I think the part you’re missing (and others haven’t addressed) is that you don’t send 100% of your traffic to one endpoint (much like how most use VPNs). You can route different things to different places.

For example, I’m in the US and have two Tailscale exit nodes. Both are located on VPS machines in the US, but one sends traffic down a double-hop VPN back out into the US, the other does the same but to Switzerland. My “default” route is through Switzerland (better privacy laws) but I am forced to route some things through the US exit node due to websites that won’t work outside the US. For my personal devices, traffic routes directly to them via WireGuard tunnels.

In addition, my wife doesn’t care about blocking everything that I do (social media, tracking) but her phone still needs to update sensors in Home Assistant. She can choose not to use the exit nodes but can still communicate with our nodes on Tailscale. She also uses it to print documents at home from her laptop while she’s at work.

Recently I was waiting in a hospital with public (unsafe) WiFi that blocked UDP traffic, but Tailscale does some magic that will relay traffic via TLS. I was able to access services at home with a 20ms latency. The tech is very, very nice to have.

I only have experience trying to run two Tailscale containers on the same machine and hit so many roadblocks that running it containerized just wasn’t worth it.

Containerizing is probably only worth it if you have an explicit need for it.

Was this due to DMARC/DKIM, SPF or something else?

To add to this, I’d personally just clone the card immediately to somewhere else then do all the recovery efforts on the clone; if only to avoid burning out the SD card even more during recovery.

Edit: Not sure if that would be better or worse.

If you’re just looking for WireGuard with some good support for hostile networks (and easier configuration) I’d probably just recommend Tailscale.

The problem is I need Unbound to send queries via one network interface (the VPN) while the specific zone needs to be routed through another.

I know what split tunneling is, but I have my routing set up exactly as I’d like.

The issue here is that Unbound seems unable to send queries to one forwarding zone using a specific interface/IP address and sending queries to a second forwarding zone using a completely different interface/IP address.

I’m almost at the point where I want to create a virtual interface that just has rules that say “if going to 192.168.143.1 use /dev/tailscale0” and then have a default route to /dev/wg0.

I’m not a professional but my current Tailscale + VPN setup has been extremely nice for the past year.

Plain HTTP means anyone between you and the server can see those credentials and gain access.

It it using HTTP Basic Auth by chance? It would be so easy to put nginx (or some other reverse proxy with TLS) in front and just pass the authentication headers.

Especially with music, if any of this is plain HTTP (or any other plaintext, non-encrypted protocol) and you live in a lawsuit happy jurisdiction you might end up with piracy letters in the mail.

I’m thinking of building my own and having it use Paperless’ API for invoices, receipts, etc.

I finally gave this a go a few days ago but wasn’t in love with the UI. I’d contribute but it’s written in .NET.

I’ll probably build something myself. One thing I’d like to do is have it integrate with other APIs (like Paperless).

I’d curl from a machine on the same WiFi network as the phones just to confirm that HTTP is working. That way you’re not dependent on browsers that can be more finicky for debugging.

I’ve noticed that but I thought I just didn’t know how to persist it correctly and never bothered to find out how. If what you’re saying is accurate (which I don’t doubt) that sucks.

GL.iNet actually has a decent UI too. When I’m on the road I don’t necessarily love hitting the CLI (okay fine I secretly do); they keep the updates going for a long time too.

I didn’t have a great reason other than mind-blowing performance on my LAN, and with large files (which I have a lot of) performance is better too. Probably I’m not smart enough to answer this well, but I did just see this today: https://www.phoronix.com/review/linux-611-filesystems/2

I’m a huge fan of XFS for network mounts. I think everyone else here is right that the best filesystem will depend on the OS, and picking one to make it compatible with everything has serious tradeoffs.

I’ve just discovered this today too! I’m not even sure how to find my key (Proton user too). I’ve admittedly not spent too much time understanding PGP since basically no one uses it.

pfSense is UNIX-based and those commands are generally included with Linux and probably Linux-specific.

I’m running a Raspberry Pi 4 with an array of hard disks. Essentially the entire OS is on a small SSD but because I have so much data I’ve got two traditional HDD drives with XFS and LUKS disk encryption.

I’d say overall it works fantastically, over 802.11ax and Samba I’m pushing about 600-700 Mbps while transferring to the HDD drives.