Hello, I’m not a member here but was hoping someone could easily give me some advice. I am in need of a remote access VPN to be able to log into my home LAN when I am on the road, having access to all devices on my home network. My google-fu seems week in that when I try to research the question, all I get are VPN services for home workers to get to office servers. I want something running at home for when I am not.
I have tried several times. My router says it can run a VPN server, I enabled it and was able to connect, but it seems hard coded to a particular subnet which is not what I use for the house, so I am unable to access shared drives, servers and such. I would like my experience to be just like I was in my home office. I configured a unix server with OpenVpn, had it running, but was never able to master the access rules that would make it work, or some other problem. I port forwarded I set up the usual tools but failed.
As you might guess I know some small things about networking, I worked in it for years but my knowledge is about 25 years out of date. I am looking for a dead simple, plug and play solution. Perhaps a box, perhaps a windows package. (my unix server died, I may or may not replace it) Something I could run as a service on the machine and would give me full access to the LAN. Cost is not a huge issue, but nothing ridiculous. I have several windows machines running headless and always on.
For reference, my connection is Xfinity cable with my own modem and a Netgear Nighthawk router. I have several switches and the whole house is wired CAT5.
For you use case I suggest Tailscale. If you need more info ask but guess with your knowladge and Google you have all you need to run it easily.
You can get a RaspberryPi and run PiVPN on it. RaspPi 4B supply issues appear to be over at this point, with multiple worldwide drops daily. A Pi would run at or under $100, and PiVPN is a free download. You would just port forward on your Nighthawk router to the Pi, and you would be all set. You could set the internal IP address to whatever you want to make your internal network accessible.
I run OPNsense as my home router (changed in March 2023 from Asus), and have a Wireguard server/peer setup on that to access home. Everything working perfectly. The only issue I have is one box internally running Linux that also acts as a Wireguard client to an external VPN provider, so I have to add static routes to enable communications across the IPv4 /16 home subnet from that Linux device.
I connect to my home network and I use a VPN server on my Asus AX86U router (either Open VPN or Wireguard) and it works great. I am not sure if your current router supports VPN servers, but with Asus routers it is dead simple. Check out this video on how to set this up:
https://www.youtube.com/watch?v=r_mwzVnS7D0
If you decide to get an Asus router, I recommend an Asus AX86U Pro or Asus AX88U Pro. Both are great routers and will meet or exceed your requirements.
Looks good, thank you. The free level is all I need. I was hoping for something that didn’t depend on 3rd party servers, but I guess I do anyway just to get to it. Is the free level available forever, or is there a trial limit?
also acts as a Wireguard client to an external VPN provider, so I have to add static routes to enable communications across the IPv4 /16 home subnet from that Linux device.
Yeah, you see that’s the bit where you might as well be telling me to hook the framistan to the plumbus. I’m sure I could learn, but I did this shit for 45 years and I’m kind of done adapting technologies. I’m tempted, I have a friend who does a lot with Pi’s so he could help.
I have a netgear nighthawk that does have vpn server, which is one of the reasons I got it. I have not found a way to set the subnet for clients though, and it insists on making clients part of 10.0.0.X. That is nowhere near the range I use for my home network, and I have found no way to bridge the subnets making it useless.
Its free longterm not the trial. And they expanded it lately to 3 users and number of devices got bigger so I don’t see it going paid. You can selfhost Tailscale as well but then it is not as easy to set up. In case you want selfhost it compleatly Wireguard is maybe better option.
With something like PiVPN on a Pi, you would have control over the subnet or addresses assigned to inbound connections. As long as your inbound connections are in the same subnet as the rest of your devices, you won’t have any issues. Sorry if my personal example was not quite relevant, as I have my inbound VPN on a different subnet than other devices (for segmentation).
If your current router doesn’t work, I suggest you save your time, get one of the Asus routers and sell your current one.
Hmmm. I’ve never done an Rpi before, but essentially I get it, plug in a keyboard, monitor, and network, download the software, install and configure. Then I can just leave it running headless? I can remote access it how? And could I run pihole on the same one? I’m kind of wanting to do that.
Exactly all of that. I bought mine a couple months ago, and it is running headless with a couple small network services similar to what you listed.
Remote access via SSH or RealVNC (or compatible VNC client).
Yup, it’s as easy as flashing an sd-card with the PiHole image, installing it and then run PiVPN on the PiHole.
Run the PiHole image and install it. Then you can ssh to it and install PiVPN by simply running a curl command which downloads and starts the installer.
Thank you. I guess I can google how to do those first 3 things.
Yes, there’s a boatload of guides on the topic and since it’s a pretty straightforward install, the guides are correct for the most part.
Thank you. When I get home I will give this a try.