Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-26 02:11:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
68f401bfa39542a1352dae82a4f6dd74779a009d
start-os/START-TUNNEL.md
Aiden McClelland 68f401bfa3 Feature/start tunnel (#3037) 
* fix live-build resolv.conf

* improved debuggability

* wip: start-tunnel

* fixes for trixie and tor

* non-free-firmware on trixie

* wip

* web server WIP

* wip: tls refactor

* FE patchdb, mocks, and most endpoints

* fix editing records and patch mocks

* refactor complete

* finish api

* build and formatter update

* minor change toi viewing addresses and fix build

* fixes

* more providers

* endpoint for getting config

* fix tests

* api fixes

* wip: separate port forward controller into parts

* simplify iptables rules

* bump sdk

* misc fixes

* predict next subnet and ip, use wan ips, and form validation

* refactor: break big components apart and address todos (#3043)

* refactor: break big components apart and address todos

* starttunnel readme, fix pf mocks, fix adding tor domain in startos

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>

* better tui

* tui tweaks

* fix: address comments

* better regex for subnet

* fixes

* better validation

* handle rpc errors

* build fixes

* fix: address comments (#3044)

* fix: address comments

* fix unread notification mocks

* fix row click for notification

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>

* fix raspi build

* fix build

* fix build

* fix build

* fix build

* try to fix build

* fix tests

* fix tests

* fix rsync tests

* delete useless effectful test

---------

Co-authored-by: Matt Hill <mattnine@protonmail.com>
Co-authored-by: Alex Inkin <alexander@inkin.ru>
2025-11-07 10:12:05 +00:00

2.8 KiB
Raw Blame History

StartTunnel

A self-hosted Wiregaurd VPN optimized for creating VLANs and reverse tunneling to personal servers.

You can think of StartTunnel as "virtual router in the cloud"

Use it for private, remote access, to self-hosted services running on a personal server, or to expose self-hosted services to the public Internet without revealing the host server's IP address.

Installation

  1. Rent a low cost VPS. For most use cases, the cheapest option should be enough.

    • It must have a dedicated public IP address.
    • For (CPU), memory (RAM), and storage (disk), choose the minimum spec.
    • For transfer (bandwidth), it depends on (1) your use case and (2) your home Internet's upload speed. Even if you intend to serve large files or stream content from your server, there is no reason to pay for speeds that exceed your home Internet's upload speed.

  2. Provision the VPS with the latest version of Debian.

  3. Access the VPS via SSH.

  4. Install StartTunnel:

    @TODO

Features

  • Create Subnets: Each subnet creates a private, virtual local area network (VLAN), similar to the LAN created by a home router.

  • Add Devices: When you add a device (server, phone, laptop) to a subnet, it receives a LAN IP address on that subnet as well as a unique Wireguard config that must be copied, downloaded, or scanned into the device.

  • Forward Ports: Forwarding a port creates a "reverse tunnel", exposing a specific port on a specific device to the public Internet.

CLI

By default, StartTunnel is managed via the start-tunnel command line interface, which is self-documented.

start-tunnel --help

Web Interface

If you choose to enable the web interface (recommended in most cases), StartTunnel can be accessed as a website from the browser, or programmatically via API.

  1. Initialize the web interface.

    start-tunnel web init

  2. When prompted, select the IP address at which to host the web interface. In many cases, there will be only one IP address.

  3. When prompted, enter the port at which to host the web interface. The default is 8443, and we recommend using it. If you change the default, choose an uncommon port to avoid conflicts.

  4. Select whether to autogenerate a self-signed certificate or provide your own certificate and key. If you choose to autogenerate, you will be asked to list all IP addresses and domains for which to sign the certificate. For example, if you intend to access your StartTunnel web UI at a domain, include the domain in the list.

  5. You will receive a success message that the webserver is running at the chosen IP:port, as well as your SSL certificate and an autogenerated UI password.

  6. If not already, trust the certificate in your system keychain and/or browser.

  7. If you lose/forget your password, you can reset it using the CLI.

Reference in New Issue View Git Blame Copy Permalink