Supercharge Your Home Network: Unleash the Power of WireGuard and Tailscale VPNs
Securing your network is essential in today's world, especially as more developers, engineers, and homelab enthusiasts bring their services in-house. With the increasing use of development environments, media servers like Plex or Jellyfin, and home automation systems like Home Assistant, it's essential to connect to local network services remotely and securely.
WireGuard and Tailscale are two brilliant options you can go with, but which one should you choose? Well, the short answer is, why not both?
In this blog post, I'll walk you through how I use both within my home network. But before we get started, let's understand what both options provide.
WireGuard: A simple, leaner, performant VPN option that enables connecting between devices by exchanging private keys. WireGuard will then handle the connections and state for you.
Tailscale: Tailscale is built on top of WireGuard. It provides an even more straightforward setup to secure network connections between devices. Tailscale offers extra features such as MagicDNS, on-demand NAT Traversal, and out-of-the-box subnet routing.
Security: Tailscale and WireGuard provide the same point-point traffic encryption.
My Current Setup
I run an OpnSense router on a mini PC within my home network, which offers me total control compared to traditional routers from TP-Link, Asus, Netgear and others. Additionally, I've integrated WireGuard into OpnSense, allowing me to access my home network from any location worldwide.
You may be thinking, where does Tailscale fit into this?
WireGuard is much more performant than Tailscale. When doing heavier tasks like developing code and testing or upgrading services and servers remotely, I use my WireGuard tunnel. It provides me access to all my network with one VPN configuration vs adding each of my devices into Tailscale to be managed/accessed. However, note the same can be achieved with Tailscale using their subnet routing.
Now, "much more performant" is a bit of a stretch as Tailscale, compared to other VPN clients, is significantly faster but generally slows down compared to WireGuard when relaying network traffic.
Tailscale fits into my setup for its ease of use for connecting mobile/tablet devices to specific virtual machines, for instance, my code-server (vscode in the browser) and home assistant setup. Tailscale makes it easy to add or share devices with other users. Whereas with WireGuard, we'd need to provision their devices and add the relevant configuration.
I can provision each mobile user, myself and my fiancé access to Home Assistant so we can manage our smart devices remotely, i.e. turning on the washing machine or living room lights or checking our cameras to see what the dog is up to.
My second use is code-server. If I want to write code or test some lightweight functions, I can access my VSCode from the browser on my tablet.
As a bonus, Tailscale is free for up to 100 devices, so it works perfectly for homelab setups without additional costs.
Using both is optional but comes with an added layer of redundancy. I've had cases where my WireGuard service has stopped running for some reason, and I'm unable to access my home network remotely. Tailscale provides an alternative backup method to access servers or services if my WireGuard service stops working.
Summary
Everyone's use case with VPNs will differ, and between WireGuard and Tailscale, I couldn't come to a decisive conclusion besides opting for both. If you want to secure your homelab or forget to git push your latest changes, try Tailscale or WireGuard. They're free!
Let me know if you're interested in the setup and configuration, and I'll write up a setup guide!