Currently, I’m working on building my homelab. It’s still a very much work in progress but everything is coming along nicely.

homelab

I plan to host lots of stuff in my homelab and be able to access it while I’m not at home. I don’t feel comfortable exposing them all to the Internet so VPN to the rescue.

The setup is straight forward. It’s different, depends on your lab equipment but the steps are always the same.

  1. Setup VPN server in your homelab.
  2. Setup port forwarding in your router.
  3. [Optional] If your IP address is dynamic, you can setup dynamic DNS so that we can access the VPN server by domain.

First step is rather easy. I already have a Synology NAS and they have the built in VPN Server app ready to install from their package store. It’s just 1-click away. You install it, enable OpenVPN protocol and it’s done. Click export configuration afterward.

The UniFi Security Gateway also have built-in VPN server but I figure since the NAS is more powerful, I think I should offload the work to the NAS.

synology vpn server

The second step can be done via your router. In my case, I use UniFi hardware so I’m gonna do it via UniFi Controller in Settings -> Routing & Firewall -> Port forwarding.

unifi controller port forwarding

Optionally, if your IP address is dynamic, you may want to setup dynamic DNS (eg: myvpn.example.com). I already covered it in a previous post using Docker and CloudFlare.

Now, edit the exported configuration and replace the server IP address with your static IP address or your dynamic DNS above.

Try connect with OpenVPN client and if all is good, you should be connected.

openvpn

Troubleshoot

I found Ubiquiti has an excellent troubleshoot guide available on their website.

Some common problems are:

  • Double NAT (local): You have 2 routers on your local network. In that case, you either have to remove 1 router (change to AP mode?) or setup port-forwarding on both.

  • NAT public IP address: if you see your public IP address via your router and via, say Google, doesn’t match. That’s probably it. See the below picture, if the two IPs are not same, you got NAT public IP address.

If you go through all that and it’s still not working, it’s probably has something to do with the ISP.