Which route did you go for your homeland, a tunnel to your services or setting up tail scale/wireguard and access them on your trailer?
I actually have Wireguard running on a pi zero 2, all it really does is provide me my pihole DNS.
Taking do one thing, but do it good to the next level, nice!
I thought about getting a pi zero also just for the pi-hole. But my pi3b holds up pretty good, still
Wildcard dns with port 80 & 443 port forwarded to traefik with tinyauth & fail2ban
Did you get a static public IP from your ISP?
Pangolin on a free Oracle VPS.
is there a bandwidth/throughput limit on Oracle VPS?
Something like 10TB. I’m an incredibly heavy user and I’d have to quadruple all of my usage, including home, to hit it.
Yes it’s 10TB.
I nearly hit the cap once when I first testing sunshine/moonlight to see how much bandwidth my set up could do and kinda FOMO for the steam deck hype.
It’s like 150 mb/s and works so well (for the kind of games I play) that I forgot the egress cap and just play for like a weeks even in the house, I realized and stop at ~ 9TB. My usual usage don’t even hit a TB most of the time lol.
How do you monitor the total bandwidth? Last I tried it was super convoluted.
It is.
I just go to the https://cloud.oracle.com/account-management/cost-analysis page and looks at the current usage every now and then.
Fair. Friend’s account got suspended yesterday btw, you never know when they start hating you, so this is your reminder to check your backups
Not that I’ve noticed.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters IP Internet Protocol VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
3 acronyms in this thread; the most compressed thread commented on today has 5 acronyms.
[Thread #265 for this comm, first seen 30th Apr 2026, 19:30] [FAQ] [Full list] [Contact] [Source code]
I have wireguard, it’s supported by my router (Fritzbox).
same here, took me 7m to set this up on OPNsense with FritzBox
Nice, I have to take a look if mine supports it, too!
Pangolin on a vps.
isn’t it awesome? i am scared to update it too far for an unknown reason
It’s opensoursrso we should be able to roll back.
When I looked into it first, Pangolin seemed a bit overwhelming.
Is it hard to set up?
No, ridiculously easy with docker.
Then it follows the same principles as cloud flare. Create a site (vpn endpoint), get a docker snippet for a newt (what they call the vpn connector), paste it in the docker compose on your Homeserver and see it come up in the Webinterface.
Then you create a public resource and point it to said site and give it a url.
Done.
Ask me if you have questions
Cool, do you get any auth and/or ingress protection?
With cloudflare, you get some auth options, can block AI crawlers (that get recognized…) etc for free
I used wireguard, then switched to Pangolin. Wireguard was simpler and worked better with mobile apps though. I’ll prob switch back for most apps.
I am very happy with Tailscale
Wireguard.
Dunno if Cloudflare does effective auth for the tunnel or if you have to set that up yourself, but I don’t bother trying to expose services to the internet in any way because some of this stuff was just never designed for proper web security (cough Jellyfin).
It’s still worth setting up a wildcard cert with ACME so you get nice https and a real domain.
Cloudflare has some opt-in auth. Mail-OTP is a nice balance imo: You can allowlist mail addresses per service/subdomain and set expiry for each. Then for access, you first have to enter the mail address, get the OTP and then access the service.
So, nobody without access to allowed mail addresses even gets to knock on you door.
But yeah, that’s why I think about going tail scale: why bother having something exposed when not needed?
I just think, some services might be nice to provide to friends, too - and having them connect to my tailnet for this is a bit too much friction, I guess
Just Wireguard on a router, but I’m thinking Netbird.
WG can be a bit PITA to set up, but once you do, it just works. What I would to have is more fine grained control over who goes where if I were to expose some of the services to friends.
Wireguard
Asked my ISP for a public IP, exposed all things that can handle that to the public. Custom Wireguard server for VPN
- option 3: self-host Netbird control plane
- option 4: use Netbird’s reverse proxy
How about both? I run the evil Cloudflare Tunnels/Zero Trust with Tailscale as an overlay on the server.
I’m a bit stumped, what do you gain from this setup?
Or do you mean just running some services through the tunnel for easy access and “hide” others behind tailscale?
Headscale on fly.io
