Remote Access for your Homelab? Mar/Apr 2024

VPN
1

Hey all, I dove headfirst into homelabbing and finally have set up most of what I want. Still have a ton more to do…it never ends! Looking for some direction on how to set up remote access. Here’s my current network topology:

The NETGEAR switch is pretty useless rn, I got it for free and figured Id just throw it in there for future use

I dont have a static WAN IP, but I’ve been able to set up ddns with OPNsense and Cloudfare. My question is how do ya’ll remotely access ALL of your homelab services running on different IPs? I have all my services on 192.168.2.1/24 subnet. My current DDNS set up takes me to my router Web GUI, but I don’t want to open up more ports on my WAN. My understanding of all of this could be wrong, if it is please let me know!

What would you recommend I use to be able to access my homelab when I’m away from my house? Is there a way to do this with DDNS or do I have to create a VPN with wireguard or OpenVPN?

***UPDATE***

I’ve configured a couple of the solutions below as ya’ll suggested

DDNS set up and WireGuard tunnel using DDNS as endpoint - was initially a confusing set up with OPNsense ddclient, and but it works fine and gets the job done. Also tbh, I didn’t like having anything pointing to my WAN IP…I could view my IP with a simple nmap of my subdomain, which is obviously how it works, but something about it just irked me.

PowerShell Script + Cloudflare API - super simple to do and worked incredibly well in terms of regularly updating A records with my WAN IP

Cloudflare Zero-Trust Tunnel - I like Cloudflare…but I dont LOVE Cloudflare. It’s a great option and I liked learning how to set it up, but personally I think I like Tailscale better.

Tailscale - Absolutely GOATED. I think I set this up in less than 10 minutes, and it works amazingly. Ya’ll weren’t kidding when you said zero-config. Couldn’t have been any simpler to work with. This is gonna be my go to solution moving forward!

Thank you EVERYONE for your suggestions, its been a massive help! I can now break shit in my network remotely instead of having to be at home to f*** it up! Best of luck homelabbing and hope this post is a good reference for those getting started in the future!

2

Your router’s web GUI shouldn’t be responding to the WAN side.

Use a DDNS service and Wireguard or OpenVPN, yes.

My setup is personal domain vpn.example.net resolves to public IP. DDNS is provided by my web host with a service running on pfSense. Then OpenVPN on pfSense. No other open ports.

3

Tailscale is free for non-commercial up to 100 devices but their subnet routing gets you all the access you need without coming close to the 100 device limit.

4

Cloudflare Zero Trust tunnel.

5

You could also create a small bash script to resolve your public IP and then use the Cloudflare API to update the relevant DNS records.

6

My setup is slightly less complicated than yours but on an Unraid server, you can set up Tailscale and have your entire network securely accessible in like 5 minutes. It just simply works. I tried some other options and they all either were too complicated or didn’t do what I wanted. Tailscale; just press a few buttons and you’re accessing your network from anywhere in the world as if you were local

7

I’m using tailscale for all my network, including some VPN exit points in VPS in USA, Brazil and Europe, works flawlessly…

8

I use Apache Guacamole.

9

Super easy way, a free Zerotier account.

10

Take a look at Twingate for secure remote access.

11

This community is so dope! Started the day having no clue how to proceed, and now got a ton of options to try out. That being said, I’m gonna try out all: WireGuard VPN, OpenVPN, Tailscale, Bash script + Cloudflare API, Zero-trust tunnel. I’d love to try Twingate but I don’t have a server that I can afford to run 24/7. My rack server takes a ridiculous amount of electricity so till I get a thin client or Raspberry PI or someting, I don’t see myself using it!

Thank you all for your advice!! I’ll update this post in a day or 2 after I try each and see what gives me the best connection in terms of speed, maintenance, and security! Thanks again!!

12

I run openvpn on my router, and since my domain name is hosted on namecheap, I use their ddns to get me to my network from the internet.

13

Cloudflare zero trust for services with tailscale for devices.
Where I have mix dockers and k8s objects.
Two days ago I started migration of my existing cloudflare config into code(terraform) and it’s really easy and smooth

14

Your router’s management interface should not be listening on a public IP. Fix that first, then look at setting up OpenVPN or Wireguard to build a RAS VPN for your setup. DDNS just allows you to find your WAN IP on the public Internet, it is not a remote access solution. Since you’re using Opnsense, you already have everything you need, you just need to set it up.

I have a RAS VPN setup in a colo box and then have a S2S VPN between colo and home. When I’m attached to the RAS VPN in colo, I can access all of my infrastructure between the two sites.

15

Zero trust my friend

16

twingate > zero tier > tailscale

17

Cloudflare zero trust tunnel and do not open anything directly to the internet.

18

I recommend Twingate

19

I have my own domain, DDNS updates for my OpenVPN endpoint, etc, But honestly, the simplest and most reliable solution has been a Chrome Remote Desktop connection to a Linux box I have devoted to management . All important web management pages are bookmarked, and I use Remmina installed with all SSH and RDP hosts saved.

It’s not the most “fun” or challenging solution, but it just works.

20

I temporarily created portforwarding rules to see if it was working - for the VPN set up, how much CPU does it take up? My OPNsense optiplex has an i5-7600 @ 3.5 GHz, 8gb of RAM, and 512 gb SSD.

Will the VPN drastically slow down my connection when Im at home and would you recommend setting up a VPN on a Pi or Thin Client or directly on the router? Thanks for your advice!