I got a RPi 3B as my Pi-Hole that I’ll eventually use as my Wireguard VPN, too. Hoping to get another Pi device for hosting Jellyfin on.
Outside of the (theoretical) technical specs of the OPi5 being better, I’ve heard/read mixed things about OPis. Some say they’re a good alternative, some say they’re cheap Chinese-made crap. I’ve had no experience myself, so take it with a grain of salt.
I’m interested to see more data on the RPi5 when it’s out, as to figure out if it’s worth getting over trying an OPi5 for a home media system with Jellyfin.
your traffic is not routed through the Headscale server
Damn, well is there a means of using both Headscale and routing your traffic somewhere else?
My big reason for looking into Tailscale/Headscale is the ability to connect to my devices at home, at the office or a VPS that’s in a different state/province and having the ability to use my PiHole as my DNS, but I would still like my network traffic to be (mostly, as an VPN doesn’t save you from other tracking methods) protected.
are you the only user or is this for some family members also?
Probably just me and my fiance at the moment.
you can 9/10 just get a basic 5$ or less gigabit VPS.
Sweet, good to know!
$20 per month for 400mb of email + a VPN was an acceptable cost maybe in 1998, now it’s insanely expensive
Yea I have a business plan with Proton. No idea why I upgraded but I remember doing it.
And then you need to tell us why you’re using the VPN. Just privacy when using unsecured wifi? Or ISP tracking paranoia? Or torrenting?
Yes, yes and yes lol. Also I would like to connect to devices privacy and see if I can make use of my PiHole when I’m not on my home network where the PiHole is located.
I have a business account with them. I don’t really remember why I upgraded to a business plan. Might downgrade it to save a few bucks for now.
If you are not trusting Proton, you should not trust Tailscale as well, in my opinion.
True, although I don’t know if I say I don’t trust them. It’s more of a sense of skepticism that’s always in the back of my mind when it comes to any service.
Another question is that why are you paying $19 for that? They have $10-12 plans that come with 500 GB storage, emails with 3 custom domains and high-speed VPN.
I have a business account with them. I’m trying to remember why I upgraded…
Another question that pops in my mind is, why do you need a VPN? Do you need to connect to your services privately, or do you just need to change your IP for (relatively) better privacy?
At this point, if I’m going to do be doing more self-hosting I’d want the ability to connect to services privately. The other thing is that with Tailscale I can set my PiHole as my DNS server. That way any device on the tailnet gets the ad blocking as well. Plus, if I can get unbound with DNS-over-HTTPS (via stubby) setup on it then I have a pretty secure and fairly private setup. That’s kind of what’s got me thinking about moving to Tailscale.
Interesting, thank you for your response!
I don’t know why I didn’t think about the fact of having network specific ACLs is probably something we’ve developed since the dawn of the internet.
Also it makes sense that the configurations would be hosted in one place, and I see what Headscale is for now.
Maybe I’ll dump my VPN provider for Tailscale or setup a Headscale instance on a VPS some day. I also saw Netbird, which their $8/month plan gives unlimited users. Seems slightly similar to Tailscale.
Hmm, I guess my question would be how does this all work? I mean, is it not possible to configure STUN/DERP services yourself? Or add control lists yourself?
I’m curious as to how all of this is done, not just to see if it’s possible (even if it’d be a headache) but for confirmation. Granted, networking is my worse subject when it comes to any related to computers. For ACLs, I guess Apparmor and/or SELinux profiles would be configured? The removing a key I can understand why it’s be a nightmare yourself, but how does Tailscale do it where it’s just so simple?
EDIT: Another question I have is how does Tailscale work when I have a VPN for securing network traffic when browsing the internet etc.? Or is that just seamless?
I’m curious, what’s the benefit of using Tailscale over setting up Wireguard yourself? Is it just not having to do all of the setup? Or do I misunderstand what the main use of Tailscale is?
Well as the project README says
Labwc is a wlroots-based window-stacking compositor for wayland, inspired by openbox.
