I wonder if anyone can help.
I am also looking for a small Device I can setup at home so that when I am abroad I can connect via VPN /internet to use home internet for work such that my location if monitored would show my usual home IP address. But I would also like Wifi if possible.
Thank in advance.
If you want a dedicated device, probably a Brume 2. But honestly these days Iâd just install tailscale on a computer on your home network and set it up as an exit node. Done.
That said, my obligatory note that if your work is even halfway competent and they care, it is not hard to know youâre not at home unless you take some more extreme measures. That level of opsec takes a lot of dedication and discipline, and you only have to mess up once.
To this scenario, I would activate in the exit nodeâs BIOS a magic packet to wake up the computer from outside and set up RDP to this node just in case if the company somehow checks the hardware.
I am new to Tailscale but managed to get it to work as expected by using on one of the GL.iNET routers to access the whole of my LAN as expected. Are you suggesting that I do not need to do this on the router level and just be able to access my whole LAN by installing Talescale on a computer within this LAN and access all the other clients from there? How does that work?
Correct.
Let me know if you have problems
Thank you very much indeed for the details. Will definitely look into this as well.
Without an exit node, only traffic bound for the LAN will actually go over the Tailscale interface - which may be what you want depending on your application. But yes, itâs basically the easiest way to set up a VPN server at the moment, and relies on something many people have sitting around
Thanks again. Yes, I am starting to slowly get my head around it. What an amazing piece of networking tech and so glad that GL.iNET have managed to start its implementation on native UI. I hope that they will be able to iron out all the teething issues {with the help of the techies here like your good self).
Yeah, itâs undeniably slick. I personally prefer nebula for most uses, which I find to be faster and easier to maintain. That said, nebula doesnât do exit-nodes or full tunnel routing because of technical reasons, so itâs not great for this application. Tailscale usually incurs a performance penalty on the order of OpenVPN (since most implementations are in userland), but itâs pretty crazy how well it just works.
I do think the discussion goes in the wrong way.
In fact you are searching for a VPN solution. A VPN is build of 2 Endpoints. Your working device in your hands and a fixed endpoint with public reachable IP.
For the mobile solution Iâve started with the Beryl. Than I switched to the Slate AX and now Iâve stick with the Slate Plus.
The Beryl got the biggest storage at this time. Important for future updates and projets. The Slate AX has the greatest power in performance as well consumption, my wife is now happy with it. And the Slate Plus is perfect in physical size and power to transmit data.
For a mobile only gateway to your home, the Shadow also is a great device. Much smaller in size, but powerful enough to get access with a few clients from the hotel or camping site.
The much more complicated work is on the other site. You can use a VPN provider, but in this case you are able to say in which country your IP comes from, but not from your home.
Solution 1: Buy a second GL-Inet router. As a Server the Mango would du, but in my home Network, I would rather place something like the Brume 2 or Slate AX. Who knows if it will be uses as a guest network or other projects in future.
Solution 2: I have some Proxmox hosts running, with a bunch of virtual machines. So I just installed another LXC container with Linux as OS and a wireguard server. But you should have se experience with servers, networks and so on. Else use Solutuion 1.
How so? Tailscale is a modern mesh VPN. It can accomplish exactly what the OP is trying to do. Saying a VPN is âbuilt of 2 endpointsâ is an old paradigm that is increasingly at odds with a push to zero-trust topologies.
This is precisely why Tailscale is such a good solution, particularly for people who want - as you will note the OP does - to have their IP show up from home, not from another VPN provider. Of course the solutions you note in the post work, but as you note they require some level of expertise. The fact that you can install a program on a Windows PC and click a couple of buttons to get a working VPN endpoint at your house that handles all of the firewalling and NAT-traversal for you is hugely valuable. (I try to think of âcould my father do it?â as a good normalizing question here. For Tailscale, the answer is yes. For anything else, the answer is no.)
Again, I would be quite interested to know exactly why you think this discussion is going in the wrong direction.
Maybe, because I am too old for this new world.
