This post is a preliminary look at what I might set up involving a VPS “jump server” of sorts to provide access to my home LAN from afar.

What prompted this

  • I love the idea of self-hosting.
  • Home networks aren’t meant to allow ingress traffic by default. I am very hesitant to expose anything to the outside world.
  • However, I’d really really like to be able to access my services - media server, files, backups, etc., as well as remote management, from afar. And I don’t want to remember to turn on a VPN every time. Also, all my traffic from afar will be tagged with my home IP. Or, it might, I’m not 100% certain how all that works just yet - but when I’ve looked at my IP while at work with my VPN enabled, I see my home IP. I’m not sure how I feel about that.
  • I currently have a VPN set up, running on my Raspberry Pi 5, but I’d like to offload this to a firewall (which I do not have - yet). This setup would mean that my VPN would not depend on my home network, and I would not need to port forward, as my firewall would be acting as a WireGuard client instead of as a server.

There are still a few requirements I would need to wrap my head around.

  1. Firewall rules (my mortal enemy)
  2. OpenBSD in general (I figured I’ll use this as an opportunity to learn)
  3. It helps if I purchase the firewall. I also need to do the initial setup of using it in my home network. At the moment, I’m not sure what that will look like (hopefully it will be as easy as the picture below).

Diagram

Thank you to draw.io for existing.

EOF