Hi all,

I very briefly kicked the tires on Headscale, and whilst it certainly seemed very impressive, I did have a few concerns.

Primarily, that non-admin users don’t seem to need to consent to having config changes applied to their devices. Whilst it’s assumed admins are trustworthy (I’d like to think so!), it just struck me as not the way I’d want something to function when it comes to direct access between devices, routes etc. It also doesn’t seem like it logs and tells users when something has changed, so shenanigans could occur, and the user would be unaware of it, especially if it got put back to its prior state of config.

Also seems to lack a self-service aspect to it, where if a user got a new device or had to reinstall their OS and had no backups then they’d need to ask me to be added back to the mesh. Ideally, a user would be able to add their own devices to their own group and allow interoperability between their own devices, but selectively open up access to specific devices to others not owned by them without me needing to configure it for them.

Ideally, I’m looking for something that’s equally performant, available on plenty of different OS, allows users to understand and consent to config changes, and also manage their own devices.

Our primary usage scenario is working remotely together via a few bits of software that don’t have WAN features or servers and only allow real-time collaboration via LAN.

There’s every chance I’m completely wrong about all the above too!

  • Reverent@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    sounds like you just want wg-easy.

    Most of what people consider essential features to scale an organisational VPN you have listed as a detraction, so just keep it simple and hand out wireguard configs.

  • fediverser@alien.top
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    This post is an automated archive from a submission made on /r/selfhosted, powered by Fediverser software running on alien.top. Responses to this submission will not be seen by the original author until they claim ownership of their alien.top account. Please consider reaching out to them let them know about this post and help them migrate to Lemmy.

    Lemmy users: you are still very much encouraged to participate in the discussion. There are still many other subscribers on !main@selfhosted.forum that can benefit from your contribution and join in the conversation.

    Reddit users: you can also join the fediverse right away by getting by visiting https://portal.alien.top. If you are looking for a Reddit alternative made for and by an independent community, check out Fediverser.