Hello nerds!
How do you go about accessing your self-hosted resources when you’re away from home?
I’ve used portforwarding, VPN, Tailscale and Headscale in that order but recently switched to Nebula.
Tailscale/Headscale was probably better than Nebula, but I just couldn’t stand trusting either Tailscale or the VPS used to host Headscale.
With Nebula I don’t need to trust the lighthouses, because they can’t access my network even if compromised. I also really like the built-in firewall that’s looking at node certs when filtering traffic.
If you don’t trust Tailscale OR THE VPS YOU ARE ROOT ON YOURSELF, you should maybe not host anything.
Also: you probably haven’t understood how Tailscale works: it only mediates the connection but the provider servers are not in between two participants in your network (except relay). Those are direct connections.