I run a Nextcloud instance on my home server and want secure remote access without exposing ports. I came across Twingate, which looks like a VPN alternative.
Has anyone used it for personal setups? Is it overkill compared to something simpler like Tailscale? I’d like to know how you use it, or what else you use.
I never heard if twingate but i see no reason why not to selfhost Wireguard.
Its a proven open source vpn.
As far as a little research went. Twingate is proprietary software and caters to enterprises, it has some open source alternatives that have a similar functionality. Most if them using Wireguard under the hood. Look for tailscale/headscale or netbird.
I tried Wireguard now, and it worked beautifully (love its simplicity), than I setup port forwarding, and a no-ip ddns, and it stops working. Because, as it turns out, I dont have a public ip address. My isp runs a CGNAT, therefore i dont think there is any way for me to run a wg at home without some external server to hop from. I guess tailscale does exactly that eith thair connecting server, if i understand it correctly?
Thanks for the recommendations, will look into wireguard first
I used it for a while, and it’s a decent solution. Similar to Tailscale’s subnet router, but it always uses a relay and doesn’t do all the UDP black magic. I think it uses TCP to create the tunnel, which might introduce some network latency compared to Tailscale or bare Wireguard.
@rtxn did you check out the new relay-feature in tailscale yet? it’s fab!! @Jokulhlaups
I don’t know which feature you mean, can you link the documentation?
@rtxn there isn’t one yet. but check in this weeks events…tested the relay feature and it’s really solving a bunch of issues. https://tailscale.com/events-webinars
I personally like to use a proxy for that like NPM (a handy dockerized nginnx proxy setup). Not as secure as a VPN but I really like being able to access my stuff from anywhere I’m likely to be. I’ve combined it with a few other things to try and add simplicity (in use) and a little extra privacy by using Authentik for SSO. My main goal with the use of NPM though was to limit the number of ports I had punched.
