Comment by mort96

Comment by mort96 8 hours ago

4 replies

View on Hacker News

OpenVPN makes SNAT relatively trivial, from what I can tell. So I can VPN into a network, use a node on the network as my exit node, and access other devices on that network, with source-based NAT set up on the exit node to make it appear as if my traffic is coming from the exit node.

Wireguard seems to make this much more difficult from what I can tell, though I don't know enough about networking to know if that's fundamental to wireguard or just a result on less mature tooling.

Hikikomori 6 hours ago

WG is no different really, but you'll have to set it up yourself unless you use a client like tailscale. WG is just bare bones and you're supposed to use a proper client.

Add SNAT rule, enable forwarding, add allowedIPs to WG config.

Reply View 3 replies
  • mort96 2 hours ago

    Right, so my understanding is essentially correct. OpenVPN makes it trivial to set up a VPN which lets you access a remote LAN, without having to involve third-party SaaS products like Tailscale.

    Reply View 2 replies
    • Hikikomori 2 hours ago

      It was just an example, and you could run headscale if you want the mesh feature. There's simple gui clients like wireguard-gui as well.

      Reply View 1 reply
      • mort96 2 hours ago

        And wireguard-gui has an easy GUI for source-based NAT?

        Reply View 0 replies