Konstantin Nazarov

VPN to home PC with OpenWrt and TailScale

I've written some time ago how I've set up Tailscale to connect to my home PC from the mobile phone without opening any external ports. It uses the functionality of Headscale that I host on my own VPS to serve as a boostrap peer for punching holes in the NAT.

The setup worked really well so far, and I was able to use Syncthing and Jellyfin on the go. The only downside was that I have to keep the Tailscale VPN client always enabled on my desktop PC. This means that I can't turn on other VPN services like (Mullvad)[https://mullvad.net) at the same time, and have to remember to switch back to Tailscale when I'm done with them.

So I decided to do things differently and purchase a router which supports the open-source OpenWrt firmware. This firmware is essentially a stripped-down Linux which allows you to install third-party packages. It's been made to run specifically on routers and has minimum space requirements and a convenient web UI.

If you're interested, the router is Linksys E8450. Anyhow, the best thing for me is that OpenWrt supports Tailscale more or less out-of-the-box. And just in 15 minutes I was able to set it up in a way that exposes my whole home network via a subnet route. It means that when I connect to the tailnet from my mobile phone, I get access to all computers at home by their internal IP addresses.

I wouldn't describe here the whole setup process, as it will likely go out of date. Instead, follow the links above (they point to wikis and are likely to be updated). The setup itself was relatively simple for a power user, and the benefits in terms of controlling my data were clearly worth a few hours spent on fiddling.