App to Replace Built-in VPN Server on Router

by Rian

I suppose it needs some context to explain what even is a “VPN server on a router” for home and small offices. If you have a home lab, DIY projects, or even a simple NAS, chances are, you don’t want to have them all exposed to the internet. Prudence dictates every device should have its security, especially with the coming days of IPv6; however, many security advices I read online and still abide by always recommend keeping them behind the locked door — the router. A VPN server, therefore, lets users connect to LAN, just like a VPN in a workplace.

The routers I’ve had were often shipped with VPN server features, especially with an OpenVPN version. There were always two problems: a. router would not receive frequent enough software updates, and b. even when it does, it rarely fixed VPN issues. This is where Tailscale comes in. Unlike how the traditional VPN works like a tunnel into a physical network, Tailscale actually creates virtual network regardless of their physical location.

Practically speaking, it translates to several advantages compared to VPN servers for home or small offices. For one, VPN featured baked into routers rarely get updates. WireGuard, for example, is the new game in town. I am yet to see routers either updating their VPN packages or offer additional protocol options. Two, if you are using IPv4 ISP like I am, chances are the provider is changing your home address rather frequently, requiring an additional DDNS setup for external access. With Tailscale, the process is streamlined; Tailscale server plays matchmaker, and the actual connections are P2P.

As I was moving my Pi projects, one of the to-do lists was to upgrade the VPN. I have tried different manufacturers’ different implementation of VPN servers, most of them OpenVPN, and frankly, all of them were out of date. The most common issue I’ve experienced was the full-tunneling. It’s incredibly handy when it works — watching the same Netflix abroad, or connecting to domestic websites, and so on. The manufacturer’s implementation had a flaw, where the configuration would not be written into the .ovpn file, so I had to manually set it up myself every time. Tailscale offers a similar feature under the name of Exit Node.