TWS/meta
8
0
Fork 0
Code Issues 17 Pull requests 1 Packages Projects 2 Releases Wiki Activity

VPN Solution #17

New issue
Open
opened 2023-08-15 11:39:25 -04:00 by scott · 1 comment
scott commented 2023-08-15 11:39:25 -04:00
Owner
Copy link

We should place internal tooling which doesn't need to be exposed publicly behind a VPN, as well as be prepared to do the same for infrastructure we host for clients. Our options are

  • Nebula
  • Tailscale (hosted)
  • Headscale (self-hosted tailscale)
  • Wireguard configured through nix configs

If we land on using Nix in #13, I would lean heavily towards Nebula or straight Wireguard. Otherwise, I've heard headscale is a good option.

What do we have experience with? I've used Nebula before but never stuck with it.

We should place internal tooling which doesn't need to be exposed publicly behind a VPN, as well as be prepared to do the same for infrastructure we host for clients. Our options are - Nebula - Tailscale (hosted) - Headscale (self-hosted tailscale) - Wireguard configured through nix configs If we land on using Nix in #13, I would lean heavily towards Nebula or straight Wireguard. Otherwise, I've heard headscale is a good option. What do we have experience with? I've used Nebula before but never stuck with it.
scott added this to the Internal infrastructure project 2023-08-15 11:39:25 -04:00
scott commented 2023-08-15 11:51:38 -04:00
Author
Owner
Copy link

Headscale contains some jank WRT using the official apps:

After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the Change server option appears in the menu.

-- (from android)

The Windows app also requires editing the registry so that's a non-starter for anything client-facing, especially since those apps are proprietary.

Lets take a closer look at Wireguard and see where we can go from there without trying to replicate the Tailscale service.

Headscale contains some jank WRT using the official apps: > After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the Change server option appears in the menu. -- (from android) The Windows app also requires editing the registry ❗so that's a non-starter for anything client-facing, especially since those apps are proprietary. Lets take a closer look at Wireguard and see where we can go from there without trying to replicate the Tailscale service.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
mission-statement
No results found.
Labels
Clear labels
  
backlog

something that is not urgent but may be done in the future

  
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
backlog
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Internal infrastructure
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TWS/meta#17
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?