I’m re-setting up my HomeLab and one of the things I’m trying to learn about on this go-around is Zero Trust networking. To accomplish this I am planning on using NetBird’s mesh overlay network. I would like all of my services to use the NetBird mesh network at all times, whether they are communicating within my homelab’s LAN or I am accessing them from outside via the greater internet.
I have successfully set up the NetBird management interface on a Hetzner VPS, however the issue I run into is if I lose internet access at home, none of my services are able to function as they can no longer reach the management interface. However, if I self host the management interface in my homelab, I am unable to access it from outside my home LAN.
I’ve identified 2 solutions that could solve this:
-
Self host the management interface and set up a Cloudflare tunnel to the management interface, which would allow access from outside my home network.
-
Self host the management interface, then set up a wireguard proxy/tunnel on a VPS that forwards traffic to my management interface (Similar in my mind to option 1, but not relying on Cloudflare)
What are your thoughts? Any other ideas?
I appreciate your comments/criticisms!
That’s one of the advantages for those interested in ZTN. In a somewhat similar way to IPv6, a local address/network isn’t inherently trustworthy.