cross-posted from: https://discuss.online/post/34942012
I find everyone using different services, so unsure how to best manage (and balance) concurrent access in Ubuntu/Debian to:
- Local network services
- Tailscale services from userA
- Tailscale services from userB
- Wireguard (OpenVPN also option) from userC
- Twingate from userD
Each user is wanting to share different services via VPN, and pressuring any to change their production setups to a different style of VPN is not going to happen.
- Management via software
- Possibly up a routing device along the lines of OpenWrt or OpnSense.
- Could even distribute such devices between these friends.
Thanks for all thoughts!
Wireguard should be the default here. The rest is just networking configuration implemented in both routing and firewall. I never understood why people use Tailscale, like why would you intentionally pay someone to be man in the middle of your virtual private network? Twingate I am not familiar with.
I use it for the NAT busting and direct connections. This means that my devices can talk directly to each other, even when there’s NAT and dynamic IPs sitting between the devices with no port forwarding. This is not possible with Wireguard alone; usually you end up with a hub and spoke network model.
As for them man-in-the-middling, the client is open source (for Android and Linux at least) and traffic is end-to-end encrypted. If you don’t want to trust them with distributing the keys (completely valid concern) then it’s possible to configure things such that you must sign the keys of clients yourself for your devices to trust them (see Tailnet Lock).
In my case, because I like self-hosting, I self-host an open-source coordination server called Headscale. So in at least my circumstance I really am only using my infrastructure and open-source code.
You can self-host Tailscale. Tailscale is just a bunch of Wireguard tunnels with NAT hole punching and management