Small VPN Access Device?
I think this fits the rules but If this doesnt let me know and I'll delete. Hey all, Overall problem statement: I'm looking for a small device (SBC if available) that I can use as a tail scale access point for travel and I'm hoping someone has done something similar. Basically I would like to have something small enough that I can toss in my travel bag that I can hook into a hotel network and have access to my home services (mainly jellyfin) on my kindle/work laptop. Not all of my devices support VPN or tailscale and having them already on a known network with built in VPN makes it 10x easier to deal with when traveling (login into hotel WiFi with a kindle Paperwhite sucks!) Ideally it would have dual gig Ethernet and built in WiFi. If this works out well enough I would like to give a few of these to the family so they can access things as well, so cost is a bit important.
I found a banana pi R3-mini that I thought would work out of the box (wifi6 + dual gig + small) but it seems too new for full software support with tail scale and I don't currently have the skills to roll my own software for it. Is there anything out there that you all have used for this type of use case?
I know I can switch to wire guard but I'm not confident I can set that up securely and reliably but if that's my only option I think I did find a good guide.
So I'm at a crossroads of learning to build my own openwrt install with the correct packages, learning how to setup wire guard, or asking for recommendations.
Edit: Thanks for all the recommendations. Looks like openwrt has released a new build for the banana pi that I have so I'm going to try that again before trying to setup wire guard. The GL.inet devices look like they have an older version of openwrt, so they support tailscale via the openwrt package manager but it can be unstable. Some people have even called it alpha on those devices. So I'm hoping the newest version on the bpi-r3 will allow a more stable tailscale. I'll try to report back once I play around with it more.
GL.iNet are good ones, or if you want to go the Rambo mode, then an orange pi r1 plus, one of these will do the work. Good luck
Plus one for the gli.net router. I've got the Beryl AX and it's great. Ended up going with a wireguard VPN rather than tailscale, but either would work.
GL.iNet actually has a decent UI too. When I’m on the road I don’t necessarily love hitting the CLI (okay fine I secretly do); they keep the updates going for a long time too.
It's only decent until you need to do something the GUI doesn't support. Then it will overwrite whatever you changed in the CLI or luci every time it boots up.
I’ve noticed that but I thought I just didn’t know how to persist it correctly and never bothered to find out how. If what you’re saying is accurate (which I don’t doubt) that sucks.
+1 - GL.iNet is cheap as hell and perfectly functional. It runs DD-WRT under the covers, and it’s super easy to “unlock” the full powers of the distro (literally a toggle in the basic ui, iirc). Used it on a longer trip my partner and I took a few months ago, and it was great! On-device storage is paltry, but, well, that’s not what it’s for.
These devices have been recommended in the past, and it looks like they can run OpenWRT
https://www.amazon.com/GL-iNet-GL-SFT1200-Secure-Travel-Router/dp/B09N72FMH5
https://openwrt.org/toh/gl.inet/start
Yes, OP I highly recommend a GL.iNet device. It's pocket sized and always does the job.
It's also great for shitty wifi that tries to limit how many devices you can connect. The router will appear as one MAC and then all your other devices can route traffic through it.
I'd stay away from that particular one. We ui was slow af and whenever wireguard connected it crawled to a stop.
Do you know a better one?
Probably one of the higher end models?
To be honest, I'll be forever dubious of new products that seem to be in every other YouTube video. I returned this one after a day or two of troubleshooting. It also didn't support openwrt if I recall correctly.
Second this ^
I have one and it's fine, but not directly supported by OpenWRT. Looks like Beryl and Slate are though
I don't know if this would fit your needs but I just have a wireguard server and when I travel I just connect to my VPN from my phone and start my access point ..then all the other devices will be connected to my VPN through the phone access point (there is an option to let clients use VPN in access point settings) and watch jellyfin. For me this is the simplest and cheapest option I found.
Here's an idea. Use a mikrotik router board. They are super cheap and support VPN natively. I use wireguard but it should also support openVPN as well. Maybe more I'm not sure. The small hap series are super cheap and works great.
For openwrt+wireguard, see: https://cameroncros.github.io/wifi-condom.html
Looks like tailscale should work in openwrt: https://openwrt.org/docs/guide-user/services/vpn/tailscale/start
For the wireguard server, I am using firezone, but they have pivoted to being a tailscale clone, so I am on the legacy version, which is unsupported: https://www.firezone.dev/docs/deploy/docker
Edit: fixed link
https://rss.ponder.cat/post/13668
If you want a ton of fun, you can build it yourself!