I had to add this:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1

to config, but overall it’s very useful article.

  • Alex@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 months ago

    I tried all sorts of port forwarding tricks to get wireguard working on the VM that runs my HA instance to no avail. The trailscale solution works really well. The only real problem I had was magic DNS conflicts with DNS66 on my phone (which I use for ad blocking). In the end I just used a hardwired VPN IP for my HA connection.

  • SethranKada@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    Thank you for bringing this to my attention! I just enabled it, and it’s working flawlessly.

  • LifeBandit666
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    I did this a while ago. The useful thing (and I don’t know if it’s covered in the blog because I didn’t read it) is setting it up as an exit node.

    This is useful because I have other things on my network that I wanna access, like my server, and with the exit node I can type Lan IP addresses into my browser while I’m outside the house and still access them, not just HA

    • starman@programming.devOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      You have to use tailscale VPN for this, right? The article explains how to setup access to HA via the internet, without using tailscale client.

      Anyway, the exit node thing is indeed very nice.

      • LifeBandit666
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        I’ve just clicked into the article and no, it’s set up the same way as I have, except I set HA as an exit node in the Tailscale console.

  • brownmustardminion@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    Do you need to use tailscales server for anything (like certs)?

    I want to try to set up a network but prefer keeping everything 100% self-hosted.