Son, I think it's time you learn about vlans.
Are there any machines in use anymore that don't support UEFI? When did it become standard? Something like 2012?
pfSense on a ZimaBoard 216 works astonishingly well and it's easy to setup and manage. Toss in a Mikrotik CSS610 and you have a vlan ready setup in under an hour.
If you don't like the ZimaBoard, you can go with any of the Topton style router PCs from AliExpress for a couple hundred and have a 2.5Gb router running in proxmox with docker in a separate VM.
I'm thinking about getting into tinfoil hat manufacturing cause they're about to sell out.
I run in a VM everyday for work since they won't let me install Linux directly and Wayland and Pipewire have been problematic for me. Video playback is pretty choppy (which I don't need, but it's not a smooth experience) and if I want to get sound out of the VM I have to move back to pulse. It's been pretty frustrating. Systems, though - haters can stuff it. Systemd is good.
Yeah tailscale is definitely useable on the phone if you toggle it only when you're gonna use it. I keep it on because I have piHole as the VPN DNS so I get adblocking everywhere I go wether I'm on public wifi or cellular. So I need something that doesn't drink battery juice. Wireguard ftw.
In all honesty I ran both because I hadn't yet discovered route advertisement on tailscale. Now that I've discovered that feature, I really only use wireguard for the phone due to battery drain with tailscale. Also, I can't use wireguard on my work PC because the firewall drops all VPN traffic and tailscale gets around that. I'm not gonna pretend to know how it gets around that cause I haven't bothered to learn it that deeply yet but it works and I like it.
I guess the TL;DR is tailscale bypasses firewall restrictions and wireguard doesn't drain my phone battery.
I like sendgrid. They have a free smtp service that works great.
For public facing, I use Cloudflare tunnels. For VPN access from across the divide, I use tailscale and pivpn depending on use case.
Most of my servers are hosted locally on a separate vlan and firewalled off from my internal network.
I run pivpn with wireguard alongside tailscale for this exact reason. Wireguard in the phone, tailscale on PCs.
dartanjinn
joined 1 year ago
Are you using /etc/resolv.conf?
I don't use proton but I found with tailscale it's much more stable to use systemd-resolved because it doesn't overwrite resolv.conf. I don't know if this is the case with proton as I don't know how it treats different resolvers but I would look into it.