this post was submitted on 26 Nov 2023
6 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I can't praise Tailscale and its developers enough... I discovered this do-it-yourself VPN solution about half a year ago and boy has it improved my life... Here is what I managed to accomplish with it.

I am running Tailscale on my old macbook air, henceforth referred to as my "server", my two firesticks, and my phones.

*remotely=outside of LAN, so over internet*

-I can access my SMB shares remotely from my phones with OwlFiles and from my M1 Macbook air seamlessly through Finder. All I had to do was enter a simple command on my server in Terminal to add TCP/445 to "Services". Tailscale then forwards incoming TCP connections on port 445 from within my tailnet to port 445 on my mac’s server. The result is that I am able to mount my 2TB share from anywhere I have internet and manage my files as though I was on my home network. I also have access to my entire media library from VLC installed on all my devices (once again, through SMB). If only I could somehow add my remote SMB shares to Kodi... But Kodi doesn't seem to allow me to type in custom IP addresses when trying to add SMB shares. Let me know in the comments if you know how to add remote SMB shares to Kodi (the ones it does not detect automatically).

-Similarly, by adding a suitable HTTPS port to my server's Tailscale services, I am able to manage the Transmission torrent client installed on my server remotely through Transmission's web interface (while connected to Tailscale, of course).

-I can back up to Time Machine remotely and accessing my Time Machine backups remotely as well. There are a few caveats though. On my server, I had to add a shared folder (from Settings), allow access to it via SMB and mark it as a Time Machine backup destination. The process is pretty straightforward. The trick is to add it as a backup destination THROUGH TAILSCALE by typing in the Tailscale IP of your server or the Magic-DNS domain name. Also, you will not be able to access pre-existing time machine backups through Tailscale! Only the destinations that you initially add through Tailscale. This is why I have two backup destinations on my server - one that I back up to from my LAN and one that I use over Tailscale remotely. Works like a charm!!!

-I can control my server through VNC remotely and seamlessly as if I was connected to LAN. To do that, I had to add TCP/5900 to my server's Tailscale services (which is akin to opening up TCP port 5900 to incoming connections from within the tailnet). This is particularly useful when I don't have my M1 mac with me, but need to run Python code inside Spyder. I just turn on my bluetooth/trackpad combo, connect it to my S10+, jack myself into my tailnet, MultiVNC my way into my server and BAM.

-MagicDNS deserves its own praiseful review. Not only did it assign a permanent, simple domain name to all my Tailscale-enabled devices, but it allowed me to configure my own DNS server for Tailscale-connected devices. I was then able to choose custom DNS servers for specific domains, which let me block FireTV updates without compromising my security (The DNS server used for that looks a little sketchy so I don’t want all of my traffic to go through it) and also use AdGuard DNS without breaking Doordash’s Dasher app by routing doordash-specific DNS requests to Google’s DNS and not AdGuard’s. Solid win here, as Adguard's DNS bricks the Dasher app. Let me know in the comments if you want to see my Magic-DNS configuration.

-FUNNEL: By running a funnel (proxy) on my home server, I am able to access my dad's Bell Fibe TV channels through their web interface from anywhere on Earth - Bell treats my traffic as if it's coming from my home network! It will NOT work if you use the mobile app, but works flawlessly from within Samsung Internet, Safari (on mac) and Grazing 3 (on iOS). Also, it’s quite neat to browse with my Canadian IP even when I am travelling (no more annoying "cookie consent" notices when in the EU). I suspect Netflix users could use this sort of setup to get around password-sharing restrictions. I am also running funnels on my firesticks just in case I need more bandwidth.

-SUBNETS: I am running a subnet on my home server so that I could adb into my firesticks and manage them remotely with scrcpy (update apps, install tweaks, etc). Yes, I am not a huge fan of the command line ^^' . I can also access my wifi cameras remotely from my mac. The desktop app for the cheap chinese ones only allows you to manage them over LAN, but Tailscale takes care of that. Works like a charm!

I am beyond pleased with everything Tailscale enables me to do. It baffles me that this technology is somehow free to use. I am extremely grateful to be a part of the Tailscale community. Thank you!!

Share your ideas and questions in the comments.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 11 months ago (5 children)

Tailscale doesn't respect local traffic and they have refused to add split tunneling on their Android VPN client. For these simple reasons, I would never take this product seriously.

[–] [email protected] 1 points 11 months ago

You must be a very serious person

[–] [email protected] 1 points 11 months ago

They don't do split tunneling? That's dumb. I ended up going with netmaker a year or so ago instead of tail scale because I didn't think tailscale was completely selfhost. Then netmaker put their relay functionality behind a paywall so now I'm stuck on an old version and have to decide to update or not.

load more comments (3 replies)
[–] [email protected] 3 points 11 months ago (8 children)

Serious question, what makes tailscale so great? Isn't it just vpn? I have been using wireguard for years and am now seeing everyone saying how great tailscale is but I can't see any difference between them. If I already have wireguard setup and running, is there any point to look into setting up tailscale?

