Hi, looking for some advice to set up a VPN server to get into my home network when traveling.

I have a NAS and an openWRT AP within the network. My router is provided by the ISP and with a built-in VPN. Being a hobbyist in networking, I would like to tab your brains for suggestions and know how:

Should I get my own router to run a wireguard VPN off the router directly, i.e. on the edge of the network, OR run a VPN service off the openWRT AP or the NAS, i.e. from within the home network?

Thanks a lot for your help!

  • FlexibleToast@lemmy.worldEnglish
    11·
    2 days ago

    I have wireguard on my router. To me it makes sense. If my router is down, nothing inside my network is reachable anyway. If I’m going through my router, anything inside my network can be rebooted without effecting my connection. That said, I’m really considering using Pangolin https://github.com/fosrl/pangolin, and hosting it in Oracle Cloud. If you don’t know, Oracle Cloud has an extremely generous free tier. As much as I generally hate Oracle, I still recommend their free tier.

      • FlexibleToast@lemmy.worldEnglish
        1·
        1 day ago

        Yeah… I know it’s insane. But they give you 4 arm cores, 24GB RAM, 200GB of storage in their always free tier.

    • ratzki@discuss.tchncs.deOPEnglish
      2·
      2 days ago

      Sounds interesting to consider, thank you! Did not know about Pangolin and was considering a wireguard VPN on the router to access my NAS services (jellyfin, files, foto backup), avoiding exposed ports etc, and also to avoid hotel WiFi security risks.

      What are the benefits of using the could-pangolin setup vs. wireguard on the router?

      • FlexibleToast@lemmy.worldEnglish
        2·
        2 days ago

        I believe Pangolin is also using Wireguard. Pangolin is basically a self hosted Tailscale. I think the biggest advantage is the ease of management, but I’ve never used Pangolin or Tailscale so I couldn’t really tell you.

        • Jason2357@lemmy.caEnglish
          3·
          2 days ago

          Pangolin Is a reverse proxy for TLS/https. Headscale is the self hosted Tailscale.

          • FlexibleToast@lemmy.worldEnglish
            3·
            2 days ago

            Oh, I must have completely misunderstood what Pangolin is for. Is Pangolin like a replacement for Cloudflare tunnels in that case?

            • Jason2357@lemmy.caEnglish
              2·
              1 day ago

              Yeah, basically. It does bundle wireguard so that it can reverse proxy services over that. That’s probably what you were thinking of.

              • FlexibleToast@lemmy.worldEnglish
                1·
                1 day ago

                Okay, it’s been a while since I first heard of it. I misremembered. So, it would be cool to have a vps with Headscale and Pangolin.