Good old WireGuard. Takes 20 seconds to add a new peer if I want to invite someone new. Don’t really get the point of using proprietary solutions like ZeroTier or Tailscale for this.

ZeroTeir

I have wiregard server on my unraid server and I have a backup on a raspberry pi

Choose either or with or many upto you.

Tailscale, Wireguard server, zerotier, Cloudflare Tunnels

My primary are Tailscale for LAN only applications on cloud and home. Cloudflare tunnels for access over internet for some applications.

​

Mainly i stick with Tailcsale but for few applications to share with friends and family whom i don’t want to have the access of the whole Tailscale network so CF tunnel with Zero Trust authentication on all applications with OCID hosted at home (Authentik)

​

Currently working on deploying Headscale (Self hosted Tailscale) to have complete control over my network rather than relying on Tailscale Control node.

Wireguard to my pFsense VM. Drop the gun, walk away.

My router came with a wireguard gateway. As I have a dynamic IP I set wireguard up with a ddns domain pointing to my IP.

I use port forwarding with Nginx and Crowdsec for the services I want widely exposed, and Wireguard for those I want accessed only by myself.

If you don’t trust Tailscale OR THE VPS YOU ARE ROOT ON YOURSELF, you should maybe not host anything.

Also: you probably haven’t understood how Tailscale works: it only mediates the connection but the provider servers are not in between two participants in your network (except relay). Those are direct connections.