So I’m just being introduced to the concept of using a VPN or something like Tailscale to access one’s services, instead of opening the services directly to the web, but I’m thinking for streaming purposes or just accessing your services on the run, isn’t it an annoyance having to connect to your home network all the time? Or do you keep the VPN running on your phone for example? What if you use a VPN provider for privacy purposes, wouldn’t one need to then switch VPN connection?

  • Dust0741@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    ·
    20 days ago

    I keep it running always. Partly to access stuff at home, and party to get the ad-blocking from pihole.

    Do not expose stuff unless you fully understand the security risks

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        20 days ago

        Not noticeable with always-on Tailscale with the default split-tunnel mode. That is when Tailscale is only used to access Tailscale machines and everything else is routed via the default route.

      • Dust0741@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        20 days ago

        Its not bad using the official wireguard app. Its definitely noticable. On the android battery screen it’ll show around 5% after a full day of use and it on always

      • farcaller@fstab.sh
        link
        fedilink
        English
        arrow-up
        6
        ·
        19 days ago

        For the last 10 days tailscale clocked 1% battery on my phone. I honestly didn’t even consider turning it off for battery savings.

  • OneCardboardBox@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    21
    ·
    20 days ago

    isn’t it an annoyance having to connect to your home network all the time?

    It’s less annoying than the gnawing fear that my network might be an easy target for attackers.

  • Dust0741@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    20 days ago

    For an external VPN like mullvad, I run my own proxy. Again it’s only available from my VPN or inside my network.

    It uses socks5 and gluetun docket containers and in apps that support proxies, I can add my proxy to it and it’ll route that traffic through the paid VPN.

    Or, a work profile (see shelter) or androids new private spaces. If you have private spaces, it uses a seperate network. So if you have a VPN installed outside the private space, it won’t work on apps inside the space. So, what you could do is have a paid VPN inside private spaces, and use it and a web browser or whatever there, and use your server’s VPN outside the private space.

    Lmk if you want any of my docker composes

    • Yingwu@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      20 days ago

      Very interesting. Didn’t know this was a possibility. I don’t need anything now but thanks for offering, might get back to you

    • theorangeninja@lemmy.today
      link
      fedilink
      English
      arrow-up
      1
      ·
      19 days ago

      This sounds very interesting. I always wondered if I could use a paid VPN together with Tailscale or Netbird. But I’m not sure I understood how you set this up. And what are Android private spaces?

  • zelifcam@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    20 days ago

    How annoying is it to connect to VPN/use Tailscale

    I think it’s very important to separate a random “VPN” solution to using Tailscale.

    instead of being able to access the service directly?

    Focusing on Tailscale. Who turns off Tailscale? It is “directly” connecting to your service or app or whatever. That’s the whole point.

    • Yingwu@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      20 days ago

      Probably just me that’s confused. I thought Tailscale was similar to WireGuard but much easier to set up. So one connects to the services directly, and not just the general home network (like a VPN) where you then enter whatever address you need to access the service?

      • signalsayge@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        ·
        20 days ago

        It can be just like you’ve said. You can also run tailscale directly on the system hosting a service and access it directly over the tailscale network.

  • Kusimulkku@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    20 days ago

    Sucks a high hard one if you plan for others to use your services too. If it’s just you it’s not that annoying

  • #!/usr/bin/woof@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    20 days ago

    Use Tailscale, for the most part it’s pretty transparent. As long as all the magic DNS stuff is setup correctly, I can access all my internal services by name and it just works.

  • blackstrat@lemmy.fwgx.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    20 days ago

    I can’t use VPN on my work PC so I have some services open on sub domains that aren’t in my DNS. Follow some basic rules and it’s fine. My phone is always connected to my Wireguard running on Opnsense. It’s simple, fully self hosted and works great.

  • Agility0971@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    20 days ago

    Im using tailscale and have all my devices connected through it. Im not exposung any services in particular, just handy to be able to ssh around. Its always on and i did not notice huge power loss on my phone

  • irotsoma@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    20 days ago

    Depends on how secure the application and the security you use in front of the application such as reverse proxies, load balancers, etc. If you are exposing a web application with no SSL, no two factor with, or something in a beta state or if you can’t trust your ISP not to create man-in-the-middle attacks for advertising and collecting information to sell which also likely introduces security vulnerabilities, then that could be a problem and a VPN or similar might be a big help.

  • Encrypt-Keeper@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    18 days ago

    If you have an iPhone, it’s a pain over Tailscale because Tailscale frequently likes to disconnect for various reasons and this isn’t something Tailscale can fix, it’s something with the way Apple manages background processes.

    If you’d like an alternative, you can host your services directly to the internet via a reverse proxy like Caddy or Nginx, and then use mTLS to secure that access with a certificate you load only onto your devices.

  • InverseParallax@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    20 days ago

    Not much, I have services that run both externally and only over wg.

    Only issue with wg is sometimes I have to shut it off for things like multicastdns, or otherwise that try to look around the network or wifi.