Today I noticed my VPS did not have any firewall installed. Since I use Alpine, I decided to try out awall, which led to 15 minutes of down time for this website and all the remaining services. Besides, it seems that Docker messes with the IP tables by default, which can be troublesome with firewalls. In the end, I ended up using Hetzner’s own firewall which is completely decoupled from the OS and easier to manage.
This is a very good article by Tailscale that explains how NAT traversal works and the different algorithms they employ in order to reach the majority of the Internet.
Weirdly enough, the name Tailscale caught my eye and I decided to investigate what it is. I checked their website and it seems that they use Wireguard to do the kind of configuration I explained some time ago. I’m curious: besides the easyness of use, what other advantages do you see on using Tailscale over a manually configured Wireguard network?
Wireguard VPN to Network Behind a CGNAT
I recently moved from the place where I was staying at to my own studio. In addition, since I was building a computer, I wanted to be able to access remotely to its capabitities, as well as any other device I have at home. Thus, I thought: let’s set up a VPN!
Well… I moved recently and was thinking about setting up a VPN with my new fancy router. But I discovered something: the ISP put me behind a giant NAT. Didn’t even know that Carrier Grade NATs were a thing and it never happened to me back in Portugal. Suggestions? I want a simple way to access the network remotely: just for the machines, not for the Internet.