For historical reasons, I run a bunch of IT infrastructure at home. Mindful of sayings like the cloud is just other people's computers I’ve installed jails on my home FreeBSD NAS / server / router to deliver a bunch of services. Mail, for instance, and an LDAP server to experiment with, and something for package building.

From the road, I always used a fantastically convoluted SSH setup. A dozen tunnels were set up, so I could SSH from my laptop to my router. This has one downside, that DNS is screwed up. Inside my house, imap.localdomain is 192.168.0.193, while outside my house, it’s down the rabbit (SSH) hole at localhost:10193. I sort-of had KMail convinced of this, but changing laptops recently meant re-creating that whole setup and I failed at that.

In the end I decided that the SSH-tunneling aspect was just not tenable long-term. I needed something to connect more generally into my home network from afar. Last summer I made good use of Private Internet Access VPNs, which at least introduced me to the VPN and OpenVPN world. I ran into Kifar Unix which has a tutorial written pretty much for my exact scenario:

  • FreeBSD 12 server at home acting as the OpenVPN server
  • a single laptop to connect to it
  • a static IP and a friendly ISP (XS4ALL, although their culture is also changing now they have a large corporate parent)

I now have security/easy-rsa installed on a machine acting as certificate authority, which has spit out certificates for all my in-house services like imap.localdomain. In-house, I can check that all the services are on TLS.

The tutorial from Kifara got me through the rest. I needed to change some specific IP addresses, and punch UDP 1194 through the FTTH modem, and I wrote out some absolute pathnames, but it was remarkably painless. In fact, the biggest headaches came from all the places where I still had SSH-tunneling or /etc/hosts hacks lying around.