Hi peeps, a little lost in the self-hosting world right now, and hoping someone can point me in the right direction.

I’ve just set up all the *arr apps that i want and need for media, music and books. And am at the step where i am supposed to bind a VPN to my qBittorrent. However, I am ofc running everything behind the beloved Tailscale. But just realised I am not allowed to run tailscale at the same time as another VPN(ProtonVPN in my case).

How do i get past this cross-road? I really want to stick with using Tailscale for accessing my services.

Is a reverse proxy something i should look into instead? I need my server to sit behind a VPN…

Appreciate any tips or tricks for how other people solved this buckle.

  • charizardcharz@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    Tailscale was updated with direct support for Mullvad, but since you already have Proton I’m guessing you wouldn’t want to switch.

    If you’re using containers, you can have one container with your VPN and route traffic from specific containers through the VPN container. You can then have tailscale on the host system.

    There’s a quick guide on setting up the VPN part here. Tailscaile you set up normally.

    • ShinyBook@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Have you figured out how to use the Mullvad VPN from Tailscale for a similar setup like you’ve linked? I cannot figure out how to get a tailscale docker container to properly connect to an exit node.

      • keyez@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I use a binhex-privoxyvpn container with a mullvad wireguard config in there. That’s for my server and containers at least.

      • charizardcharz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I have Tailscale directly installed on the host and I don’t use Mullvad so I haven’t tried that setup myself.

        Looks like you would need to set the TS_EXTRA_ARGS environment variable in your container to --exit-node= --exit-node-allow-lan-access=true with the exit node name or ip of the Mullvad node. I haven’t tried this myself though.

      • charizardcharz@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I haven’t used that feature so I can’t really say, but I don’t see how it would affect it. You’re not modifying anything on the tailscale side and you’re not adding nodes to your tailnet, you only have the same one for the host system.

        • notfromhere@lemmy.one
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          I subscribed to the mullvad addon to try it out and saw about 30+ mullvad nodes waiting to be signed, probably signed due to the lock. That got me thinking I probably want to configure the NACL so the mullvad nodes I allow on my tailnet are not able to initiate any connections to my other nodes. I didn’t see any documentation on my setup so cancelled the mullvad addon until I have time to dig into it more.

  • qaz@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    1 year ago

    Tailscale and Mullvad (VPN company) advertise their compatibility and there is an article that goes into further detail. Of course it’s also possible to setup Wireguard yourself and use a VPN service.

    • festus@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I have a Wireguard network setup for my devices that routes through my somewhat distant server. I find when I have both it and Tailscale open, Tailscale tries routing through Wireguard even though both devices might be on the same LAN. Unfortunately I don’t believe Tailscale has a way to forbid it from routing over other VPNs or networks.

      • averagedrunk@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I have a Tailscale subnet router set up locally and added the remote IPs to my router. Tailscale on every device was a crapshoot as to whether it would route locally or through the VPN.

        I asked support and they said it should be on every device. Could be something else on my network forcing it to act like that but I don’t have enough give-a-shit in me to troubleshoot it.

    • Mr. Forager@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      As much as this would be super neat, I just paid for the Proton subscription… having me reconsider though :P

  • ErwinLottemann@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    what do you mean by ‘not allowed to run tailscale at the same time’? who does not allow it? or is it something technical? if it is - you absolutely can ‘run’ multiple vpn on the same machine at the same time.

  • nyakojiru@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    2
    ·
    1 year ago

    Tailscale + Mullvad They support just a few countries (ignored poor ones), you have to provide your billing address, credit card, full name … and they don’t look very motivated to support more countries. I don’t like the model of these guys.