I run a Nextcloud instance on my home server and want secure remote access without exposing ports. I came across Twingate, which looks like a VPN alternative.
Has anyone used it for personal setups? Is it overkill compared to something simpler like Tailscale? I’d like to know how you use it, or what else you use.
I never heard if twingate but i see no reason why not to selfhost Wireguard.
Its a proven open source vpn.
As far as a little research went. Twingate is proprietary software and caters to enterprises, it has some open source alternatives that have a similar functionality. Most if them using Wireguard under the hood. Look for tailscale/headscale or netbird.
I tried Wireguard now, and it worked beautifully (love its simplicity), than I setup port forwarding, and a no-ip ddns, and it stops working. Because, as it turns out, I dont have a public ip address. My isp runs a CGNAT, therefore i dont think there is any way for me to run a wg at home without some external server to hop from. I guess tailscale does exactly that eith thair connecting server, if i understand it correctly?
Honestly not having a static public ip address would be a dealbreaker for me, reason to change isp.
But thats not always an option.
My old isp got a new ip every full modem reboot and a way i used to circumvent this is with duckdns. It’s a free dns service i used before i had money to pay for my own domain.
If i recall correctly they have a desktop tool that connects to your account that scans for your current dynamic public ip and then updates it for your freesubdomainname.duckdns.org which is what you use to connect.
Yup that is exactly what i already did (with no-ip instead of duck dns but the same service), but as i said, the fact that it’s dynamic is not the problem. It’s the fact that even my dynamic ip address is not actually truly public. At least that is how i understand CGNAT.
Thanks for the recommendations, will look into wireguard first
I used it for a while, and it’s a decent solution. Similar to Tailscale’s subnet router, but it always uses a relay and doesn’t do all the UDP black magic. I think it uses TCP to create the tunnel, which might introduce some network latency compared to Tailscale or bare Wireguard.
@rtxn did you check out the new relay-feature in tailscale yet? it’s fab!! @Jokulhlaups
I don’t know which feature you mean, can you link the documentation?
@rtxn there isn’t one yet. but check in this weeks events…tested the relay feature and it’s really solving a bunch of issues. https://tailscale.com/events-webinars
I personally like to use a proxy for that like NPM (a handy dockerized nginnx proxy setup). Not as secure as a VPN but I really like being able to access my stuff from anywhere I’m likely to be. I’ve combined it with a few other things to try and add simplicity (in use) and a little extra privacy by using Authentik for SSO. My main goal with the use of NPM though was to limit the number of ports I had punched.
