Skip to main content

VPN

Cloudflare Tunnel

I use Cloudflare Tunnel to securely expose my local services to the outside world. All services are protected by Cloudflare Access, which only allows access from my personal email address.

Tailscale

Tailscale has become my go-to VPN because it's straightforward to set up on both my phone and local machines.

For my infrastructure, I use Terraform and cloud-init to provision dedicated VMs as exit nodes. Since installing Tailscale on every VM isn't practical, I leverage the subnet router feature to selectively expose local subnets.

This setup gives me access to my entire local infrastructure (router, PVE, and all services) when I'm away from home.

# cloud-init config for exit node
runcmd:
  - curl -fsSL https://tailscale.com/install.sh | sh
  - sysctl -p /etc/sysctl.d/99-tailscale.conf
  - tailscale up --auth-key=${tailscale_token}
  - tailscale set --ssh
  - tailscale set --advertise-exit-node
  - tailscale set --advertise-routes=192.168.0.1/32
  - tailscale up
Last updated on by Viet Le