Always eat your greens!
No, Tailscale is an overlay network. In it’s simplest form, it can act as a VPN. But it does much more than that.
Tailscale installs a virtual network device and allocates IP addresses to any device you install it on and sign in with your tailnet. Think of it as a virtual meshed LAN that runs on top of your physical network.
Tailscale becomes your control plane and provides advanced access control options for all your users and devices.
I use Tailscale and share out that server machine’s tailscale IP with just my gaming buddies.
But if you wanna live dangerously, you can port forward from your router to your internal mumble server.
I’ve got a Mumble server running on a little Linux container in my home lab.
Easy to set up and configure, very stable. Nothing special, it does what it is supposed to do, be a low latency, stable voip system, and it does great.
Waterfox on Mobile has been working well for me so far.
Netbird and Pangolin too.
Tailscale, Netbird, or Pangolin. Foss overlay networks have completely eliminated traditional VPN setups for my self-hosting needs.
Pay for your FOSS! I’ve paid far more for my FOSS than for any proprietary software.
If you believe in subscriptions, then subscribe only to FOSS software like Bitwarden, Tailscale/Netbird, etc.
Find your favorite FOSS projects on Open Collective and support them there.
And above all else, treat FOSS devs and maintainers with the utmost respect! They are the unsung heros who are building the only alternatives to the corpo-dystopian hellscape of proprietary, enshitified, slop software.
Send a message to a dev today, just saying thank you to them for everything, and asking if you can send them a tip if possible.
Folks, let’s treat each other lovingly please, FOSS has freed us, give back what you can, and never take it for granted.
To all the devs, maintainers, tinkerers, supporters, FOSS educators, and helpful community members across the FOSS world, thank you so much, and much love. ♥️
Buying my copy soon!
Aegis for time codes, Nitrokey for physical 2FA tokens.
Fair point, I thought Proton went back farther than that.
I think my overall point is right still though, Linux gaming (native or otherwise) has become not just viable, but in some cases objectively superior to gaming on Windows in terms of raw performance. Pretty amazing, and in even less time than I originally thought lol.
Linux mobile phones are the fusion power of the FOSS world, always “right around the corner.”
All the pieces are there, but none of them work together smoothly enough to be functional for anybody except the most hardcore FOSS enthusiasts.
When Proton started, it was kind of a joke, killed the Steam Machine idea in large part because the game compatibility was so limited. A decade later, we have a multi billion dollar handheld PC market lead by the Steam Deck, a Linux handheld that can play tens of thousands of Windows games without issue, in some cases with better performance than their native platform.
So it’s certainly possible for things to completely change, but we need a big player or consortium of players to unite with a shared goal of getting a Linux Phone to the state where it’s genuinely able to replace a traditional Android or Apple phone.
I’m very cautiously optimistic, I think it would come together much faster than Proton did for Linux gaming, but again, there needs to be a really heavy push into a singular device to start off. Like how the Steam Deck was, it allowed devs to have a singular platform to target for compatibility. Then, as the platform matures, competitors & innovators can enter the market and expand options, like how now there are multiple distros with builds for handhelds, like Bazzite, Nobara, and CachyOS.
Favorite heavyweight Type 1 hypervisor: XCP-ng. It’s open source, runs on a ton of enterprise and consumer-grade hardware, has always been rock stable for me, even when forgetting to update it for like 6 months, still ran everything like a champ.
I need to try ProxMox, has some cool features. XCP-ng is pretty intuitive though, UI makes sense and is cleaner than Proxmox. The integration in Proxmox with the Incus project is pretty cool though, especially being able to run VMs and containers and manage them together. I’ve been thinking of trying that and seeing how it goes.
For containers, I just install Debian and run Docker on there. Stable, simple, nothing fancy. If I need something more up to date, I typically use Ubuntu Server.
Yeah, and it’s free for a basic account + up to 100 devices, so plenty for most home lab needs.
Have you looked into Tailscale or an equivalent solution like Netbird?
You could set up a tailnet, create unique tags for each machine, add both machines to the tailnet, and then set up each machine’s network interface to only go through the tailnet.
Then you just use Tailscale’s ACLs with the tags to isolate those machines, making sure they can only talk to whatever central device(s) or services you want them to, but also stopping them from talking to or even seeing each other.
