I was wondering if there any secure and/or private ways to remote into ones home network that does not require setting up a VPN tunnel?
What exactly do you mean by home network? If you want to remote access your devices, RustDesk is very powerful and works well for all that it offer.s
This is what I meant. Sorry if that was not clear. Although I dont actually need the ability to remote into a specific device, I just need access to the network itself, so I can acess my network drives etc.
Used to use RustDesk, and am not super opposed to going back to it but, the multiple screen support was super limited when I used it. Which made things a bit inconvenient.
1 Like
I mean… sure but the fact that you’re able to it this well itself is great. Wanting a highly specific thing is a little unreasonable I feel. I hope they expand their support but I would not let that stop me.
That’s just my opinion - but that’s the best answer I have for you at the moment.
1 Like
What about Tailscale, ZeroTier, etc?
3 Likes
Punching through your network is easy. Punching through correctly the right way with minimal security issues could be a challenge.
Might as well use Tailscale, Zerotier or Cloudflare Tunnel.
1 Like
Or just whatever Wireguard tunnel functionality your router has built in (assuming its more advanced than your basic ISP router) if you want a simpler setup.
3 Likes
Yeah exactly, this is why I wanted to get others opinions.
@crossroads Tailscale actually seems like its probably more then what I need. I watched a few tutorials about ZeroTier and looks pretty interesting. Thanks for the suggestions.
@phnx excuse my ignorance, I have spent about 6 seconds looking at this (I plan to look at it more in depth after coffee) but is it reasonable to assume this is similar to ZeroTier?
I did just switch my network to basically all openwrt compatible equipment (got lucky 24.10.0 came out right around the same time) and it does look to have a netbird package.
Yes, pretty much. Zerotier is proprietary, though, and there are some technical differences that realistically won’t matter.
It’s always nice to have your VPN on your router since that’s a single point of failure regardless. That package seems very outdated, so I would avoid it.
1 Like
Good call, it does look like there should be an update coming soon.
while the netbird package in Openwrt is currently on version 0.24.3. The new Openwrt 24.10 release (expected soon) will bring an update version of Netbird.
Afaik, cloudflare acts as mitm in tunnels and can see everything whereas Tailscale is more end to end encrypted.
That’s not implausible.
They have the business of DDOS mitigation. Makes sense that they have at least some insights where data streams from and to.
1 Like
Out of curiosity, is there a specific reason you wish to avoid this?
2 Likes
no. I probably should of just left that qualifier out. At the time that was the solution I was finding the most on my own, so i didn’t want a bunch of responses that had tools I had already seen.
currently I have been trying out @phnx suggestion of NetBird and liking it more then RustDesk. May also give TailScale a try as well. Open to more suggestions, also think other users may find it useful.
1 Like
Makes sense! I’ll give my experience of using plain WireGuard in hopes it’ll give some insight into the decision:
I currently have a WireGuard port exposed on my router (OpenWRT) to give me LAN access on client devices I setup, and DDNS to attach the public IP of the router to a DNS I can consistently use. It definitely is a bit more work, but I also don’t have to go through TailScales network and I have complete E2E control.
The pain points are definitely getting the config on OpenWRT correct, ensuring the client configs are correct, adding a new config to each client manually (but this isn’t that often really…). If I wanted to extend the VPN to beyond just me and my devices, I’d definitely look into TailScale to make onboarding way easier.
1 Like
Thanks! I appreciate you sharing your insight.
As a networking novice just trying to create a separate VLAN for a guest network, I relate all to well to the pain of getting the config on OpenWRT correct 
Honestly, it should be a PBQ for the N+ exam
One thing I like about the NetBird option is not having to open a port. With their privacy / security defaults, it makes me feel more at ease using their cloud option for remoting in but, I can see why that might not be a great solution for your workflow.
1 Like
Netbird is open source for self-hosting which is nice as it allows you to avoid using their cloud without relying on a third-party server like Headscale for Tailscale.
1 Like
There is definitely less security maintenance (and concern with an exposed port) with the third party services. But you now must trust an external NetBird provider to get it right, or you’ll need to host your own somewhere accessible to everything you want to connect. All are definitely valid depending on the use case.
Even guest networks are a PITA for a separate wifi interface on OpenWrt. With great power comes a great time sink and cursing over documentation.
1 Like
For setting up your own WireGuard config, I highly recommend Pro Custodibus’ blog posts.
It ranges from detailed instructions for common setups (Hub-and-Spoke, Point-to-Point, Point-to-Site, Site-to-Site) to breaking down why each ip and iptables rule that wg-quick applies is needed.
Not to mention the WireGuard AllowedIPs Calculator, and a great explanation for why you probably should just fix your routes instead.
3 Likes
The original purpose of a VPN was exactly for this: To remotely access the office network. Or in your case, you home network. Any reason you don’t want to use the tool that was designed for exactly this situation?
It used to be that only the higher end home routers could also run a VPN server but nowadays that seems to have worked its way down market. All the routers I investigated recently for other reasons seemed to support serving multiple flavors of VPN. IPSec, OpenVPN, Wireguard, etc. And many/most also seem to support DDNS. Between the two it can be as little as clicking a couple of buttons on your home router then clicking save to start a server you can access by name rather than IP address. Another button press or two will get you the configuration file(s) to load on you your device(s) to configure the VPN clients on them for remote access to your home.
All for free. All under your control. All as updated on security as you are willing to keep your home networking gear.
I am having a hard time understanding why you would want to do things in a more complicated way that may also involve third parties that you will have to trust.