So I run a big NAS and domoticz for automation on my home network. I would like to be able to smoothly access this from the outside world, primarily from an android phone.
I know VPN would be the standard and I’ve done that in the past, but frankly I found it to be tremendous a pain in the ass connecting and disconnecting, especially for my girlfriend.
I’m currently exploring something like port forwarding 22 to a linux machine on my network using pre shared key only ssh, but I’m not real clear on how network access would work from that point. Can that be set up to direct local traffic to my network and all other traffic via the normal network connection on the phone? Any article recommendations? All I can find seem to be directed towards tunneling all internet traffic through your home network, which isn’t what I’m trying to do. I just want to be able to hit my domoticz instance and my file server through the tunnel and ideally leave the connection persistent/auto reconnect when network is lost.
A wireguard VPN can be set to only tunnel your home LAN and let all other traffic go via the remote device.
Self hosted and no third parties involved. It can be beneficial to have a domain with ddns so you don’t need to track your home WAN IP but that’s fairly easy to add.
Why not just setup a domain and do things properly and permanently? Easiest option for everyone involved that uses it, and it presents itself professionally instead of a hodge podge scratched together solution
I use WireGuard. I have the client installed on my phone, my MacBook and a Linux box and it just does the right thing.
I actually held off using WireGuard for several years because I already had OpenVPN installed (which was a PITA) and the WG setup seemed so easy that I thought I was missing a step.
Its honestly absurd that there is no easy setup docker image to get an vpn or tunnel. Why is that? There is some very outdated openvpn helper image, but its outdated and needs network privileges, why can’t this be as easy as just setting up a docker image? Is there something inherently difficult with setting up an image with openvpn and just exposing its port?
Try Easywiregaurd. Runs Ina docker container. Has web GUI for client setup with QR code or configuration import. Then, you can setup split-tunneling to always be connected. Or cloudflared.
if you’re just trying to access the network as a whole, split tunneling VPN is your friend. WG probably will be the best option here.
if you’re interested in accessing certain services, then:
set up a VPS that will do tunneling for you, acting as reverse proxy
set up strong auth, like mTLS, and expose services on your home IP directly, probably with a ‘dynDNS’-style tool that will change your A/AAAA records when your IP changes
Another option is to use ZeroTier/Tailscale - SaaS VPNs which you dont selfhost but you install clients only on those machines which has to be connected together (in your case domoticz, NAS and android phone). But it requires “split horizon” solution to be “always on” option.
Absolutely the best way - just set AllowedIPs = home subnet(s) only.
If using IOS one can even set the WG client to only connect when not on home wifi network, say. But even if on Android there’s no harm just leaving it connected all the time really if oyu want to make it simple for the less-techy partner.
Currently running Tailscale and been wanting to switch to self hosted WireGuard on my Synology. Are there benefits to switching? With Tailscale, I have it to Connect on Demand on iOS whenever I leave my network.
Security. Can you really ensure that none of your services have any zero-day vulnerabilities? Also, it does reveal a bit much publicly. I would suggest at least putting a login in front of your dashboard and services (e.g. Authentik).
I feel like I must have missed something with Wireguard, because I see this take a lot. But for me, I spent an entire afternoon trying unsuccessfully to get Wireguard to work, and when I gave up and tried OpenVPN, it was up and running in 5 minutes. Plus, the OpenVPN Connect client app is really nice, while Wireguard clients seem incredibly primitive still.
What are the issues people have with OpenVPN, and how did Wireguard solve them? Because my experience has been the polar opposite.
