Currently I set up Tailscale in my Synology NAS and I can access selfhosted services on my phone using the Android app. I want to use some services in my work PC too but I’m blocked from installing any software. So my question is, is there any solution that allows me to connect to selfhosted VPN via browser extension? (Just like NordVPN, I can install the browser extension to use it and I don’t need the Windows app.)
I use Cloudflare tunnels for this very reason, you can protect access to the page behind a login (I use azure AD).
It basically acts like a reverse proxy allowing me access to those local resources without anything being installed on the client computer.
This is the right answer.
The only other solution I can think of would be to put a device in the middle (such as this router).
Or you can use the CF Tunnel equivalent from Tailscale, called Funnel.
https://tailscale.com/blog/reintroducing-serve-funnel
I had the same problem as OP. My solution was to port forward to my server but then block connections from all IP addresses accept from my work, which I added to an allowlist.
It’s working well so far, but I think the Cloudflare tunnel is the better option.