Setting up remote access for your homelab, securely

As a cybersecurity student the number one advice I have for you: never expose your home lab to the internet. With that in mind, how do we access our services when we aren't from home? Well there are a multitude of options to complete this, so lets look into a few!

Tailscale · Best VPN Service for Secure Networks

Securely connect to anything on the internet with Tailscale. Deploy a WireGuard®-based VPN to achieve point-to-point connectivity that enforces least privilege.

Tailscale is an amazing option for those looking for a fully featured option while not requiring massive setup of a VPN server and exposing your systems to the internet. Tailscale will make you a virtual network that you can connect a hundred devices to just on the free tier alone. They also allow the creation of an exit node so you can appear like you are coming from home!

Downloading this is as easy as one command to get their download script.

curl -fsSL https://tailscale.com/install.sh | sh

and then doing sudo tailscale up to enable it! it will prompt you to log in to add it to your network and bam! its done! You can now connect to that device from anywhere.

Some other features include their SSH offering where you can add --ssh to your tailscale up command to advertise an avalible SSH session to your network, that will allow you to remotely access you lab by securely sharing keys between your systems and not having to worry about them youselves!

Additional setup can be found on their website:

Download | Tailscale

Tailscale is the zero configuration VPN that doesn’t go through the public internet.

Tailscale

ZeroTier | Global Networking Solution for IoT, SD-WAN, and VPN

ZeroTier is the best global networking solution and overlay for IoT infrastructure, SD-WAN, VPN, and remote access.

ZeroTierTodd Shipway

The last option I used is ZeroTier. this allows you for free to connect 10 devices to a "virtual network" essentially allowing it to always have the same IP address no matter where you are.

An important notion is this works without port forwarding ZeroTier practically makes a tunnel between your devices stopping the port forwarding that might be required my making your own VPN

Setting these up on your system is as easy as using one of their one line commands on their website here:

Download - ZeroTier

Global Area Networking

ZeroTier

You will download this on each device, and once logged in you will be able to access it by pinging the virtual network IP!

It is very similar to tailscale but has less features compared to the user fiendly GUI of tailscale.

Everyone has more than likely or not heard of Virtual Private Networks (VPNs) and you can take advantage of this technology to operate your own VPN server! You then could just connect and use your services as if you were right there in your home!

Setting this up can be very simple depending upon your router. You can lookup "<router brand> openvpn setup" to get many articles about setting it up. for an example I searched up this for openVPN on TPLink Routers:

How to Setup OpenVPN on TP-Link Routers (Windows)

How to Setup OpenVPN on TP-Link Routers (Windows)

In a vast world of entire internet scanners. it is important to ensure the security of our systems in private networks. The great thing about all of these options is most (except for the VPN) only require you to download software and communicate through external servers in order to manage or access your machines. It is a great option for anyone trying to make their remote access solution as good as possible!

If you liked this article and would like more I recommend subscribing to my publication! I put out good content every week on cybersecurity and my learning journey!