Don’t bother with VPN just use Tailscale, and install the client on your other devices (they have clients for every OS).
This creates an encrypted virtual network between your devices. It can even enable access to hardware, like printers (or anything with an IP address) by enabling Subnet Routing.
To provide access to specific resources for other people, you can use the Funnel feature, which provides an entrance into your Tailscale Network for the specified resources, fully encrypted, from anywhere. No Tailscale client required.
And if you have friends who use Tailscale, using the Serve option, you can invite them to connect to your Tailscale network (again, for specified resources) from their Tailscale network.
As others have said, I’d play with routing/IP forwarding such that being VPN’d to one machine gives you access to everything — basically I would set it up as a “road warrior” VPN (but possibly split tunnel on the client [yes I know, WireGuard doesn’t have servers or clients but you know what I mean]).
Alternately, I think you could do some reverse proxy magic such that everything goes through the WireGuard box — a.lan goes to service A, b.lan to service B, etc., but if you have non-http services this may be a little more cumbersome.
Are all services running on the same machine? You mentioned same network… you also said you added your “docker instance” to tailscale. I think some clarifications on what those two things mean could help narrow down the problem.
E.g. do you have multiple physical machines running docker containers? Each one you want to access needs to be added to tailscale, OR, set up a tailscale gateway?
You would want to setup a VPN server on your linux server and vpn clients on android and laptop. I’m not knowledgeable enough to help, but you can look into wireguard
What I have is a vps with wireguard and nginx proxy manager. Traffic comes in though the vps and is routed internally. I have firewalls and isolation for everything that is in the danger zone if something gets compromised.
I actually had a lot of fun a couple years ago deploying PiHole on one of my RaspberryPi’s and routing all my household machines through it. It worked great UNTIL… my kid was turning in empty homework on Google Classroom and his teachers were getting up him about it. We chastised him thinking it was his fault until I finally discovered that Pihole was messing up his uploads to GC and literally causing this problem. I got super angry with it and walked away without even trying to troubleshoot. Had to profusely apologise not only to his teachers but to him.
Abrechnung is really good and actively developed and improving. The UI is already pretty satisfactory, and there’s also an API which is needed if for example you want to bulk-import a spreadsheet, for now you have to code it a bit.
I think openvpn works completely fine for most use cases and didn’t have any trouble with it at all. I did however switch to wireguard on my gateway and I get a little better throughput compared to openvpn. That being said, I’m also using a pfsense box as my home gateway, so access to internal services has been easy as general routing gets.
If someone really wants this service but do not want to (or cannot) host it themself, ovpn.com offer this in their client. I used to have a pi-hole selfhosted but not anymore. Using their client on my phone as well solved the problem with blocking ads while not at home.
selfhosted
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.