I couldnât imagine someone is able to build a VPN Infrastructure, build a Gateway and say âthis GW over this net is your exitâ, and think this is easier than set up something like a Raspberry Pi, setup a VPN Server and say this is a cascading router/gateway.
If there is a one-click solution. Great, pay for it as long as the provider is trustworthy.
But again, this is my small and dusty view of the world. I am not an expert. Just some random guy with internet and some experience.
If any answer here is better than mine, and works for the situation: Fine for me, I donât need to be right.
Many thanks to you and everyone else, I forgot to mention at the Moment I have a Mango gl router which I have had for a while but dug it out yesterday updated the firmware and setup Openvpn which works on it, However I would like to upgrade that as well and perhaps pick up the Brume 2 / Slate AX as suggested.
I wasnt away of Tailscale until yesterday! I have setup tailscale on an always on Windows 2019 Server I have at home with on Homeassistant running on Virtualbox and also set it as the exit node.
IF go for the Slate AX because of Wifi, is it safe it will be able to do everything I want to achieve if I went with the Brume 2?
Edit:- Can Tailscale be installed on the glinet routers so that it connect to the home tailscale and use that as the exit node?
Many thanks in advance.
Yup. Youâll be good to go.
Did I mention itâs free for up to 20 devices, or you can self-host your own control server if you donât trust the provider?
Iâd encourage you to look into it. Itâs all powered by WireGuard underneath, but the real magic is in automatically configuring and connecting clients, along with all sorts of goodies you donât get in a normal WG install (e.g. key rotation, etc.). The control server merely connects clients together and manages access lists, where WireGuard does the tunnel building piece.
I was skeptical that it would be useful at first too (after all, Iâve got a decade-old OpenVPN solution Iâm still using in production), but Iâm really thinking hard about how to integrate it into what weâre doing (with a self-hosted control server, of course).
Again, Iâd encourage you to look at it. Install two clients, click âallow-exit-nodeâ on one of them, go to the admin interface and enable that route, then click âuse exit nodeâ on the other client. Done. And itâs a one-click change between exit nodes.
I donât need to be right either, but I was a bit taken aback by your assertion that my proposed solution was âin the wrong directionâ - particularly when from my perspective itâs the easiest way for the OP to get things set up (as heâs confirmed he was able to do). It just seemed like a pretty aggressive statement in the context of the thread. Perhaps thatâs not how it was intended, but it came across as, âLook guys, youâre talking about this non-VPN thing and itâs not a solution for the problem.â
One last question please, Can Tailscale be installed on the Slate AX so I use it to connect to the Home instance as exit node?
Thank you so much
Not yet, at least not without a custom firmware builds. GL.iNet say they are working on this.
Yeah, the problem is that exit node functionality doesnât work yet - or at least it didnât work as of two days ago, even if you set it in the CLI. Itâs possible that itâs fixed in the latest snapshot, but Iâm not holding my breath.
Please donât get offended by a random guy with half knowledge in the internet.
I have had in mind Taliscale donât work well on all Gl-Inet devices. So I thought it is a little much to install packages over Luci, compile some sources or use a custom (even OpenWRT images) firmware, based on this basic question.
And when I read the latest reply, maybe I remembered it right. But everything that works is a solution.
Sounds promising. Especially the selfhosting and configurable Exit-Node.
I donât think 20 devices is enough for me. I have now 53 configurations on my Wireguard Server. If Iâd clean up, maybe 3 or 4 less. But it sounds interesting, I will take a look, if Gl-Inet is supporting it by default.
If you want to self-host, youâll want to look at headscale. The process is pretty straightforward. It takes a little getting used to the new paradigm (e.g. have your VPN installed everywhere and use the magicdns to route things), but itâs really pretty useful once you do. Itâs honestly to the point where I would feel comfortable not running a VPN at all on the router and just running it on clients behind the router.
It would be nice if GL.iNet could get decent support together, but itâs not there yet. And thereâs a real performance penalty (think OpenVPN, not WireGuard). But unless youâre doing heavy network traffic a lot, itâs really a great solution.
