this post was submitted on 10 Jul 2023
31 points (94.3% liked)

Selfhosted

40847 readers
587 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Hi folks, I'm just getting into this hobby thanks to the posts in this community. So far, I've installed Ubuntu server 22.04 on an old laptop and got paperless working, and I'm pretty pumped. Now I would like to access it outside of my home network on my phone.

I have a Netgear R7000 with Advanced Tomato installed. Here's my plan, but I don't know if it would work... So I'm hoping for a peer review of sorts.

  • Get openVPN working on the router as a server.
  • make a certificate for my phone and use it as a client.
  • use my fedora laptop as the CA (?).

I think I need to use easy-RDA to make the keys and certificates...

Does that sound about right? It's this a good approach or is there something better/easier/more effective?

If there's a great tutorial around for accessing the home network externally, I'd super appreciate it. Would obviously prefer to do it myself and not pay for a service... I've been enjoying the learning experience!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 2 years ago (1 children)

You're mostly correct, but you don't need the laptop to act as a CA or anything. A CA is just a cryptographic key, you can generate them on the laptop, on the router, or wherever you want. All that matters is that the router and the clients agree on what the CA is.

Alternatively, you can port forward from the router to the laptop and run the VPN on the laptop itself. That will open you up to more VPN protocols such as WireGuard which is newer, works so much better, and a whole lot easier to get set up. That stuff just works. Or you can forward the SSH port, and use SSH forwarding using an app like JuiceSSH as the way to enter your network.

[–] [email protected] 4 points 2 years ago (1 children)

I can vouch for wireguard it's super easy to setup

[–] [email protected] 1 points 2 years ago (1 children)

Same here, but never tried tailscale or anything like that

[–] [email protected] 1 points 2 years ago (2 children)

So how does that work? Just using wireguard I mean.

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago)

there are 3 main steps depending on what OS is being run, but it basically goes like this

port forward some port to a maching on your home network,

create a wireguard config through network manager if you're using that or the wg-quick command, make sure it auto connects

3 mess with the firewall so that your devices on the wireguard network can see your home network

there are tons of easy to follow guides out there, this is the one I followed

[–] [email protected] 1 points 2 years ago

Personally I use openmediavault (nas software) that has nice wireguard plugin and everything in UI. But you can use native wireguard app or pivpn for example.

  1. Port forward 51820 udp to your server

  2. Setup tunel and client on server

  3. Scan QR code with your client (android or whatever)

  4. and 3. has to be done for every new device