this post was submitted on 11 Sep 2023
35 points (90.7% liked)

Selfhosted

40382 readers
412 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hello friends!

For awhile now I've wanted to delve into self-hosting and the first thing I thought of was ditching my VPN Provider for my own VPN solution.

I wanted to ask about the cost/benefit of each option with those of you who are more experienced.

Option One: Stick with my VPN Provider:

This is a funky case, as my VPN Provider is with Proton, and my email and VPN accounts are linked together. Since I've been with them for awhile, I have over a gigabyte of storage for emails. I rarely ever get past 400MB. The VPN is fine, occasionally I have some hiccups with speed but it overall works. I pay roughly $19.20/month for both a paid email account and the VPN service, so it's likely the second cheapest. When it comes to privacy, though, I'm not 100% sold Proton wouldn't just sell my data for no reason. Yes, they are Swiss, but that doesn't entirely reassure me.

The weird thing about this is my PiHole is decoupled from the VPN. At least in the mobile app, I see no option to use your own DNS. There's also no provided way nor really an obvious way for me to connect to all of my devices if they're all on ProtonVPN, as opposed to the other two options.

Option Two: Just use Tailscale

Personally I'd like to mess with the ACLs so probably I'd wind up with the $6/month plan. For the $18/month plan I don't really know what "Tailscale SSH" even means, as I don't know what magic they do to wrap SSH into something worth paying for. I've heard mixed things about "Tailscale Funnel."

I hear Tailscale is easy to install and there's no real extra fidgeting you'd have to do for your home network. Tailscale will also let me use my PiHole as my DNS, getting me ad-blocking from PiHole on all devices on Tailscale.

Option Three: Self-Hosted Headscale

This is one I'm interested in, but I don't know the feasibility of it. The initial idea was to get a VPS and install OpenBSD on it and make it my Headscale instance. I've installed OpenBSD before, I mostly know my way around it and I like how lightweight it is and how security focused it is. There would be more setup initially, but I don't really mind that. I do a lot of fidgeting on my Linux desktop anyway.

The main thing for this is cost. I don't really know what performance specs for a VPS I would need to reasonably have good network performance with ~10 devices, though I'm guessing I'll have to have something =<10Gbsp. So maybe $25-$30/month depending on who I buy a VPS through?

The other thing is updating stuff. I can just SSH and do all of that manually and since the VPS will be dedicated specifically to being a Headscale server, but that is still time I have to spend.

Lastly, I wouldn't have the international selection of VPN locations like with a VPN provider, just one, but it's not like I'm trying to bounce my connection from country and that's not advisable anyway.

Other options

Setting up a VPS with Wireguard myself. While I wouldn't mind it too much, Tailscale exists for a reason and it can traverse firewalls without me having to configure a bunch of devices so that's a big plus.

Running Headscale in a container on my Linux desktop, but this means my desktop would have to be on almost 24/7 and I don't know how I feel about having my VPN stuff to be sitting directly inside my home network.

What are your opinions?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

$20 per month for 400mb of email + a VPN was an acceptable cost maybe in 1998, now it's insanely expensive

For tailscale, for personal use i don't see why the free plan is not enough, you need more than 3 users? ACLs can still be edited on the free plan.

And then you need to tell us why you're using the VPN. Just privacy when using unsecured wifi? Or ISP tracking paranoia? Or torrenting? By default tailscale does not route any WAN traffic, it can optionally use one of your nodes as an exit node, but that's it. You mention "leaving your desktop to be 24/7" so you don't have a server at home. If you run tailscale on the way that means the exit node will be off and you are not using a VPN. Because you're using your own connection, it does not solve ISP tracking or torrenting issues.

Maybe for you cloudflare warp is better?

[–] [email protected] 1 points 1 year ago

$20 per month for 400mb of email + a VPN was an acceptable cost maybe in 1998, now it’s insanely expensive

Yea I have a business plan with Proton. No idea why I upgraded but I remember doing it.

And then you need to tell us why you’re using the VPN. Just privacy when using unsecured wifi? Or ISP tracking paranoia? Or torrenting?

Yes, yes and yes lol. Also I would like to connect to devices privacy and see if I can make use of my PiHole when I'm not on my home network where the PiHole is located.