For historical reasons, I run a bunch of IT infrastructure
at home. Mindful of sayings like
the cloud is just
other people's computers I’ve installed
on my home FreeBSD NAS / server / router to deliver a bunch
of services. Mail, for instance, and an LDAP server to experiment
with, and something for package building.
From the road, I always used a fantastically convoluted SSH setup. A dozen tunnels were set up, so I could SSH from my laptop to my router. This has one downside, that DNS is screwed up. Inside my house, imap.localdomain is 192.168.0.193, while outside my house, it’s down the rabbit (SSH) hole at localhost:10193. I sort-of had KMail convinced of this, but changing laptops recently meant re-creating that whole setup and I failed at that.
In the end I decided that the SSH-tunneling aspect was just not tenable long-term. I needed something to connect more generally into my home network from afar. Last summer I made good use of Private Internet Access VPNs, which at least introduced me to the VPN and OpenVPN world. I ran into Kifar Unix which has a tutorial written pretty much for my exact scenario:
- FreeBSD 12 server at home acting as the OpenVPN server
- a single laptop to connect to it
- a static IP and a friendly ISP (XS4ALL, although their culture is also changing now they have a large corporate parent)
I now have
security/easy-rsa installed on a machine acting as
certificate authority, which has spit out certificates for
all my in-house services like imap.localdomain.
In-house, I can check that all the services are on TLS.
The tutorial from Kifara got me through the rest.
I needed to change some specific IP addresses,
and punch UDP 1194 through the FTTH modem,
and I wrote out some absolute pathnames,
but it was remarkably painless. In fact, the biggest headaches
came from all the places where I still had SSH-tunneling or
/etc/hosts hacks lying around.