Proxmox VE on a machine that I got almost for free. Intel i3-4160, 10GB RAM, 240GB SSD for the OS, and a non-redundant 1T HDD for storage. The only things I paid for are a second NIC and an 8GB RAM stick.
PVE is running a pfSense VM, and a bunch of Debian containers:
Samba
Jellyfin (still setting it up)
Twingate Connector
All internet traffic goes through the pfSense VM. Unfortunately the ISP has put me behind CGNAT and disabled bridge mode, so my internet-facing things (mostly Wireguard and SSH) are pretty much crippled. Right now my best no-cost option is to use Twingate, but I don’t trust it to handle anything other than SSH.
If behind CGNAT and forwarding is not an option, Headscale, Tailscale or ZeroTier may be an option. I use Tailscale and it have ZERO forwarding on and can access anything on my network when connected through it. Think of these as Wireguard on Steroids. :)
I tried Tailscale once, but it introduced some massive latency because apparently I got connected to my machine through a gateway in Frankfurt. It was the Tailscale Funnel service though, so maybe that’s not what I needed.
Also, are any of the services you listed end-to-end encrypted?
Tailscale is but since you already tried them, maybe headscale that’s supposed to be the self hosted version of Tailscale that someone wrote, so you have better odds at less latency! https://headscale.net/
Great setup! Be careful with the SSD though, Proxmox likes to eat those for fun with all those small but numerous writes. A used, small capacity enterprise SSD can be had for cheap.
Proxmox VE on a machine that I got almost for free. Intel i3-4160, 10GB RAM, 240GB SSD for the OS, and a non-redundant 1T HDD for storage. The only things I paid for are a second NIC and an 8GB RAM stick.
PVE is running a pfSense VM, and a bunch of Debian containers:
All internet traffic goes through the pfSense VM. Unfortunately the ISP has put me behind CGNAT and disabled bridge mode, so my internet-facing things (mostly Wireguard and SSH) are pretty much crippled. Right now my best no-cost option is to use Twingate, but I don’t trust it to handle anything other than SSH.
If behind CGNAT and forwarding is not an option, Headscale, Tailscale or ZeroTier may be an option. I use Tailscale and it have ZERO forwarding on and can access anything on my network when connected through it. Think of these as Wireguard on Steroids. :)
I tried Tailscale once, but it introduced some massive latency because apparently I got connected to my machine through a gateway in Frankfurt. It was the Tailscale Funnel service though, so maybe that’s not what I needed.
Also, are any of the services you listed end-to-end encrypted?
Tailscale is but since you already tried them, maybe headscale that’s supposed to be the self hosted version of Tailscale that someone wrote, so you have better odds at less latency! https://headscale.net/
Zerotier? Not sure -https://www.zerotier.com/ can speak more to this.
Great setup! Be careful with the SSD though, Proxmox likes to eat those for fun with all those small but numerous writes. A used, small capacity enterprise SSD can be had for cheap.