Hey everyone, got a question I was hoping I might be able to get some clarity on from networking gurus.
I recently started giving a new VPN that allows me to also have a static public ip – i.e. i also get all of its ports. My home set up is going to include 2 devices that I want to connect to the internet through the VPN – a Synology NAS, and an Intel NUC. Both of these devices are going to be running web services that I want to be able to connect to from outside my home.
What is the best/cleanest way to accomplish this in my VPN scenario? Is it possible to have only the NUC connected to the VPN and listening on all ports, and then run something on it that will selectively relay requests on certain ports to a different peer device on its local network (in this case the Synology which would not be directly exposed to the internet)? Or in this situation, would I be better off having both devices connected to the VPN using the same public IP, but just making sure that a given port would only be answered by one device? Not even sure if that last one is possible…
I know you can also run VPN software directly on a router which might simplify things, but I am hesitant to go that route because I’m assuming that would route all internet traffic for every device on the home network, whereas I really only want the VPN to apply to these 2 devices.
For remote access try Tailscale, add the Tailscale client to whatever you want remote access too. they make clients for most platforms and has simple/easy setup. I use Tailscale, but there’s also Zerotier and several others too.
Oracle cloud free service, spin up a six core 24bgb arm vm ubuntu server image with multiple public ips and multiple public interfaces(through debian/the settings for that vms network, not via their vpn offering), ip link them, connect the service to each. Configure your firewall rules appropriately in both vms iptables and oracle gui from the public internet towards your network (easiest is to deny all except authenticated vpn with matching key pair). Watch your bandwidth limit doesn’t exceed 10TB/mo.
If doing from home, save yourself the headache and buy a cheap second internet connection for only the device that allows outside connections, too big of a security risk without advanced configs and tons of troubleshooting on your part. Months minimum, to several years to achieve stability with security.
That creates a mesh network between devices, right? I’m not sure that would necessarily support my scenario here, because I wouldn’t want my friends to all have to be on the network to connect to my devices. That’s why I got the public IP through my VPN to support that piece.