Is there a solution to use tailscale (or pangolin) alongside a traditional VPN on grapheneos?
Trying to find a way to connect to my home server as well as my VPN at the same time. Doesn't seem like tailscale can. I've started looking at pangolin, has anyone had any luck with this issue?
Thank you
You can use tailscale + gluetun docker containers to use your favorite commercial vpn as an exit node on the same machine. https://github.com/alexmaisa/tailscale-vpn-exitnode
Or you need to update iptables of you don't use docker and have e. g. wireguard out as an exit node. Or if you have vpn out on your router, and tailscale on the home network, you just use it as exit node.
Yes. Run a tailscale exit node which connects to the internet via said VPN. Connect to tailscale on android and select the exit node
Now you are routing android to tailscale and exiting via the vpn.
Not sure about pangolin on this front
I do this more or less, while the VPS itself doesn’t route over a VPN I have traffic forwarded between Tailscale and a commercial VPN.
It’s actually much more complicated and involved then that involving four double hop VPN tunnels, two that stay 100% in my country then two that bounce around other countries routed over the first two. This way my traffic exits the country without it appearing that way.
Might sound like a dumb question, but have you opened the port on your router?
My ASUS router handles my WireGuard setup, I can forward my home VPN server through one of Protons VPN servers essentially creating a multi-hop setup.
VPN to home, then route outbound traffic over the other VPN.
Depends on what threat you’re protecting against IMHO.
If you’re trying to be anonymous, connecting to your home IP first is a dead giveaway to who you are. Both your home ISP and whichever ISP you’re connnected to will know.
Only easy way to maintain some anonymity right now would be to use Tailscale’s Mullvad integration……Tailscale to connect your servers, Mullvad for anonymize/country changing.
Other way might be to ONLY use Tailscale/Mullvad, and set up an alternative auth front door to your own network. Complicated and doesn’t work as nicely tho.
I was reading this yesterday
https://tailscale.com/docs/reference/faq/other-vpns
I probably won't do it myself, but maybe it works for you
Tailscale will let you use mullvad vpn as exit nodes
This is sadly the only way to do it on Android. It's not supported by Headscale and it only supports Mullvad.
It’s a shame you can’t force an exit node to be used by the whole tailnet
Edit: Does hesdscale support exit nodes at all? You could for example run a VPN on a router and then use that device as an exit node. I suspect that would work if you can use normal exit nodes
Headscale does support exit nodes, I use it to get pihole filtering on my phone away from home.
I use my own "solution" to host a WireGuard node inside a tailnet: https://github.com/stratself/tswg
You can also try https://github.com/juhovh/tailguard
Gluetun + Tailscale also kind of worked, but quite slow
Maybe run the public VPN at home with NAT enabled, and use it as the default gateway in the private VPN. Never done it but I think I've seen some guides on that concept.
Have one VPN attached in a work profile and another in your private space
I've got pangolin running on a VPS. It was dead simple.
If only pangolin supported 0.0.0.0 routing. It's been requested for months but instead of doing that... They've been courting paid enterprise usage.
What are you trying to accomplish with that?