Having a Home Lab is great ... at home, but what if you want to access it whilst you're out and about? This was my problem so I set about a bit of research. After comparing a couple of offerings I chose WireGuard VPN as it seemed fast, secure and reliable. Best of all it is free and reasonably simple to set up.
I had a spare Raspberry Pi3 knocking around so I installed Raspbian on a MicroSD card, booted, ran the updates and we were ready to go. As this was a going to be a bit of a test and proof of concept for me, I decided to install WireGuard via PiVPN. Installation is guided, setup is relatively easy and administration is simple.
curl -L https://install.pivpn.io | bash
During the install I did need to go out and set up a Dynamic DNS service through a popular web vendor as my ISP uses dynamic IP addresses, meaning that once I'd set up the VPN and the IP changed, I would not be able to access it again until I reconfigured the config files. Not very useful if you're not at home and can't check your public IP. I checked the setting to enable unattended updates so that I didn't need to keep logging into the Pi to manually update and patch it every week.
I set up a Test user to trial the VPN, installed the Wireguard client on my phone, generated the QR code from the server on the Pi, scanned it via the client, switched it on and ..... NOTHING.
A bit more research and head scratching found that I needed to set port forwarding on my router before I could reach the server. I also found that once this worked, I had to enable IPv4 Forwarding on the Pi so that the VPN would work fully. The Pi also needs a static IP address on the internal network to ensure this works which is mention during the install script.
sudo sysctl -w net.ipv4.ip_forward=1
After all that, Hey Presto, a working Point to Site VPN connection from the outside world and I could access all my lab machines and files. To keep things secure, I deleted the test account and set new ones up each for my laptop, phone and tablet.
All in all a very
worthwhile and incredibly useful project that's taught me about VPN connections and that although
things don't always work straight out of the box, with a little persistence and
research you can fix it. The PiVPN (using WireGuard) can be set up on various hardware like Raspberry Pi's or even in a virtual machine - anything that will be left on permanently.
No comments:
Post a Comment