Hey all,
I recently decided to purchase a dedicated server from RackNerd with the goal of hosting my homelab services remotely.
Previously, I ran a high-availability Proxmox cluster out of my one-bedroom apartment in NYC, powered by a few Dell Optiplex 4090s. A few months ago, I moved into a new place and had to decommission that setup.
Since my new setup is remote, it presented a few challenges:
How am I going to administer my lab? How can I secure it? What services will I host?
The first question I had to answer was how to administer Proxmox remotely. Realistically, there are only two options:
- Navigate to the management portal via public IP
- Connect via VPN
Because I’m using this lab to practice production-level setups, I opted for a site-to-site (S2S) VPN to access my personal services.
However, I am leaving the Proxmox management portal accessible over the internet. It’s protected with a strong 15-character username and password, as well as TOTP. Sure, there are more secure options, but I also don’t want to overengineer things to the point where my lab starts feeling like a job.
That being said, I still needed a secure way to access my other services. Here’s what I landed on:
- IPsec VPN between my Dream Machine and a VyOS VM running in Proxmox
- BGP to exchange routes between the two sites
Here’s a quick and lazy diagram of the setup:
One thing I really appreciate about both the Dream Machine and VyOS is that they use strongSwan under the hood. In my opinion, strongSwan is the best open-source implementation of the IPsec suite.
Another thing they have in common is the use of FRR as the routing control plane. FRR is an outstanding open-source project that’s widely adopted—especially in the cloud.
I love using BGP across my networks. It’s a powerful and flexible protocol that scales up or down based on your needs. In the screenshots below, I’m just exchanging a few routes, so its full potential isn’t really on display here:
Overall, I’m super excited to see how this environment evolves and what else I can sprinkle in over time!