[–] [email protected] 3 points 11 months ago (7 children)

Not really, no. Tailscale uses wireguard under the hood. It has a nice user interface and makes setting up a split VPN super easy. It also provides relatively easy ways to do ACL between devices. If you already got wireguard set up, you can skip tailscale.

[–] [email protected] 1 points 11 months ago (1 children)

For the time being, their recent additions to wireguard-go have increased its performance by nearly double when compared to the kernel version.

From what I've read, the patches are currently under revision by zx2c4 for the kernel version.

[–] [email protected] 1 points 11 months ago

Oh, that is crazy! I think I should do a bit of performance testing then :)

load more comments (6 replies)
[–] [email protected] 1 points 11 months ago

It's just the ease of use, Tailscale sets everything up for you, keeps track of IPs so you don't need to manually define endpoints, and handles NAT negotiation.

[–] [email protected] 1 points 11 months ago

It is simple. One click and done.

[–] [email protected] 1 points 11 months ago

I was also using Wireguard (and OpenVPN) until my ISP let's me share the ipv4 with my neighbors. Now I need Talescale.

[–] [email protected] 1 points 11 months ago (2 children)

If you're already running wireguard and just want a VPN, there isn't much that you're missing out on except for convenience when it comes to device management and routing, automatic hostname DNS resolution, and also getting access to more advanced features like meshing and failover LAN/subnet sharing without needing to figure out how to do it in bare wireguard.

Honestly though, it's free and makes for a great hassle-free backup VPN that just works. I use wireguard as my primary because it's fully self-hosted, runs at the kernel level instead of within the userspace so it's faster, and is more native than installing third-party solutions; with that said, I still run tailscale on all my servers as well in case I bork something while editing wireguard configs at any point.

load more comments (2 replies)
[–] [email protected] 1 points 11 months ago

One of the biggest things that it helps with is the double Nat dilemma that folks can run into if they're either behind cgnat or don't have control of their network management.

load more comments (2 replies)
[–] [email protected] 2 points 11 months ago

I mean, if you're giving up on self-hosting, sure.

[–] [email protected] 2 points 11 months ago

Honestly I do love tailscale, but every time when I start using it I am just like... meh. I don't need a bunch of interconnected as I have 1 homelab, and for other stuff like my backup system it goes over v6 so there is no NAT to speak off(just a firewall). And for any remote devices I just use plain wireguard including my always on VPN on my devices.

However I will continue to recommend Tailscale to people who are new to selfhosting and don't want to deal with all the networking bullshit, and hey if you want to not be reliant on the tailscale control server host headscale.

[–] [email protected] 2 points 11 months ago (5 children)

Wait till you learn about Wireguard.

[–] [email protected] 2 points 11 months ago (1 children)

Tailscale uses wireguard under the hood

[–] [email protected] 1 points 11 months ago

I think you know that I and everyone else knows that.

load more comments (4 replies)
[–] [email protected] 2 points 11 months ago (2 children)

Access SMB… what’s the speed you generally get? I have tried it, and I’d be lucky if it gets 8-16 Mbps over 1Gbps up/down on both sides.

[–] [email protected] 1 points 11 months ago

The speed is pretty good - I can watch 1080p mkv video stored on my server with no issues at all when I'm in Europe (my server is in Canada). I tried watching 4K and didn't encounter any stuttering either.

load more comments (1 replies)
[–] [email protected] 1 points 11 months ago (2 children)

thanks for the effort write-up, I'm still trying to wrap my mind around how this works beyond its just magic

load more comments (2 replies)
[–] [email protected] 1 points 11 months ago

I set it up in the last couple months as well, but am using headscale as my controller on a small vps.

[–] [email protected] 1 points 11 months ago

Thanks for the writeup. I was also thinking of using tailscale or headscale for some of my usecases. From my understanding so far it's great for personal stuff, but unsure how it would work for more users.

[–] [email protected] 1 points 11 months ago (1 children)

It is great but ZT solutions like twingate is just so much easier and faster.

load more comments (1 replies)
[–] [email protected] 1 points 11 months ago (2 children)

Boy, can "guerilla" marketing get more obvious?

[–] [email protected] 2 points 11 months ago

I started using tailscale a while ago and it is quite nice tbf

[–] [email protected] 1 points 11 months ago (1 children)

What? Is recommending a product you like marketing?

Or is OP affiliated with them in any way?

[–] [email protected] 1 points 11 months ago (2 children)

Haha if I was affiliated with them, I would not be talking about my collection of torrented material LOL

[–] [email protected] 1 points 11 months ago (1 children)

That's a very good point 😀

Anyway, I enjoy reading about what people use, proprietary or not, so kudos for the post!

