====== VPN ====== ===== openVPN ===== TBD ===== Headscale / Tailscale ===== Headscale is the open source variant of Tailscale. Install it on your Server: [[https://headscale.net/running-headscale-linux/]] Proxy it via nginx to get httpS. Nginx Example Config: map $http_upgrade $connection_upgrade { default keep-alive; 'websocket' upgrade; '' close; } server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name ; ssl_certificate /etc/letsencrypt/live//fullchain.pem; ssl_certificate_key /etc/letsencrypt/live//privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_pass https://:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $server_name; proxy_redirect http:// https://; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; } } Install Tailscale Client on your Clients: [[https://tailscale.com/download/linux]] Then run: tailscale up --login-server https:// which will give you the server Add command in the browser. Mission complete :) ===== tinc ===== apt install tinc net-tools Generate keys: tincd -n -K8192 Setup tinc.conf, tinc-up, tinc-down Configure the /hosts/ file like: Address = Port = 55555 Subnet = 10.5.0.xxx Copy the generated hosts/ file to *all* other servers and get the other host files Start tinc: tincd -n For debugging, do not detach: tincd -n -D Enable at boot via systemd systemctl enable tinc@vpnname