Accessing Proxmox and LXC externally

[arnob216]

I need help with accessing proxmox and lxc externally. I had previously opted for Wireguard using a separate LXC and it worked fine when I had dedicated IP. But, now I have dynamic IP and I need a solution to handle that.

Initially, having a personal domain, I have made access through 'proxmox.mydomain.com' using cloudflare tunnelling. It works fine. Moreover, I get to access it without using VPN software on my external office PC.

But, I still want a VPN solution, say when I want to access proxmox/lxc services using my mobile. For that, Taiscale seemed to work great using Subnet Route.

Problem is that, using Subnet Route, the proxmox host or LXCs are forced to use Tailscale DNS and I found that I could not use normal Internet anymore. "apt update" was not working inside LXC. As I am not a network guy, is it even possible to use Tailscale without requiring me to use Tailscale dns or somehow have both tailscale dns and my router dns active? Though 2nd solution might make the activities slow as per my understanding.
Wireguard did not have that problem, but I also could not make it work with dynamic IP till now.

What is the best solution?

 

[nakaori]

For my homelab I have an lxc container that is running the tailscale client. I am pushing routes for the subnets I need (including the PVE servers' subnet). On the lxc I have enabled ipv4 forwarding. (Also note, that if you want to do this, your lxc container needs to be privileged. You can replicate this in a vm, without that need.)

I add that I am using headscale with ACLs and have implemented firewall onsite that limit my traffic coming from th tailnet to ssh. But that's optional.