this post was submitted on 09 Nov 2023
1 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I doubt this is a thing, but is there a VPN tunnel like headscale//tailscale that allows a person to approve a client connection from the app or elsewhere for another device without it? I'm asking because I want to use devices like tvs with jellyfin but behind tailscale as well. Is this a thing? I don't know exactly how the app works, so don't crucify me lol.

top 20 comments
sorted by: hot top controversial new old
[–] junkleon7@alien.top 1 points 1 year ago

If I am understanding your question correctly, tailscale has that built in. Look into "tailnet lock".

[–] maximus459@alien.top 1 points 1 year ago

In NetMaker and WG-easy the admin has to create and send the connection link, and can kick them at any point

[–] ZaxLofful@alien.top 1 points 1 year ago (1 children)

Firezone can be helpful for this

[–] stoopiit@alien.top 1 points 1 year ago

Thank you, thats exactly what I was looking for!

[–] It_Might_Be_True@alien.top 1 points 1 year ago

Maybe with wireguard and some scripting? But I haven't heard of anything like this.

[–] Diesis73@alien.top 1 points 1 year ago

Setup otp auth, and do people connecting ask you the code.

[–] ImTheMarsMan@alien.top 1 points 1 year ago (1 children)
[–] stoopiit@alien.top 1 points 1 year ago

Thank you, this is exactly what I was looking for!

[–] Kaleodis@alien.top 1 points 1 year ago

don't know if it's exactly what you're looking for:

zerotier needs you (as the admin) to approve a new client that tries to join a network.

[–] NikStalwart@alien.top 1 points 1 year ago

I'm a smidge confused on what you are trying to achieve and how you think it will work.

As I understand you, you want to connect "embedded" devices where you do not control the software to a VPN network?

VPNs do need some kind of client (otherwise how does the network stack know to use the VPN protocol?) so how do you envisage this working without an app?

What is your desired topology like? Do you just want your smart TV/etc to connect to a remote media library over a VPN? If that's the case, then you are overthinking it with approvals etc.

You can achieve most of what you want with router configuration. Just define routes saying "Traffic from IP address 10.20.30.40 (TV) should go to 10.20.30.30 (gateway)" and then have the "gateway" handle the tunnel.

You can also look at tailscale's subnet routing (should work with headscale backend too).

Good luck.

[–] thekrautboy@alien.top 1 points 1 year ago

Not exactly clear what you mean.

But to use Jellyfin on a SmartTV through Tailscale you can simply use a device that runs as Tailscale subnet router and correctly set up the routes.

[–] dibu28@alien.top 1 points 1 year ago
[–] tribak@alien.top 1 points 1 year ago

Access Control is what you’re talking about.

[–] AhmedBarayez@alien.top 1 points 1 year ago

I think tailscale has this feature, Look at the admin panel

[–] TearDrainer@alien.top 1 points 1 year ago

Zerotier has WebUI where you can allow/disallow clients

[–] jorisxx@alien.top 1 points 1 year ago

I use zerotier myself, works the same as tailscale but any device that’s added has to be given permission trough their web ui

[–] szatan-norakurczaka@alien.top 1 points 1 year ago
[–] solar_cell@alien.top 1 points 1 year ago

ZeroTier does this, and it’s self hosted. Yay

[–] fisheramacs@alien.top 1 points 1 year ago (1 children)

keep eyeing it, I'm also interested!

[–] stoopiit@alien.top 1 points 1 year ago

I'll let you know when I look into it more, but it seems like firezone is pretty close to what I wanted