I’ve used two, NameCheap, and PorkBun.
Hated Namecheap, would never use them again. Janky pricing, tons of email spam, terrible UI.
Porkbun has been pretty great. Simple, solid prices, easy to use, no issues for about a year and a half.
Speak for yourself, Jellyfin has been awesome for me. Fantastic piece of software.
Jellyfin is love, Jellyfin is life.
Had no idea this was a thing, very cool!
If you’re very comfortable with containerization, networking, and security practices, plus you are a pretty decent full stack web dev, sure.
It’s pretty trivial to set up a separate business internet line from your local ISP. Depending on the volume of traffic, a basic load manager and reverse proxy, combined with strong firewalls and container safety would be sufficient for most SMB needs.
You don’t need much power to host a basic website. Setting up a local box with a low-impact distro, Docker, and some solid control-plane MGMT software should be plenty to host several dozen SMB websites.
There are a lot of technical and even legal considerations though. Do these small businesses need a web app on their site? Do they need a storefront? What about member-only content locked securely behind an authentication layer? Does your local ISP have rate limitations? Does your city/state/country have restrictions on offering business services like that? What is your liability if your setup gets hacked and your client’s data is stolen/exposed?
Ultimately, you have to answer the question: Why shouldn’t those businesses just go with an easy pre-made hosting solution like Squarespace, Wix, etc? Not saying there aren’t good answers to that, but from a business perspective, the businesses will want to know that.
As with anything in business, ask yourself, what are you able to offer that they can’t get easily somewhere else? I used to work for a tiny MSP that offered in-house data backups. Our clients paid a good chunk of money to have us backup their data to our own servers. I didn’t say anything at the time, but our clients could have gotten much more secure and faster backup services for cheaper using something like Backblaze or Synology’s S2 cloud backups.
Don’t find yourself unable to clearly and concisely explain to your clients what you can give them that they cannot easily get somewhere else. If it’s purely the principle of the thing, that’s totally valid, but make sure that’s what you’re selling to them, and also what they are looking for.
The Mullvad integration allows you to use Mullvad as your VPN for internet browsing while still being on your tailnet.
So normally, running two different VPN services can cause a bunch of problems, if it even works at all. Tailscale’s Mullvad integration fixes that.
Tailscale by itself is an overlay network. It’s literally a second network that your computer is connected to, but instead of it being a physical network with wires, switches, and routers, it’s a virtual network, a network that runs as software.
So imagine your computer right now at home. You plug into your router, and you have a local IP address, something like 192.168.1.20 right? If you run ipconfig on Windows or ip a on Linux, you’ll see your network adaptors listed with what their current IP address is. So if you’re running Windows, you’ll see your physical network adaptor listed with the IP address of 192.168.1.20
When you install Tailscale on that computer and log into your account, then run that command again, you’ll see a new network device listed, and it will have a totally different IP address, like 100.89.113.14
That is your Tailnet IP address, it works just like your “normal” IP address, but instead of it being a physical Ethernet adaptor on your motherboard and plugged into your home router, it is a virtual adaptor (software) running on your computer, connected to the Tailscale network, which has servers all around the world.
When you install Tailscale on a new device, say an old computer that you are using as a Minecraft server. That computer will get a new IP address on your tailnet, say 100.94.65.132
Because both of those machines were added by you to your own Tailnet, they can see and talk to each other by default. Meaning you could run a ping command from your home computer to your Minecraft server’s Tailscale IP, and it will respond.
Because this runs on the internet through Tailscale’s servers, you can do this from anywhere. That’s the “VPN” type functionality you are talking about. No matter where your home computer is, you can still access your Minecraft server because it is on your Tailnet, just as if it were still plugged into your router right next to you.
This is how I access my entire home lab from anywhere in the world. For example, I have a Jellyfin media server (like Plex) that I have a bunch of movies, TV shows, anime on. It’s running Tailscale and is on my Tailnet. I have Tailscale installed on my Android smartphone too.
So if I am staying at a hotel in another state, or visiting my family on the other side of the country, and I want to watch a movie or show that I have on my server all the way back home. I just run the Tailscale app on my phone, then open the Jellyfin app and I see all my home media right there on my phone and can watch it flawlessly. Even though I am at my parent’s house, on a totally different internet connection, 500 miles away from my home.