Home network VPN

I want to setup remote access to my local network via VPN. Have a few reasons, but mainly to access my NAS while on the road.

I work in tech, and have good understanding of most of the concepts, but just trying to pin down an approach. So just looking for peoples experience in actually getting some of this setup.

Options:
1) Containerized apps on my NAS server (TrueNAS Scale): WG-Easy & DDNS Updater

2a) Dedicated Linux box (Intel NUX 8th gen I5 w/ 16gb ram): Ubuntu, OpenVPN Server, whatever else

2b) Setup Docker and run WG-Easy & DDNS Updater

3) Dedicated VPN hardware: Firewalla, etc... Seems expensive, but probably easier to setup

I'm leaning the most towards option 2 at the moment, as I have the hardware already, and I wanna get setup by Thursday.

The reason I'm straying away from running more items on the NAS server, is that I use it for local dev work, so don't really wanna mingle the VPN into mission critical hardware...

option 3, I'm open to get standalone hardware if the user experience is just that much better, but need a good reason to justify the expense. And unfortunately, searching for "best VPN hardware" these days just ends up in a slew of ads for companies trying to sell security in the form of VPN..

My existing Linksys mesh router does not have a built in VPN, and I am not interested in getting a new router/WAP.

 

gdrive / chrome remote desktop?

 

You’re above my level of caring for the networking details, but as a software engineer I’m about simplicity and reducing the hands on feeding/nurturing (aka sys-admin) parts of things.

I’d rather spend a little more money for some software/hardware than to hack out a solution myself (outside of what I do to get a paycheck).

It does seem that you have a deadline though, so maybe that’s your priority and requirement. So maybe you roll with what you have know and then iterate if it’s a pain in the butt to manage when you’d rather be out on trips/on the road.

 

Option 2 because you have it on-hand and it's easy to spin up quickly. Time crunch = quick and dirty for now.

I agree with not further taxing your NAS. If it's mission critical for dev, leave it alone.

 

Depends on the level of access you want. Like I said, chrome remote desktop is pretty legit and doesn't need you to stress the details, literally just enable it and set up some PINs and that's about it. Doesn't get you direct file access to your network, but 'remoted into a machine that's on the network' is pretty close enough by my book. Quick file transfers can be done by dragging needed things onto a gdrive you're signed into, and tbh streaming isn't that bad for most content if you're looking to use it for that, if your connection is happy. That, or for media, plex remote access on your NAS.

 

I got a new m.2 (thank Amazon same day delivery) for the "old" Intel NUC, and installed Ubuntu Server 24.xx on there. Installed OpenVPN Access Server, and setup a Dynamic DNS via No-IP and I think things are working. Couple little configuration gotchas, but nothing major. Gotta RWT things tomorrow...

A few other considerations not detailed in the OP:

Network layout was a consideration. Dev machine and the NAS are connected via wired ethernet and switch, which ultimately connect out to the LAN/Internet via a mesh node. I prioritize the direct connection between dev and NAS over internet speed (and I can't easily get an ethernet cable from the office to the router/modem. Using the NAS would have meant the vpn connections would have to span wireless). I think if the NAS and router were directly connected, I would have spun up a VM on the NAS and done something similar.

NAS server is well setup (12 gen intel processor, lots of fast ram, lots of fast drives)- couple of different storage pools. One for my wife and I to dump all our important personal files and photos to, another for my dev work, another for her photography work, and then two more small non-striped pools for the containerized apps themselves and another for app volumes so I can run things like dev containerized dbs.

Google Remote Desktop was off the table- I also want the connecting devices to access the internet as if they were originating from my house. ... Cause I am going to Mexico this weekend, and we gotta stream the Peacock app, which is geofenced to the states. Yes, I coulda just got a software vpn service for this purpose, but I did the same for free.


Overall it's nice for a first shot. The NUC is happy to run totally headless (no keyboard, mouse, video), which is great cause I can just ssh in from whatever other LAN device I want, and the NUC lives with all the other network gear on a UPS. Whereas the NAS, I had to get a dummy HDMI plug to make it run headless.

Implemenation Notes:

OpenVPN Access Server- Convenient.. But.. It's obviously just a really nice wrapper for OpenVPN Server, and they fucking charge money for more than 2 connections. I am not sure if that means two connections from the same user, or one connection from two users, but that's a considerable long term disadvantage to an underlaying open source free service. It let me get things setup fairly easily, but gets quickly limiting without shelling out bucks. The documentation doesn't mention that in addition to the vpn ports, that you need forward/open the Access Server port(s). They also skip some configuration concerns when implementing along side DDNS client.

No-IP- pretty painless overall. Current versions of the ddnsclient are really easy to configure, even via ssh. For some reason, this was the thing I was putting off doing this sooner.

Some things I didn't like- browsing to 80/443 to the ddns domain name resolved my router configuration login page. Still not sure how to disable that. Remote Access is disabled. Linksys has got a strange "Smart Wifi" interface- not sure if that actually hosted locally, or remotely. I forwarded that port to a non existent IP on the network as a hack, but seams like a sketchy default.

I like having another dedicated server on the network. I'll probably end up hosting public facing containers on there as well. Would be great to self host my own website at a minimum, rather than pay some random server farm for a small slice of pie.

 

Remote desktop can play websites pretty good, even with video. Bandwidth dependent, of course. Slightly more bandwidth use than a straight up vpn, though. But also saves you some of the problems of port forwarding and adding another server to secure.

 

I run a vpn off my synology. It was quick and easy to setup and I haven’t had any issues. Been up for about a year now.

It also handles dynamic dns if you don’t have a static ip

 

If you are just looking to access this yourself, I'd recommend tailscale.easy as pie and you will have your own mesh network for all your devices from anywhere without any open ports or external facing attack surfaces.

Highly recommend (it looks like you had WG-EASY as one of your options, tailscale runs on wireguard protocol)