github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #771] Can I bypass tunnelling while in home network? #6417

New Issue
Closed
opened 2026-04-25 15:17:25 -05:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-04-25 15:17:25 -05:00
Owner
Copy Link

Originally created by @0w1Knight on GitHub (May 23, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/771

Hey there - Wondering what I can do about this scenario. I have Pangolin setup through a VPS and a number of services hosted at home. When I'm at home, accessing those services via subdomains setup in Pangolin seem to route all traffic through the VPS (ie watching Jellyfin at home uses a lot of VPS data). Can I avoid this by somehow bypassing tunneling while on the same network as my home server?

Previously I used NPM for reverse proxy + local DNS to assign domain names to services that were only reachable inside my network. My intent was for Pangolin to also make them reachable outside the network, but now it seems that I'm carrying all traffic outside of the network. I considered using different domain names (jellyfin.my.domain for inside the network, media.my.domain for outside the network, etc) - But then for several apps I'd need to reconfigure the server URL whenever I leave the house. What are others doing about this?

Originally created by @0w1Knight on GitHub (May 23, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/771 Hey there - Wondering what I can do about this scenario. I have Pangolin setup through a VPS and a number of services hosted at home. When I'm at home, accessing those services via subdomains setup in Pangolin seem to route all traffic through the VPS (ie watching Jellyfin at home uses a lot of VPS data). Can I avoid this by somehow bypassing tunneling while on the same network as my home server? Previously I used NPM for reverse proxy + local DNS to assign domain names to services that were only reachable inside my network. My intent was for Pangolin to also make them reachable outside the network, but now it seems that I'm carrying all traffic outside of the network. I considered using different domain names (jellyfin.my.domain for inside the network, media.my.domain for outside the network, etc) - But then for several apps I'd need to reconfigure the server URL whenever I leave the house. What are others doing about this?
GiteaMirror commented 2026-04-25 15:17:26 -05:00
Author
Owner
Copy Link

@tannkosten commented on GitHub (May 23, 2025):

If you still have NPM and the local DNS running, you could change your jellyfin.my.domain to point to the NPM when you're at home. And when you're not at home, it uses the internet DNS that points to your VPS.
If you want valid certs through the NPM, you might have to do the DNS challenge to get certs from let's encrypt.

<!-- gh-comment-id:2903519731 --> @tannkosten commented on GitHub (May 23, 2025): If you still have NPM and the local DNS running, you could change your jellyfin.my.domain to point to the NPM when you're at home. And when you're not at home, it uses the internet DNS that points to your VPS. If you want valid certs through the NPM, you might have to do the DNS challenge to get certs from let's encrypt.
GiteaMirror commented 2026-04-25 15:17:26 -05:00
Author
Owner
Copy Link

@kalikid021 commented on GitHub (May 23, 2025):

I think what you are looking for is a split horizon DNS setup. The way this works, is bay specifying your internal IP scope in your DNS server, and if the DNS lookup is within that scope it will send the traffic to either a local reverse proxy, or directly to that service IP within your network. Then externally to your network the DNS translation will use the public DNS configuration which should be your VPS.

Internal IP scope (ie 192.168.0.0/16) -> Internal service (NPM, Traefik, direct)
External IP scope (ie 0.0.0.0/0) -> External service (pangolin)

<!-- gh-comment-id:2904907827 --> @kalikid021 commented on GitHub (May 23, 2025): I think what you are looking for is a split horizon DNS setup. The way this works, is bay specifying your internal IP scope in your DNS server, and if the DNS lookup is within that scope it will send the traffic to either a local reverse proxy, or directly to that service IP within your network. Then externally to your network the DNS translation will use the public DNS configuration which should be your VPS. Internal IP scope (ie 192.168.0.0/16) -> Internal service (NPM, Traefik, direct) External IP scope (ie 0.0.0.0/0) -> External service (pangolin)
GiteaMirror commented 2026-04-25 15:17:26 -05:00
Author
Owner
Copy Link

@3nprob commented on GitHub (Jun 5, 2025):

This could be solved by #849

<!-- gh-comment-id:2946197637 --> @3nprob commented on GitHub (Jun 5, 2025): This could be solved by #849
GiteaMirror commented 2026-04-25 15:17:27 -05:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Jun 20, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2989472969 --> @github-actions[bot] commented on GitHub (Jun 20, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
GiteaMirror commented 2026-04-25 15:17:27 -05:00
Author
Owner
Copy Link

@amateescu commented on GitHub (Jun 20, 2025):

I'm also interested in the same scenario. Would official support for Tailscale (alongside Newt and Wireguard) help with this?

<!-- gh-comment-id:2990040621 --> @amateescu commented on GitHub (Jun 20, 2025): I'm also interested in the same scenario. Would official support for Tailscale (alongside Newt and Wireguard) help with this?
GiteaMirror commented 2026-04-25 15:17:27 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jun 22, 2025):

Yeah I am inclined to suggest taking action as @kalikid021 suggests with split DNS. If deployed on a VPS Pangolin is really designed for external service exposure. I think the request is very mush dependent on how a local network is set up and without pangolin locally and control over the DNS I think its hard so its very much not a one size fits all solution we could present.

<!-- gh-comment-id:2994257998 --> @oschwartz10612 commented on GitHub (Jun 22, 2025): Yeah I am inclined to suggest taking action as @kalikid021 suggests with split DNS. If deployed on a VPS Pangolin is really designed for external service exposure. I think the request is very mush dependent on how a local network is set up and without pangolin locally and control over the DNS I think its hard so its very much not a one size fits all solution we could present.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#6417
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?