My homelab without public internet exposure
5 days ago
- #Homelab
- #Network Security
- #WireGuard
- Operates homelab with no public WAN exposure using WireGuard for permanent home network connectivity.
- WireGuard routes only selected subnets, not all traffic, enhancing security and control.
- Avoids third-party dependencies like Cloudflare, ensuring full control over VPN endpoint and traffic.
- Services like Pi-hole, Vaultwarden, and RSS-Bridge operate entirely within the private network without public exposure.
- WireGuard split tunnel configuration ensures only home network traffic is routed through the VPN.
- Dynamic DNS is used for external access, with fallback strategies to mitigate DNS resolution issues.
- Local DNS and self-signed certificates secure services like Vaultwarden within the private network.
- All devices use the home Pi-hole for DNS, improving privacy and performance with minimal latency impact.
- Conclusion: Homelab services are designed for private use, not public internet exposure, enhancing security and privacy.