Feature request / some ideas

[Lokowitz]

Background

IT is just a hobby so please forgive me when my ideas are shitty / not possible ☺️

I want to use pangolin for my homelab and for my fathers homelab. 
My father got a new internet provider and is now behind a CGNAT. That’s the reason I was searching for a solution with VPS and WireGuard tunnel. 

I tried Tailscale and it works okay. But I want to have a self hosted solution and I don’t like the fakt that I have to install the client on all devices and servers to connect to each other.

Current setup

We have a Fritzbox as router. 192.169.10.0/24 for my home and 192.168.178.0/24 for my parents home. 
Both networks are connected through a WireGuard tunnel and the Fritzboxes have a configured subnet route through the tunnel. 
Each home has its own domain (dyndns address), nginx proxy manager and adguard as dns server. Adguard makes a dns rewrite to the other npm server when the url of the other homelab is asked for.
On our mobile devices (laptop, phone) is wireguard installed to directly connect to our home lab when we leave our wlan. 
So there are no open port (instead of WireGuard) and we don’t need to configure anything on the servers to reach the complete network.

Requests/Ideas

1. Newt acts also as a dns server and reverse proxy so that my connection don’t have to go through the vps when I am at the same network as the service I want to reach - dns is configured in pangolin and gets synced to the newt instances
2. DNS block list integration like adguard or pihole (?)
3. Newt clients build a direct connection to each other (like tailscale) - better latency (?)
4. Pangolin is able to provide a WireGuard connection for devices like my phone (I always want to have a secure connection and dns blocker when I am leaving my wlan) and the vps would be the perfect entry point
5. Setting for service reachability over internet or just internal (connected sites and WireGuard connections) so that you don’t have to open port 80/443

I tried to visualize it for better understanding:

Thanks for your great tool!

[miloschwartz]

Hi, thank you for the detailed write up and the diagram. This is cool because when we first started developing Pangolin we talked a lot about these types of distributed networks.

I think some of these ideas have been kicked around a lot already because other people have shared similar use cases. Specifically the idea of Newt acting as an internal reverse proxy/DNS server so connections don't have to go out to the VPS and back. I think this will likely be added, but after we leave beta, and potentially an extension of this would be to connect your phone via the WireGuard app (we probably would not make a custom mobile agent), and have Gerbil do the routing for internal access.

For number 2 specifically, it's unlikely we'd go down this route unless many other people also request it, because I think it would take the system down a path that it wasn't necessarily designed for, and other tools do much better (PiHole, AdGuard, etc), but I'll never say never.