Right now I’ve been using Tailscale because it automatically adapts to my network conditions. If I’m at home, it’ll prioritize local network connection, but when I’m out and about, it’ll automatically beam a direct connection or use a relay.
One gripe I have about it is I can’t run it alongside my normal VPNs on my mobile devices. I have to choose between one or the other.
I have tried Cloudflare Tunnel before, but using it for streaming, like Jellyfin, is forbidden. There’s also the added latency and slowness to having to hop through multiple DCs to reach Cloudflare and back.
- Dynamic DNS hooked in to one of my spare domains
- Wireguard running on my firewall
- An alert set up to inform me any time ANY client connects to said VPN
- Smart plug between my firewall and the UPS
Connect on my device or my travel router to get onto my home network and then access additional services as though I were local. And on the off chance I get an alert that something is connected and it is not me? I kill my network and deal with it when I get home. Not perfect (since I could be asleep) but gives me peace of mind on the off chance my VPN somehow becomes compromised.
Have you ever had to cut your network?
Nope. And I doubt I ever will.
But it is pennies a month in terms of power loss having a smart plug and gives me peace of mind for a big ass potential vulnerability.
What are you using to monitor wireguard?
I have a bit of a mess that detects active processes and traffic and sends a signal to homeassistant which then informs me the same way it does when my garage door opens or whatever.
But mostly, the key is to put it into a system that will actually alert you. Like with any alert
im not the person you replied to, but as its on their firewall it should be possible to monitor it via SNMP
How does your dynamic DNS work? When does it resolve to your local network addresses and your public domains?
Not OP but DynDNS entries will always point to your current external IP and are renewed every hour.
Internally I run an AdGuard Home instance for adblocking. All my domains are rewritten by it to use the local IP while I’m in the same network.