Spent some time messing around with Headscale (self-hosted implementation of the Tailscale control server).
I couldn't get "raw" WireGuard to work the way I wanted through nested firewalls and CGNAT so this seems like a good way to blow all that complexity out of the water. Less complexity is usually more reliable.
Headscale is pretty neat. Painless install on Debian.
Configuring Linux and Windows nodes is simple too - at least from a basic connectivity point of view.
I need to figure out how I'm going to deal with multi-homed DNS scenarios for clients. Something with very little thought and work through yet. Ha.
Now the hard part, picking apart the security and edge cases to use it regularly.
#Headscale #Tailscale #VPN #CGNAT #WireGuard #HomeLab #SelfHosted #SelfHosting #VPS
