← Back to context

Comment by snvzz

2 days ago

I use headscale and took the high road: Tailscale IPs all the time.

Why trust the wires at all. Just run all traffic through VPN, even if it's in the same LAN.

This way, I know all traffic is encrypted. I don't have to worry about SMB or the like being plaintext.

3 comments

snvzz

Reply
tenacious_tuna  2 days ago

I've run into some performance issues routing everything over a local wireguard link. I have a 10gig connection between my desktop and my NAS, though I only get ~1.1gbps over the wireguard link to the NAS. Without wireguard I can saturate the link.

I could probably tweak it, but I haven't had the bandwidth (ha) to troubleshoot it.

udev4096  2 days ago

I love how wireguard has made encrypted network connections so easy, fast and extremely convenient