I am looking for a way to use a static ip for my homelab. My DSL connection has a dynamic ip and I‘m using pfSense as firewall/router. The goal is to route incoming traffic from the VPS through VPN to my pfSense.
Has anybody a similar setup or any ideas how to setup such a project?
I’ll assume you’re looking to route http traffic. I’d set up a reverse proxy on the VPS and have it do the ssl termination. It can then connect to the real services running inside your network behind the pfSense.
This seems overkill though. For myself I just use a dynamic dns service and have a CNAME from my personal domain to that name. The TTL on the dns is really short so within at most a couple of minutes everything is aligned again if the dynamic IP ever changes.
I have my home router connect to my VPS using Wireguard on boot. I then use iptables on my VPS to forward TCP and UDP ports to my home router using the Wireguard link. Works great.
I run a VPS and forward all home. My stack is:
- registered a cheap domain
- subdomain goes to VPS
- VPS: NGiNX Proxy Manager, Let‘sEncrypt wildcard ssl certificate, forwarding to local services via a WireGuard site2site vpn connection
- cluster of SBCs at home for various services
The VPS also hosts a few things that just work better there (e.g. complex nextcloud with onlyoffice, tesseract and caching).
For any beginners considering this path:
Today I uploaded a video on securing a Linux VPS the lazy but effective way:
Just writed a tiny tutorial of how to do it (in spanish): https://fpaez.es/usar-ip-estatica-de-vps-para-servidor-local/
Hope it helps!
Where does dyndns not satisfy your requirements?
I used a vps between a vm to proxy web services.
I have a somewhat similar setup. On the VPS I run frps (fast reverse proxy - server) and tailscale. At home I have a proxmox VM to take care of ingress and reverse proxying to various services running locally. On the VM I run frpc (fast reverse proxy - client) and nginx proxy manager. the frp client and server are configured to connect to each other via tailscale, but you can use whatever like wireguard. For web traffic I setup dns names in cloudflare pointing to the VPS IP with proxy on. So incoming internet web traffic goes through cloudflare proxies to the VPS then gets forwarded via tailscale to my local VM. VPS has basic firewall rules allowing only tailscale and incoming from cloudflare IPs.
You could also do reverse proxy on the VPS but I just want to keep everything local and only use the VPS for forwarding traffic.
I used something like this for the same exact reason.
I installed and configured OpenVPN server service on VPS, created the client on my Microtik router, and routed through all traffic I wanted the tunnel, and also backwards.
It is a simple port forwarding on VPS to your LAN, worked like a charm
I run a few such setups. My most recent setup uses Nebula. There are multiple VPSes that are part of this setup since I run a few clouds.
The VPSes route traffic between the Internet and my reverse proxies. Reverse proxies then forward traffic to individual VMs within a service network. Using both `firewalld` and Nebula’s firewalling capabilities for firewalls. None of the backend servers can normally talk to each other.
Not only http traffic. I also want to use it for other services like SMTP etc…
I‘d love to see a YouTube video about your VPS/WireGuard setup. Your video about securing a VPS is awesome
usually rDNS for the MX.
Can you use frps to forward/proxy a mailserver?
Today I learned about frp, might consider using this instead of SSH tunnels if it fulfills my needs.
So you have the OpenVPN server on your VPS and the client in your homelab?
Which VPS provider do you use?
The devil is in the details, and you’re hiding all of that behind “etc”. You need to be specific if you want meaningful advice.
Thank you very much! VPN is upcoming, decided to explain it a bit differently…
I don‘t think that the OP should run a production mailserver (without using a relay with reputation) in a homelab with this type of internet connection. if it is this what you had in mind?
The OP‘s idea to use a static IP of sone VPS and use VPN/routing to serve through that point will always be a pain in the ass. So I would rather propose to upgrade the internet connection or use the very straightforward tool of a DynDNS.
I have not specifically tried mailserver but it seems frp would forward anything tcp/udp. I also use it to port forward to local minecraft servers.