Basically, I want to move files between my NAS (behind CGNAT) and webserver and rsync isn't cutting it. I think WireGuard will be best, then I can use my existing NFS and Kerberos infrastructure.
Do you need a static IP or could you get away with using dynamic DNS like duckdns? I think wireguard allows you to use a hostname instead of IP address. The wireguard peers would have static private IPs in the VPN address space. I had a much simpler setup than you, but this is what I was doing before tailscale.
A dynamic IP would work; I just need an IP that is unique to my router and isn't shared by a dozen other households---I don't know what the term for that is.
There is a way to make it work with WireGuard using something called MASQUERADE, I'm learning.
A reverse proxy like nginx?
Basically, I want to move files between my NAS (behind CGNAT) and webserver and rsync isn't cutting it. I think WireGuard will be best, then I can use my existing NFS and Kerberos infrastructure.
Do you need a static IP or could you get away with using dynamic DNS like duckdns? I think wireguard allows you to use a hostname instead of IP address. The wireguard peers would have static private IPs in the VPN address space. I had a much simpler setup than you, but this is what I was doing before tailscale.
A dynamic IP would work; I just need an IP that is unique to my router and isn't shared by a dozen other households---I don't know what the term for that is.
There is a way to make it work with WireGuard using something called MASQUERADE, I'm learning.