I’m re-setting up my HomeLab and one of the things I’m trying to learn about on this go-around is Zero Trust networking. To accomplish this I am planning on using NetBird’s mesh overlay network. I would like all of my services to use the NetBird mesh network at all times, whether they are communicating within my homelab’s LAN or I am accessing them from outside via the greater internet.
I have successfully set up the NetBird management interface on a Hetzner VPS, however the issue I run into is if I lose internet access at home, none of my services are able to function as they can no longer reach the management interface. However, if I self host the management interface in my homelab, I am unable to access it from outside my home LAN.
I’ve identified 2 solutions that could solve this:
-
Self host the management interface and set up a Cloudflare tunnel to the management interface, which would allow access from outside my home network.
-
Self host the management interface, then set up a wireguard proxy/tunnel on a VPS that forwards traffic to my management interface (Similar in my mind to option 1, but not relying on Cloudflare)
What are your thoughts? Any other ideas?
I appreciate your comments/criticisms!
you’re almost certainly routing local network traffic over NetBird instead of using local routes
That’s precisely the functionality I want, though. Secure, encrypted, mutually identified traffic should be the only traffic in a zero trust network.
I’m simply trying to create an ingress point into this network for outside access.