![]() ![]() This method, however good it sounds, comes with a number of drawbacks. This will completely disconnect the VPN tunnel, and traffic will hit the VPS without continuing further. In the event of any networking issues, and you want to completely disconnect your servers from the outside world, simply kill the VPS, or stop the VPN client. Users never need to know or care what your home IP is, as traffic always flows via the VPS. If your home IP changes, the VPN client in your home will have reconnected to the server automatically, and traffic continue to flow. My gateway server is a one core, 512mb RAM machine and it sits at around 1% CPU usage, and about 60mb RAM.īy using a VPS as a gateway, there’s no need to account for dynamic IPs. Users are pointed towards a VPS server, which accepts connections, and forwards the traffic down a VPN tunnel, to your home server.īecause the VPS is doing nothing but pushing traffic, there’s almost no resource usage. No modifications to your home network are necessary. This allows you to forward ports to inside your home, but without actually port forwarding. #VPN GatewayĪn alternative to opening ports and directing users straight to your home router, you can use a VPN as a gateway. Contrary to its name, it can be installed on any Debian-based machine. PiVPN in a great and simple way to get started. VPN servers are incredibly lightweight, and will easily run on a Raspberry Pi. ![]() This means that assuming your VPN is configured properly, it doesn’t matter how the applications themselves are set up. You will however still need to manage dynamic DNS if your house doesn’t have a static IP.īecause traffic flows between your device and the VPN server in your house over an encrypted VPN connection, it’s incredibly secure regardless of what’s going over it - even unencrypted HTTP traffic. ![]() This removes the ability for just anyone to access your applications, and requires you to install client software on any devices which require access, but yields a very secure and versatile connection model. This method works in a very similar way to the Port forward technique above, however rather than opening the ports needed for web traffic, you open up the ports needed for a VPN server, and tunnel your traffic through that. You can use a VPN to access the devices behind your home firewall, from anywhere with an internet connection. In short, a VPN allows you to bridge two isolated networks together. If you’re worried about that, or super paranoid, this might not be the solution for you! Because traffic flows direct, it also means that in the event of a spike of network traffic, your home internet connection may be impacted. For this reason you’ll also need to run something which periodically updates your DNS records based on your home IP.Īnother potential downside, however niche, is that public IPs of residential locations can be used to track down the location. For this reason, it’s not enough to simply set and forget your home’s IP, because at some point, it’ll change. If you restart your router, or leave it long enough, you’ll get a fresh IP. Most residential IPs won’t give your home a static IP. The main caveat falls around dynamic IPs. Your internal IP space is yours, just leave it there! This option by design limits access from the public internet, by hiding everything behind your router’s firewall. If you’re not comfortable in exposing your machines to the internet, don’t! As far as security and complexity goes, it’s a lot easier - So easy it’s the default. Here’s the most commonly suggested one: #Don’tĪn important solution which a lot of people forget about is that it’s totally fine to not expose things to the internet. There’s always a trade off between complexity, security, and features. I don’t think there is one right answer which is applicable for everyone in all cases. For someone getting started, it’s almost as important to understand why a given approach is important, as it is the approach itself. One thing I see a lot is people recommending how they do it, or stating how someone should do it (I’m guilty of both!), but very few people give multiple answers, and contrast between them. I see questions about this pop up quite a lot, both on r/selfhosted or the SelfHosted podcast’s discord (go join by the way!). Whether it be some bulk storage using Nextcloud, Feed aggregator using RSS, HomeAssistant or even an IRC bouncer. Naturally, once you’ve got something set up in your home, you might want to access it outside the house. In the current lockdown situation, a lot of people are starting to eye up that old desktop machine, or Raspberry Pi they bought for a project and just left on a shelf, and thinking of putting it to use, as a server! ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |