By Thanos Maris in Homelab

VPN to your homelab

I got my services up and running and enjoyed them, but what if I'm not at home?

Tailscale

easiest VPN to set up

Since I had little to no knowledge on how to access my home network and opening ports on my router was a big no-no from a security perspective, googling around I found Tailscale!

Being a complete novice, that was the best solution!
Really easy to install and even easier to configure with apps for every platform (yes, even Windows!) .

Setting it up on my Proxmox server was just as easy thanks to their great documentations explaining installation and how to set up an exit node and advertise routes on Linux so you can access your home network outside of it even if you are behind CG-NAT!

From the client end, just download the app if you're on your phone, log in to your free account and you're connected!

Only big downside was speed when being behind CG-NAT which is the case on my mobile carrier - Vodafone Greece. Also the android app tends to consume a lot of battery even in idle so I turned my Tailscale VPN on only when I wanted to access something on my home network.

Those two drawbacks led me to figure out Wireguard (which Tailscale is also based on)!

Wireguard

I managed to get Wireguard working on Portainer using this template

Things aren't as easy as Tailscale, but even me being an idiot got it running.

  1. I had to open the required port for Wireguard - UDP protocol - on my router:
  1. Register with a free account on duckdns.org a subdomain:
  1. Deploy a docker container in Portainer in order to automatically keep my IP address updated on duckdns.org so I don't have to manually input it every time it changes

  1. Deploy the Wireguard container on Portainer filling the port I opened and as WG_HOST the duckdns subdomained I created
  1. Profit! ✌️

And that is pretty much it. From the web UI of the new container I can add clients and generate the necessary QR codes without having to dive deep in the Wireguard protocol.

On the client side of things, I just downloaded the android Wireguard app, scanned the QR code on my screen and got connected!

The 2 major drawbacks of Tailscale now gone. I get my full upload speeds even behind CG-NAT and no more battery drainage on my Pixel.

Although now I rarely use Tailscale I still keep both of my VPNs for redudancy. Each is running in separate machines so if one goes down, I have the other one as a backup for remote access.