Tailscale Mesh VPN
Tailscale is a mesh vpn that allows for connecting to local services like you are inside your local network over the internet without having to open any ports. Similar to how I am using cloudflare to access Nextcloud, I can use tailscale to gain access to ssh over the internet without opening port 22. This service is provided with a free tier that I use so that I can still get the benefits of having ssh access without having the risk of showing ssh as open to the internet. This works on a zero-config install running on each of the vm’s and creates a tailnet that I can access from anywhere. Tailscale uses the Wireguard protocol which is known for its security.
Installation on the VM
It is possible to make a single VM that handles all the traffic but this requires much more involved networking settings and using a non-traditional ip addressing scheme on the network like 10.10.10.1 instead of the usual 192.168.1.xxx/24 range that most routers use to avoid confusing any networks that also would have addressing on the 192.168.1.xxx network. That method would be a reverse proxy. I decided against that since all my services were working and I did not want to start the process of setting new static ip addresses. Instead I will need to follow these steps on all future vm’s that I create.
On the new VM install tailscale
$ curl -fsSL https://tailscale.com/install.sh | shStart tailscale and authenticate
$ sudo tailscale upThis will give a web address to go to and link the account
Verify the connection
$ tailscale statusThis will output the tailscale ip address that can be used to login from outside the network
Make tailscale persistent upon restart
$ sudo systemctl enable tailscaled
$ sudo systemctl start tailscaledAccess the services
$ ssh username@100.x.x.x