[–] [email protected] 1 points 11 months ago

it's all good! Just wanted to share my experience with this tech. I am not a networking expert at all - just a tinkerer and a lifehacker who is a sucker for simple and elegant solutions. I am not above putting in some elbow grease when necessary though (like when I had to painstakingly modify coffeescript code in my Ubersicht widgets to make them just right without knowing anything about coffeescript haha)

load more comments (1 replies)
[–] [email protected] 1 points 11 months ago

I have a customer pushing 15Gbit/s of their production traffic in a microservices setup through Tailscale - it works fucking great and they've never had issues with it.

[–] [email protected] 1 points 11 months ago

I tried Tailscale a while back, but it had a fatal flaw: it chewed through battery on iOS. Maybe they fixed that by now. I switched to wireguard so I haven't had a need to go back to it.

[–] [email protected] 1 points 11 months ago (3 children)

The bit I’ve always been confused about by Tailscale is the business model. They spend a fortune (i guess)in advertising on every podcast. If something is free then you’re the product. Assuming they’re not evil incarnate and harvesting personal data, I can only assume that a high proportion of self-hosters work in IT and have purchasing power. Actually that would be a fair sized IT department because 100 devices would cover a fairly modest office environment.

I hope that’s working for them because I fulfill neither of those criteria but as a noob I do find it jolly useful!

load more comments (3 replies)
[–] [email protected] 1 points 11 months ago

I've started to put tailscale clients inside docker containers. That way services can move freely from continent to continent and I just don't care...

[–] [email protected] 1 points 11 months ago

How did you setup Funnel for Bell? I don’t quite get how you did it. Thanks

[–] [email protected] 1 points 11 months ago (1 children)

I am not as network savvy as most of you probably are, and I would love a way to have my home server’s docker containers accessible outside my home. Is this something Tailscale can help me with? Anytime I think about opening up my home server to the internet I get worried that someone smarter than me will be able to access my server and its files.

[–] [email protected] 1 points 11 months ago

I think so. I am a pretty big fan of SMB. You are not opening up your home server to the internet - you can only access Tailscale-specific IP addresses of your devices once you are connected to your tailnet (for that, they have 2FA). This is in stark contrast to solutions like ngrok where your traffic is routed through a server and no VPN encryption is required to make a connection (in Tailscale's case, a WireGuard tunnel). Also, ngrok throttles traffic quite a bit... A few people on here raised objections to the use of a third party for authentication, as is most commonly done in Tailscale, but I don't really concern myself with the pitfalls of that. I feel like getting a VPS to handle authentication yourself is overkill for me.

[–] [email protected] 1 points 11 months ago

I love Tailscale and it became business critical for me. I just love their generosity with their free plan, and that shit just works. I love it too man.

[–] [email protected] 1 points 11 months ago (1 children)

Fire tv sticks are useful?

Total agree though I think Tailscale is amazing

[–] [email protected] 1 points 11 months ago (1 children)

They are pretty darn good and versatile once you get rid of all the bloatware and ads, and remap the remote buttons. For instance, with AirReceiver installed, they become as good as an appleTV for screen mirroring (mac and iphone). Also, the ability to seamlessly sideload is paramount for me, which is why I will never own an appleTV. I remapped my app buttons to the apps I want, as well as the home button to Wolf Launcher and it's mint now. I keep Tailscale running continuously on both of my firesticks.

I used to bring my firestick along for the ride when I travel, but these days, I just run Wolf Launcher through Samsung DeX on my S10+. With the right settings, it does everything the firestick can do and more.

[–] [email protected] 1 points 11 months ago

I was more a chromecast fan but I bet FireTv sticks are more unlocked and fun.

[–] [email protected] 1 points 11 months ago (1 children)

Ageed. I would also recommend getting/building a NAS like Synology/freenas and it will make your life much much better. Am using synology drive and paperless-ngx (on Docker) within a synology along with Tailscale. This has made me get rid of google drive/dropbox that i used to pay for. Also now i use synology photos to backup my photos and videos from my (and my family’s) phones no matter where they are.

[–] [email protected] 1 points 11 months ago (1 children)

Those solutions might be better if you have the ability to open up your router's ports, which I do not. Trust me if I was the network admin, I would want to host my own NAS to share my movie collection with my friends, but for now, Tailscale at least allows me to access my collection myself remotely

[–] [email protected] 1 points 11 months ago

There's ways to punch through cgnat with tailscale, netmaker

[–] [email protected] 1 points 11 months ago

This is so weird. Google cards keeps pushing Tailscale articles on me. Most recently earlier this morning. The timing of this post is really interesting.

I'll agree with what others have said after having read one of the aforementioned articles: wireguard exists.

[–] [email protected] 1 points 11 months ago

Why tailscale over twingate?

[–] [email protected] 1 points 11 months ago

Tailscale = Cloud, Headscale = selfhosted

[–] [email protected] 1 points 11 months ago

Thanks but I pass I think. Proprietary software is against the mindset of self-hosting if one asks me. But if it works for you, it's just fine I guess. It's just not for me

load more comments
view more: next ›