TLDR: VPN-newbie wants to learn how to set up and use VPN.

What I have:

Currently, many of my selfhosted services are publicly available via my domain name. I am aware that it is safer to keep things closed, and use VPN to access – but I don’t know how that works.

  • domain name mapped via Cloudflare > static WAN IP > ISP modem > Ubiquity USG3 gateway > Linux server and Raspberry Pi.
  • 80,443 fowarded to Nginx Proxy Manager; everything else closed.
  • Linux server running Docker and several containers: NPM, Portainer, Paperless, Gitea, Mattermost, Immich, etc.
  • Raspberry Pi running Pi-hole as DNS server for LAN clients.
  • Synology NAS as network storage.

What I want:

  • access services from WAN via Android phone.
  • access services from WAN via laptop.
  • maybe still keep some things public?
  • noob-friendly solution: needs to be easy to “grok” and easy to maintain when services change.
  • Jeena@jemmy.jeena.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    I wanted to do something similar for a long time but somehow all my atempts failed. I tried the build in into a Fritzbox but my laptop never could connect. Later I tried the wireguard addon in homeassistant but same there.

    • bneu@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      But does port forwarding work for you, can you access your servers from outside your network?

      If not, it’s probably carrier-grade NAT. There are several ways to fix this:

      1. Call your ISP and ask them to give you your own dynamic IPv4 address.
      2. Use a service like tailscale (also available in Home Assistant)
      • Jeena@jemmy.jeena.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        Yes port forwarding with everything else works well, I have no problem with port forwarding, running a lot of services from home.

      • stown@sedd.it
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Dynamic IP is one that changes. I think you meant static IP.

        • bneu@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          No, I specifically meant dynamic, because most ISPs only give static IPv4 for business plans, and a dynamic IP is fine if you use a dynamic DNS service (the Fritzbox has one).

          • stown@sedd.it
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            If you don’t have a static IP then you will automatically have a dynamic one. You don’t need to ask for a dynamic IP as that is the default. And I’m no idiot, I’ve used dynamic DNS services for for over 20 years.