I currently have a server running Unraid as the OS, which has some WireGuard integration built in. Which I’ve enabled and been using to remotely access services hosted on that server. But as I’ve expanded to include things like Octopi running on a Pi3 and NextcloudPi running on a Pi4 (along with AdGuardHome), I’m trying to determine the best way to VPN to my home network with the goal of reaching services I’m hosting, and do it safely of course.

I have a Netgear Nighthawk that has some VPN functionality built in that uses a OpenVPN account. Is that ok or would it be advisable to come in a different way?

  • Darkassassin07@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    I host an openVPN instance from a Debian machine with my phone permanently connected to it.

    Keeps my phone within my lan while roaming so it has access to non-public services like pihole, the arr stacks management interfaces, ssh/ftp, etc. Also keeps my browsing private + secure on public/work wifi.

    Only the things I share with others like Emby get exposed to WAN (through a reverse proxy), the rest is VPN/LAN access only.

  • CameronDev@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    I run a wireguard vpn into my home, and i can access my local services. It was a small matter of setting up routing properly.

    I am using https://www.firezone.dev/ to set it up and manage it, but i believe it can be done manually if desired.

  • qjkxbmwvz@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    As others have said, I’d play with routing/IP forwarding such that being VPN’d to one machine gives you access to everything — basically I would set it up as a “road warrior” VPN (but possibly split tunnel on the client [yes I know, WireGuard doesn’t have servers or clients but you know what I mean]).

    Alternately, I think you could do some reverse proxy magic such that everything goes through the WireGuard box — a.lan goes to service A, b.lan to service B, etc., but if you have non-http services this may be a little more cumbersome.

  • giacomo@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    I think openvpn works completely fine for most use cases and didn’t have any trouble with it at all. I did however switch to wireguard on my gateway and I get a little better throughput compared to openvpn. That being said, I’m also using a pfsense box as my home gateway, so access to internal services has been easy as general routing gets.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Any reason the VPN can’t stay as-is? Unless you don’t want it on the unraid box at all anymore. But going to unraid over VPN then out the rest of the network from there is a perfectly valid use case.

    • Father_Redbeard@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Well, I didn’t realize that was an option to be honest, lol. I am having some issues with that box at the moment though so having a pi or my router acting as the gateway appealed to me with it’s longer uptime

    • FabulousAardvark@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      This is how I use it and it’s been rock solid for ages! Can even pass pihole through it so you get no ads when out and about.

    • Father_Redbeard@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Yeah I know some of those words…

      I’m still a newb but I’ll have a look at that link, thanks!

  • originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    0
    ·
    11 months ago

    openvpn is a decent standard, no reason it wont or shouldnt work.

    seems like a lot of pis…ever thought of consolidating them into containers in a single box?

    • Father_Redbeard@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Most services are on the unraid box. But I had a pi running Pi-hole for a long time (switched to adguardhome) and wanted that separate from the main server in case it went down. Pis boot up a lot faster than my server hardware and then you still need to start the array and mount drives. Having AGH on a Pi as primary DNS means minimal internet outages caused by my tinkering. I was given the 4 and put it in a really cool case that can fit a M.2 or 2.5" SSD and boot from it. So that is NextcloudPi and AGH. The 3 is because my 3d printer is nowhere near a LAN connection and 3 has WiFi. The 4 is sitting next to my router. We won’t mention the 1B I’ve been messing with too…

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    11 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    IP Internet Protocol
    NAT Network Address Translation
    SSD Solid State Drive mass storage
    VPN Virtual Private Network

    5 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

    [Thread #434 for this sub, first seen 17th Jan 2024, 23:25] [FAQ] [Full list] [Contact] [Source code]