Selfhosted

46676 readers

280 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

731

Friendly reminder that Tailscale is VC-funded and driving towards IPO (betakit.com)

submitted 2 days ago* (last edited 2 days ago) by avidamoeba@lemmy.ca to c/selfhosted@lemmy.world

250 comments fedilink hide all child comments

Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth

Pennarun confirmed the company had been approached by potential acquirers, but told BetaKit that the company intends to grow as a private company and work towards an initial public offering (IPO).

“Tailscale intends to remain independent and we are on a likely IPO track, although any IPO is several years out,” Pennarun said. “Meanwhile, we have an extremely efficient business model, rapid revenue acceleration, and a long runway that allows us to become profitable when needed, which means we can weather all kinds of economic storms.”

Keep that in mind as you ponder whether and when to switch to self-hosting Headscale.

you are viewing a single comment's thread
view the rest of the comments

[–] Vanilla_PuddinFudge@infosec.pub 1 points 1 day ago* (last edited 1 day ago) (1 children)

the VPS uses the pi-hole through the tunnel

The VPS is Pihole, the dns for the server side is 127.0.0.1. 127.0.0.1 is also 10.x.x.1 for the clients, so they connect to that as the dns address.

server dns - itself

client dns - the server's wg address

On the local side, the pi-hole is the DNS for all the services on that subnet and each service automatically populate their host name on pi-hole. I can configure the DNS server in my router/firewall (OPNSense in my case)

Only if your router/firewall can directly connect to wg tunnels, but I went for every machine individually. My router isn't aware I host anything at all.

So when I ping service.example.com, it goes through the VPS, which queries the pi-hole through the tunnel and translates the address to the local subnet IP if applicable.

Pihole (in my case) can't see 192.x.x.x hosts. Use 10.x.x.x across every system for continuity.

So when I have the wg connection active and my pi-hole is the DNS, every web request will go through the pi-hole. If the IP address is inside the range of AllowedIPs, the connection will go through the tunnel to the service, otherwise, the connection will go through outside the wg tunnel.

Allowed ips = 10.x.x.0/24 - only connects the clients and server together

Allowed ips = 0.0.0.0/0 - sends everything through the VPN, and connects the clients and server together.

Do the top one, that's how TS works.

[–] Croquette@sh.itjust.works 1 points 1 day ago

Thanks for the info, I appreciate it.