How securely access homelab from the internet.
Security, security, security. Accessing securely resources from outside (internet) on the local network can be challenging and expensive. When we talk about home networks, it is becoming even more challenging and more expensive 🙂
Today, in this blog post, I will explain how do I provide secure access to homelab by using the IPSec VPN server build-in to Synology disk station.
There are several solutions out there on the market dedicated to SOHO (Small office Home office) or SMB segments you could leverage at your home. Other options are open-source VPN solutions like OpenVPN, StrongSwan, or WireGuard, just to name the most popular. All of those can be deployed on top of your virtual machines or small Linux box and act as a VPN server on your home network.
If happen you have a Synology disk station at home, you can use it as a VPN server too. Configuration is trivial, even for beginners. Synology docs are very good and well written.
Install and configure VPN server on Synology
First what you have to do is to install a VPN server. After deployment, you can configure one of the 3 VPN servers types:
- PPT
- OpenVPN
- L2TP/IPSec
Pick one of the choices and configure it. In my example, I will configure IPSec VPN. Go to management pane –> Manage VPN –> L2TP/IPSec –> Enable.
Check – Run in Kernel mode, set Pre-Share key and enable SHA2-256. That is it. VPN server is up and running on Synology
To have Synology VPN server reachable from internet, you have to redirect 3 UDP ports (1701, 500, 4500) on your firewall.
Test connection.
The easiest way to test VPN access is to use phone and configure build in VPN client. See links below on how to configure android phone to connect to IPSec VOPN server.
Useful links:
- Synology official documentation
- How to connect to Synology VPN server from different devices and operating systems
