Hi there!

Wondering what types of setup people have that allow them to, while the internet is down, still watch/stream media from their servers. I have a stacked Jellyfin library that, and would like to see this feature/setup in my own house. My Unraid server is on the other side of the house from where the living room is. Is there actually a sane way to achieve this?

  • Sips'OP
    link
    fedilink
    English
    74 months ago

    I have everything connected over Tailscale, and strictly only use IPs delegated through this system. So i realise now that I have to step away from that if I want to make it work locally :P

    • Dran
      link
      English
      264 months ago

      Talescale proper gives you an external dependency (and a lot of security risk), but the underlying technology (wireguard) does not have the same limitation. You should just deploy wireguard yourself; it’s not as scary as it sounds.

      • @WhatAmLemmy
        link
        English
        44 months ago

        What is the issue with the external dependency? I would argue that consumer routers have near universal shit security, networking is too complex for the average user, and there’s a greater risk opening up ports and provisioning your own VPN server (on consumer software/hardware). The port forwarding and DDNS are essentially “external dependencies”.

        Mesh VPN clients are all open source. I believe Tailscale are currently implementing a feature where new devices can’t connect to your mesh without pre-approval from your own authorized devices, even if they pass external authentication and 2FA (removing the dependency on tailscale servers in granting authorization, post-authentication).

        • Dran
          link
          English
          24 months ago

          vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer. If we’re deep enough in the weeds to be arguing the pros and cons of wireguard raw vs talescale; I think we’re certainly passed accepting a budget consumer router as acceptably meeting these and other needs.

          Also you don’t need port forwarding and ddns for internal routing. My phone and laptop both have automation in place for switching wireguard profiles based on network SSID. At home, all traffic is routed locally; outside of my network everything goes through ddns/port forwarding.

          If you’re really paranoid about it, you could always skip the port-forward route, and set up a wireguard-based mesh yourself using an external vps as a relay. That way you don’t have to open anything directly, and internal traffic still routes when you don’t have an internet connection at home. It’s basically what talescale is, except in this case you control the keys and have better insight into who is using them, and you reverse the authentication paradigm from external to internal.

          • @WhatAmLemmy
            link
            English
            1
            edit-2
            4 months ago

            vyatta and vyatta-based (edgerouter, etc) I would say are good enough for the average consumer.

            WTF? What galaxy are you from? Literally zero average consumers use that. They use whatever router their ISP provides, is currently advertised on tech media, or is sold at retailers.

            I’m not talking about budget routers. I’m talking about ALL software running on consumer routers. They’re all dogshit closed source burn and churn that barely receive security updates even while they’re still in production.

            Also you don’t need port forwarding and ddns for internal routing. … At home, all traffic is routed locally

            That is literally the recommended config for consumer Tailscale and any mesh VPN. Do you even know how they work? The “external dependency” you’re referring to — their servers — basically operate like DDNS, supplying the DNS/routing between mesh clients. Beyond that all comms are P2P, including LAN access.

            Everything else you mention is useless because Tailscale, Nebula, etc all have open source server alternatives that are way more robust and foolproof to rolling your own VPS and wireguard mesh.

            My argument is that “LAN access” — with all the “smart” devices and IoT surveillance capitalism spyware on it — is the weakest link, and relying on mesh VPN software to create a VLAN is significantly more secure than relying on open LAN access handled by consumer routers.

            Just because you’re commenting on selfhosted, on lemmy, doesn’t mean you should recommend the most complex and convoluted approach, especially if you don’t even know how the underlying tech actually works.

            • @WhatAmLemmy
              link
              English
              1
              edit-2
              4 months ago

              FYI ^ Sunny — I suggest you query your LAN routing config with Tailscale specific support, discord, forums, etc. I’m 99% certain you can fix your LAN access issues with little more than a reconfig.

      • Sips'OP
        link
        fedilink
        English
        24 months ago

        Yeah that is true. Its just that it makes things so dead simple for other friends and family to join in on. Its defo something i need to re-evaluate.

      • Sips'OP
        link
        fedilink
        English
        44 months ago

        When I first got into self-hosting I started out using Tailscale, at that point i didn’t know better and figured it was all or nothing. It has actually worked flawlessly to be fair. Probably not the best or smartest decision of my life. But am now slowly wanting to turn to just a clean WireGuard setup.

        • Dran
          link
          English
          34 months ago

          the best way to learn is by doing!

    • @[email protected]
      link
      fedilink
      English
      64 months ago

      You should still be able to access everything through tailscale once you switch everything over to use local IP addresses.