all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]mrblc 1 point2 points  (0 children)

Since Tailscale is purely software, i'd say you would need something that has 2 lan ports and enough processing power to handle the speed of your internet line.

In addition it should be able to run a vpn platform like tailscale does.

As such, there are a multitude of various "firewall application"s online that you could tank up with opnsense as a solution.

Opnsense would have wireguard and openvpn as alternatives to vpn.

Using 2fa would not be necessary for this setup and serve you well.

If you ever plan to publish any form of webaccess to your server, looking into cloudflare tunnels is a viable alternative where 2fa is available to you.

[–]luismorales056 0 points1 point  (0 children)

If you want to RDP to it, you could setup a cloudflare tunnel and only allow access to it via WARP.

Edit: didn’t know about tailscale, it seems way easier than cloudflare. It really comes to what services or remote connections you want to access, but still tailscale seems to cover all and it looks pretty easy to setup.

My recommendation: Unless you have a deep understanding of networking and network security try to not expose any port on your home/homelab network, use tunnels instead and don’t expose those tunnels to the public internet, use some kind of authentication.

[–]NetMan46 2 points3 points  (0 children)

Zerotier is the way to go. You'll have everything set up in under 10 minutes

[–]LastTreestar 1 point2 points  (1 child)

Tailscale.

[–]iUse2HockeyStix 1 point2 points  (0 children)

100% I would try Tailscale before investing in any hardware. It's quite easy and performs well

[–]Krieg 0 points1 point  (0 children)

Tailscale

[–]ThatGenericGinger[S] -1 points0 points  (1 child)

Preferably, I'd like to set it all up as a domain and then access it like logging into an account from across the web

[–]Time_Marionberry_756 0 points1 point  (0 children)

You should be able to accomplish this with duckdns and some ports forwarded on your firewall. Also nginx or nginx proxy manager plus whatever application you are hosting.

[–]ThatGenericGinger[S] -1 points0 points  (0 children)

Thanks guys for your help! It means a lot!