https://adamazl.github.io/homelab/tags/vpn/Recent content in Vpn on The Home LabHugoen-usSun, 15 Mar 2026 00:37:20 +1300https://adamazl.github.io/homelab/posts/tailscale-remote-access/Sat, 29 Nov 2025 00:00:00 +0000https://adamazl.github.io/homelab/posts/tailscale-remote-access/<h2 id="the-problem-with-traditional-remote-access">The Problem with Traditional Remote Access</h2> <p>Setting up WireGuard or OpenVPN yourself works, but it has requirements:</p> <ul> <li>A public IP (harder to get on CGNAT/IPv6-only connections)</li> <li>Port forwarding on your router</li> <li>Dynamic DNS if your IP changes</li> <li>Key management for each client</li> </ul> <p>Tailscale removes all of these requirements. It creates an encrypted peer-to-peer mesh network between your devices without any port forwarding, and works through CGNAT, firewalls, and double-NAT.</p> <h2 id="how-tailscale-works">How Tailscale Works</h2> <p>Tailscale is built on WireGuard. Each device gets a WireGuard key pair. Tailscale&rsquo;s coordination server (not a relay server) shares public keys between devices so they can establish direct encrypted connections.</p>https://adamazl.github.io/homelab/posts/wireguard-vpn-server/Sat, 01 Nov 2025 00:00:00 +0000https://adamazl.github.io/homelab/posts/wireguard-vpn-server/<h2 id="why-self-host-a-vpn">Why Self-Host a VPN?</h2> <p>A self-hosted VPN gives you a secure tunnel back into your home network when you&rsquo;re away. Unlike commercial VPN services (which are for hiding traffic from your ISP), this is about remote access — connecting to your NAS, home automation, internal dashboards, or development environment from a coffee shop or hotel.</p> <p>WireGuard is the right choice today. It&rsquo;s built into the Linux kernel, uses modern cryptography (ChaCha20, Curve25519), and has a drastically smaller codebase than OpenVPN (~4,000 lines vs ~400,000). Handshakes complete in milliseconds. Battery drain on mobile is noticeably lower.</p>