I’ve been thoroughly impressed with Pangolin and the balance it strikes between ease of use and functionality. Some of the additional guides and scripts here have been a great asset to further expand on the existing capabilities, and are greatly appreciated it.
That said, as I continue in my efforts to condense my services away from “Big Tech” and under my own support umbrella, I need to remain cognizant of balancing functionality with time commitment. Once I move this into “Production” for my users (read, wife and kids), it just needs to work. To that end, I’ve been struggling with a VPN solution that leverages my existing VPS.
My initial thought was to Wireguard all traffic through the VPS when we’re away from home, and then route (within the VPS) traffic that was destined for my home network via a secondary tunnel. The pro is that for web traffic it leverages the uptime of a VPS, while still allowing access to local resources. It also prevents me having to worry about taking something offline at home killing connectivity. However, managing wireguard on multiple devices / internal routing on the VPS felt like it was going to become a support nightmare.
I then reconsidered tailscale, as I had tested it in the past and was impressed with the exception of higher than normal battery drain on some devices. However, going with tailscale meant a dependency on them, which I’m not opposed of in theory, but would rather self host. Enter headscale and some sort of admin interface (currently considering headplane). I can easily leverage the internal Pangolin docker network to route traffic, except the admin interface can’t talk to headscale as it expects to be at https://headscale.example.com/admin. Pangolin doesn’t seem to support that functionality as of yet.
So all that said, can anyone offer some guidance on how to get headscale, a headscale UI and Pangolin playing nice?
Dude, you’re doing this for free to help out people. Take all the time you need, I really appreciate it. Another option for a web-ui would be →
I’m fairly confident that I could do it by modifying the Traefik config, but my concern is inadvertently breaking Pangolin.
Finally, (and somewhat unrelated), I had seen the Pangolin devs talking about the possibility of making Pangolin able to access local subnets (eg - like *scale). It seems that it should be possible to integrate headscale into the Pangolin stack, and then leverage Pangolin as the webui. Then instead of choosing “Local, New, Wireguard”, you would be given a fourth option.
I say all this like it should be easy (which it’s not), but it feels that the *scale model is very similar to the Pangolin model. Anyways, just thinking out loud.