So it’s not quite a DE.But it looks interesting. While I myself don’t use Wayland, I’m all for new WM/Wayland compositors. If it’s as nice as Openbox, then I hope it does well.
install gentoo /s
Jokes aside, don’t get caught up in picking the most popular or most hipster distro or DE (desktop environment). Pick one, stick with it, get used to how Linux works.
Linux Mint, Zorin OS, Debian, MX Linux (if you got a pretty old laptop) are decent start. All have graphical installers, so just follow along.
When you get to disk partitioning, most people start with
1GB for /boot
Up to 8GB for swap
The rest for /
, EXT4 or BTRFS
Or
1GB for /boot
, FAT32
Up to 8GB for swap
, swap
64GB for /
, EXT4 or BTRFS
The rest for /home
, whichever you picked for /
You might see ZFS or people talking about it, don’t worry about using it. Keep things simple for the start.
After rebooting and everything seems to work, dive in, friend.
Find a static site generator you can tolerate and style things the way you want, have the static files be generated, pick your favorite way to host and server up those static files.
It’s not self hosted, but you might like 750words as well.
Seems like I could potentially get around my issue by taking the device out of this “router mode” setting I found and connecting my Pi to it via Ethernet cable and have the Pi be the router for my network.
EDIT: Actually, scratch that. I don’t think a Pi would be powerful enough to act as a router. Well, off to by a modem (not a combo) it is!
So something like this?
I don’t think there’s anything in the Pi-Hole VPN setup with Wireguard that says you need to open up port 53. In fact, in the Pi-Hole userspace you see so many people specifically saying to not open up port 53.
> You’ve supplied the actual network address of your pihole machine and not the 192.168.1.250 address shown, right?
I could’ve sworn I did that but I’ll try again.
EDIT: Okay, I found the specific IP addresses for the Pi-Hole’s DNS servers. I tried putting the 2 IPv4 ones, clicked the applied button and got “Invalid IPs.” But what’s stupid is that I can ping those IPs. There’s something else going on here.
> And you’ve set your pihole server up to have a static ip address as well, correct?
Yes I’m pretty sure it’s set to have a static IP address. I’m pretty sure it’s something you have to do when setting up the Pi-Hole.
> the spectrum supplied router
Oh I should’ve clarified: this is one I bought myself, not one from Spectrum.___
I know there’s a way to do a recursive DNS with DNS-over-HTTPS. I believe there’s a guide out there on how to do this with unbound and stubby on OpenBSD.
I tried to set the Pi-Hole as the DNS via the instructions here, and the exact settings for the Netgear router is under Advanced -> Setup -> Internet Setup
. Everytime I’ve set this, no hostnames can be resolved. I followed the Pi-Hole instructions to a tee, so I don’t know if I’d be missing something. Currently, the Pi-Hole acts as the DHCP server.
Have you made sure you’re on the latest firmware?
I don’t even know how I would do this on this Netgear router. I see nothing in the settings to check for firmware updates, and I don’t recall seeing anything in the manual. I guess I’d have to call their tech support.
Currently, and I could be wrong, the alternative to a Pi 4 from Pine64 now would be a Pine64’s Quartz64 Model B. A Star64 might be interesting, but that’s RISC-V so who knows what OS you could boot on it currently and if it would even be stable.
Plus with the Quartz64 Model B, who knows if you’ll able to get a good case for it. There’s the $28 “Model B” ALUMINUM WATERPROOF ENCLOSURE, but, eh, no thanks. There’s the open enclosure, but that’s also a no for me. I want a case I can hide the device itself, the cables, put a heatsink and fan on, be able to use an SSD with USB connect and connect a power supply all stuffed in a case. Which you can find plenty of for Raspberry Pi’s.
Not to mention the Pi 5 isn’t even out yet, and it’s entirely possible it’ll be better than the Quartz64 Model B, on top of having a ton of accessories. Plus, I can Pi up practically any Pi at the Microcenter or similar store near me as opposed to having to pay for good shipping.
I’m totally for having alternatives to the Pi, heck I might pick up a Quartz64 Model B if I can find a case, but a lot of alternatives don’t have the same support and accessories the Pis do.