Too anorexic for me.

It’s not exactly exciting to buy into products when you have that stinky orange mess breathing down your neck about how he’s going to invade your continent and annex countries.

He does like to spread fear and doubt. That’s one of his specialties. Yeah, countries enshitify too. LOL I can understand the sentiment you just expressed rather than the standard ‘Tailscale metadata’. But if you want to take care of stinky orange man, you and your country will have to stand up to him. I’m doing the best I can from this end. LOL

This includes a lot of metadata about my infra/services/devices which Tailscale is uploading all the time to their servers

You gave away your metadata getting on the internet today. I like controlling my data as well, however I realize that certain compromises just have to be made in order to continue to live in a global, civilized, society.

Didn’t downvote you, and I get what you are saying, but in another way I don’t. What makes every other country safer? Nothing that would happen here in the USA couldn’t happen or is happening in any other country. Oh, and this has nothing to do with people trash talking the US. I do it every day I’m awake. However, for those who go with this line of thought, I honestly want to know what you think Tailscale is going to do with your encrypted traffic? Because the day the world finds out that America has cracked strong ciphers, is the day you are going to see a lot of panic and movement on this planet. And I would certainly love to make that announcement. It’ll be my going out 15 minutes of fame.

I’d do as @tal@lemmy.today advised.

I mean everytime we get a Cloudflare hiccup (or AWS…) we can see how the internet has become very centralised. Half of it just goes down for an hour or so, because we all rely on the same few, big tech services.

I watch this every morning and I am surprised that anything connects sometimes. Some days it’s just orange dots all over the place

I vape, but I do not use disposables. I have somewhat of a great beef with disposable vapes. However, I’ve always wondered what could be done with them. You have a screen, on some the screen is touch sensitive. You must have a chip of some caliber, could be reprogrammed. It’s always just been something I toyed around with the notion, but I lack the skills to actually pull it off.

But what exactly do I benefit from adding the firewall directly part of the tailnet?

Protection of the firewall via it’s overlay VPN characteristics, and communication to the server behind the firewall via an encrypted tunnel.

Have you considered using Cloudflare Tunnels/Zero Trust? With Cloudflare Tunnels/Zero trust, you don’t need to open or close ports, fiddle with NAT, or any of that. You install it on your server, connect to Cloudflare, it punches a hole for the encrypted tunnel. I personally use Cloudflare Tunnels/Zero Trust. Their free tier is quite generous and has many options like Anti-AI scrapers, etc. The caveat to using Cloudflare Tunnels/Zero Trust is that you have to have a domain name that you can edit the nameservers thereof to Cloudflare’s assigned nameservers for obvious reasons. Cloudflare will sell you a domain name, but a lot of people just get a cheapy from NamesCheap or Pork Bun. I got one for less than $5 USD that renews at $15 USD annually.

So, in the scenario that I described in my first response:

modem —>wireless router —> managed switch —> pFsense with Tailscale overlay —> server (separate VLAN) with Tailscale overlay

…is all done through Cloudflare Tunnels/Zero Trust with Tailscale on the server and Tailscale on the standalone pFsense firewall as an overlay VPN protection. Additionally, Tailscale makes for a very secure, emergency ‘backdoor’ to your server should you ever screw up and lock yourself out.

on opnsense there is a bug where it would request re-authentication on each restart so that’s an added negative for me when it comes to adding it.

I’ll have to defer to someone more experienced with Opnsense.

Every guide I read online talks about installing tailscale on the opnsense router directly but I do not want to expose it to the tailscale network.

Opnsense is not my forte, but I do run it’s counterpart pFsense. I use Tailscale as an overlay VPN on both the server and on my standalone pfsense firewall as a pFsense package. Is there a reason you don’t want Opnsense firewall via tailscale? My set up is as follows:

modem —>wireless router —> managed switch —> pFsense with Tailscale overlay —> server (separate VLAN) with Tailscale overlay

Not a solution but a comment. I’ve seen several selfhosted medical record keeper/organizers. I would definitely want 2FA on something like that.

I’m not trying to convince you of anything. Succinctly:

• You like Windows - there are caveats to using Windows
• You like Linux - there are caveats to using Linux
• You like Mac - there are caveats to using Mac

None of them are a complete solution for me, and for a lot of people actually. So, until the day when I have one OS that does everything I want it to do, I am forced to use all three of the major OS. I realize that goes against the grain of the anti-Windows coalition, but that is reality.

Thanks for explaining. I really didn’t mean it as a Headscale v Tailscale. kind of thing as far as data security goes. I’ve heard a lot of great things about Headscale. OP was just worried about his data being compromised, and I was just pointing out that it’s pretty tight.

Of course devs cater to Windows. 1 Billion + user base that are consumers. Why not target the biggest market share? I still use Linux, Mac, and Windows, although the latter is a ‘crippled’ version…very heavily modified. Until I can find a Linux version of BlueBeam that matches it feature for feature, then I’ll stick with using Windows, But I’ve never viewed it as a competition. It may seem shocking but I have no real preference other than what it takes to get the job done without handing over all your data. Linux makes that easier, but Windows can be tailored to do pretty much the same. It just takes a lot more work.

Didn’t down vote you but…in general, people follow trends and Windows has been trending for quite a while. Also, people like convenience and I don’t think you will wrest the convenience of Windows out of their hands no matter how much you try to steer them.

Windows is a dead end at this point. Start planning your escape to Linux before the cage door starts closing

That sounds ominous. What cage door is closing? I mean, you and a majority of people here, would agree with you. But I don’t see Windows going away…at least not in the foreseeable future. In as much as Linux has made some great strides, I don’t see it being a Windows replacement for a global population, in the foreseeable future either.

Journiv sure is blowing up!

Same to you bro

There seem to be some people think I shouldn’t have done that last bit, though.

Do your thing man, fuck what they lookin’ at.

Don’t forget to sleep and exercise

Even mild exercise, like getting out and walking, works wonders for me. Gets all the happy chemicals roused and flowing.

I’m currently selfhosting a website that has quite an audience (~2 000 unique visitors/day)

That’s something to crow about. Congrats on the site’s success.