It’s a 10 minute read when it should probably be a 2 minute read, likely due to LLMs fluffing it up (I got that vibe from skimming it). But what do you all think, is there anything in here that would compel you to switch from your current VPN solution to this?
I tried, but I don’t understand how to bypass a cgnat. With Tailscale it just works. Also, I tried Netbird, it’s very similar, and it works well too. I’d love to simplify this, but I have no knowledge at the moment. Would love someone pointing into the right direction.
CGNAT and changing IPs make this harder. What I’d consider in this scenario is renting a small vps at a local provider (a tiny/cheap machine is enough). Then use this one as a hop to your network, basically homelab->vps<-client. Here is a post that talks about something like that: https://taggart-tech.com/wireguard/
I haven’t used this method personally, but I’ve done something similar for incoming web traffic before, when you want to host things behind a CGNAT. You can actually keep all the traffic confidential by having just an L4 proxy on the vps, then the http traffic is still end-to-end encrypted between the client and the service, so you don’t even have to trust the vps provider when it comes to them snooping. They still get some metadata, but not significntly more than the ISPs.