What is a VPN?#

A VPN is a service that digitally connects a device and a remote server, creating a point-to-point tunnel. For our use case this lets us access our self-hosted services that can only be accessed when we’re connected to the homelab’s network. Another use case for VPNs could be to mask your IP address and sidestep website blocks.

What is a Dynamic IP address and why does it make hosting a service harder?#

You can have a static or dynamic IP address, static IP addresses, as the name suggests, stays the same, whereas dynamic IP addresses change from time to time.

Usually most consumer ISPs assign dynamic IP addresses to their residential consumers, as it is more cost-effective.

How to setup ddclient with cloudflare’s DNS service#

  1. First of all we need to setup a DNS record with the following settings: Type: A Name: lab-vpn IPv4 address: 0.0.0.0 Proxy status: off TTL: 5 mins !Image Description
  2. Now since we have a dynamic IP address and we need to constantly update the IPv4 address, to do this Cloudflare has an API to do just that. To use this we need to create an API token. To do this click the profile icon, then my profile. Select API Tokens on the navigation menu, then press the create token button. !Image Description Create a Custom Token and make sure to select the following permissions to read the current DNS records and to edit the lab-vpn record.
    • Zone - DNS - Edit
    • Zone - Zone - Read
    • Zone Resources: Include — Specific Zone — select your domain
  3. We now need to setup something to use the API to update the DNS records using the API token. This something is ddclient, and I’ll be running this on an always-on device in my network, to install this I just used apt sudo apt update && sudo apt install ddclient now we need to configure it so it knows what to update, how often and how it gets the current IP address. To do this we edit the configuration file located at /etc/ddclient.conf. I used the following configuration:
daemon=300
syslog=yes
ssl=yes
fw-skip=yes

protocol=cloudflare
zone=replace-with-domain-name
server=api.cloudflare.come/client/v4
ttl=300

use=web, web=api.ipify.org?format=json

login=token
passwork=replace-with-api-token

lab-vpn.domain.name

we then need to restart ddclient. To do this we can use this command: sudo service ddclient restart

  1. we can then make sure the service works by either checking what the DNS record points to or we can check ddclient’s logs with the command sudo service ddclient status

What is WireGuard#

WireGuard is a

How to setup WireGuard#

I chose to use the PiVPN project to setup WireGuard, so I just had to run the following command: curl -L https://install.pivpn.io | bash and followed the on-screen prompts, and once finished I just set up a new vpn profile with the command: sudo pivpn add

Connecting from my computer#

So now that we’ve setup the server side we can now connect to it with our computer. We just need to download the WireGuard and setup the tunnel with the configuration files stored in /etc/wireguard/configs

Conclusion#

By using ddclient, cloudflare and WireGuard we can now connect to our homelab’s network from a remote network, even when we have a dynamic IP address.

This setup ensures that your domain always points to your home network, automatically updating whenever your public IP changes, while WireGuard provides a fast, lightweight, and encrypted connection back into your homelab.

!Image Description