The scope here concerns use of VPN (Virtual Private Network) to gain secure access from the public network to a local private network. It relates to private secure access and use from the public network. It does not consider public VPNs setup for public use.

There have been considered 3 different levels of access as described by the applications used:

• Wireguard - A VPN server
• Tailscale
• Headscale
• OpenVPN (Old)

These applications and their scope are described further below.

I previously successfully setup KPTree wireguard on my router. This was installed on “bare metal” as was the nftable based router firewall. I later installed Bind9 DNS and Kea DHCP programs in Docker containers. I always run Docker in a VM to prevent Docker's packet filtering from affecting the bare metal firewall rules. I did not move Wireguard to a Docker container as I did not have the need at the time.

Using Docker wireguard from linuxserver.io is much easier that

• Wireguard
• xdeb.org Setting up a server firewall with nftables that support WireGuard VPN
• How To Set Up a WireGuard VPN Server on Ubuntu Linux
• Some Unofficial WireGuard Documentation
• How to setup your own VPN server using WireGuard on Ubuntu
• Archlinux Wireguard
• Wireguard VPN: Typical Setup
• OpenVPN FAQ
• A Tutorial for Controlling Network Traffic with iptables
• How To Set Up WireGuard Firewall Rules in Linux
• Gain flexibility & increase privacy with WireGuard VPN

• Tailscale:
  • Tailscale quickstart
  • Using Tailscale with Docker
  • github Tailscale Community
    • tailscale-dev / docker-guide-code-examples

https://github.com/juanfont/headscale/releases

• headscale
  • Running headscale in a container
• github headscale
• JimsGarage Headscale2
• Dockerhub headscale

—-