Open PizzaProgram opened 5 months ago
The safest approach is to run a separate VPN for each group. You can have a master node being part of multiple VPNs, the drawback is that it needs to run multiple tinc daemons in that case, one for each VPN it is part of.
There is no official GUI for tinc, but the tinc 1.1 branch has a CLI that allows you to list the nodes and addresses they are assigned.
I'd like to ask the community:
No PCs should ever allowed to go to the internet through the VPN, but only see the other PCs + phones in the same group. (Clients are: [200+ Win7 32bit clients = POS PCs] + [30+ Win10/11] + some MurenaOS / Android / iPhones + some iOS laptops)
(PS: I'm an experienced sysadmin + programmer, tried SoftEtherVPN + OpenVPN + WireGuard + HeadScale + many other before.) So far I've liked ZeroTier -> self-hosted the most, but the connection with it is unstable. )
Thanks in forward for any help / experience! 😺