the necessary background knowledge, it's pretty difficult. there is no opening ports on your router, which is especially useful for people on cgnat.

[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (2 children)

Is it that hard to setup Wireguard or OpenVPN?

TLDR: Unequivocally yes.

I've managed to eventually establish a two-point OpenVPN link after reading a lot and fiddling with two dozen settings in both the server and client. I can now generate keys for clients, wrap them into .ovpn files and can get people connected to my server.

However:

  • It only works because I get a public IP from my ISP. If that ever stops, this solution stops working too.
  • People can only access that one server, and only from the one device they run OpenVPN on. After many hours of reading I have no fucking idea how to expose more devices in my LAN to the client side, how to connect more devices in their LAN to my server, or how to use my server as an exit point towards the larger internet for the clients. I'm sure that with some more reading and experimentation I could figure this out. I have basic networking knowledge but this goes above basic. I hope I won't have to get a CCNA for it.
  • It's still only a two-point link. If I want to connect more points I have no idea where to begin allowing them to see each other, and if they need to connect to each other it won't be optimal to go through my server anyway. But setting up and running OpenVPN on each device and distributing keys from each device to every other device would get old very fast anyway.

If you think that's hairy, I hear that WireGuard is even more complicated to set up than OpenVPN.

With Tailscale I install one thing on each device and run one command (or tap a checkbox on Android/iOS). It gives me a link to open, to enroll that device. And that's it. It works.

Not only does it work but it comes out of the box with:

  • All enrolled devices see each other. It has already established an everybody-to-everybody private mesh network.
  • I don't have to manually manage any keys.
  • Connections between any two devices benefit from direct connection speed between those devices.
  • Those tricky scenarios where I want to expose LAN devices or use a device as an exit node? It's one parameter (or one checkbox on mobile clients) and one approval in the control panel, then it just works.

Edit: Yes I know I can use Headscale on a VPS to achieve something very similar to Tailscale. Leaving aside the need for VPS, and while I'm thankful that WireGuard exists and that Headscale is keeping Tailscale honest, and while fully acknowledging my hypocrisy, I'm still going to be a cheap lazy asshole and use Tailscale and get a free ride until Tailscale starts charging. At which point I will weigh their offer against the cheapest VPS out there and either keep using Tailscale or start using Headscale unapologetically while eating crow from all the people shouting "told you so!". Or maybe I'll get a CCNA and finish setting up OpenVPN, we'll see.

[–] [email protected] 8 points 1 year ago

I hear that WireGuard is even more complicated to set up than OpenVPN.

I don't know where you heard that. The exact opposite is true in my experience. OpenVPN is a shitshow compared to Wireguard.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

It only works because I get a public IP from my ISP. If that ever stops, this solution stops working too.

FWIW OpenVPN can use DNS names so you can use DDNS.

Point taken on the rest though. Everything you mentioned IS possible but the point that it's beyond most hobbyists is valid. I'm really wary of relying on a centrally managed pay service that is 'free' (for now).

[–] [email protected] 3 points 1 year ago (1 children)

FWIW OpenVPN can use DNS names so you can use DDNS.

CGNAT says no.

[–] [email protected] 1 points 1 year ago (1 children)

:shrug:, never had to deal with it

[–] [email protected] 2 points 1 year ago (1 children)

You will have to at some point; whether you want to or not. CGNAT is the future of IPv4.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago

It's dead already. Problem is that in the year of the lord 2023 ipv6 still isn't really a thing yet, so IPv4 remains on life support.

If you're already using IPv6 for everything, you don't need to care about CGNAT in IPv4. I highly doubt that's the case however.

[–] [email protected] 1 points 1 year ago

Way too much effort when you can accomplish the exact same thing extremely easy and fast and more user-friendly with tailscale