Weird question regarding Nebula and IoT.
Hi,
I currently have a home VPN and an aunt using a home router (dd-wrt) behind her own to connect to my network. By joining the wifi she can access all my home servers. She also has the TV connected to the router so she can watch our internal Video Server.
I was looking into Nebula, and whether it was possible to create an overlay so she can access my services in my network, and perhaps limit better which services can be accessed from the overlay.
My understanding is, that you add individual devices to the mesh, but what do you do for devices like a Smart TV where you can't install a VPN or Nebula?
I lent her the DD-WRT router, but I would like to offer this service to other family members so they can access my servers. Is there an easy way to set them up? (they are no techies and live in other states).
In your opinion, is Nebula the right tool? Tailscale? ZeroTrust? Also, I have to use a quite restrictive network, which of these tools is more resilient than for an almost complete block of UDP? Currently, I'm just using plain Wireguard.
Are you running LAN-to-LAN between your and aunt's ? Where RA VPN is coming into picture? Whole network setup is bit unclear form your description
Yes, it's LAN-to-LAN.
Currently I have,
Plex,Emby,NAS,Pi-hole, etc. -> LAN 1 -> VPN server -> Internet GW ->-- WG tunnel --<- Internet GW <- DD-WRT GW with WG <- LAN 2 <-TV, etc.
LAN 1 is 192.168.1.1 LAN 2 is 192.168.2.0
I would like to get rid of the DD-WRT GW with WG (router running Wireguard) on my Aunt's network.
Do not see it is possible. You need a LAN gateway in Aunt's network. SmartTV usualy do not support any VPN services. It does not need to be same box as router.
If Aunt's internet have a fixed ip, than you can expose you Plex server and other things to internet and allow access only from that IP. If Aunt's internet has dynamic IP but you can somehow use Dynamic DNS to trace it ( many SOHO routers support it out of box) and than configure FW on your home network to open ports only to IP it get on DNS. It is more tricky and IP on you r FWwill not be updated instantly if Aunt's IP changed.
Proper RA VPN is right way to do it unless you need to use it with dumb smart tv ( i guess Google TV stick allow to install VPN software on them ). Wireguard/Tailscale/Headscale/Nebula are all fine it just depends how much infra you want to manage. But in all this case VPN softwere need to be installed on each endpoint.