I’ve been running a home server at home running CasaOS for a few months now. I use a wireguard vpn to remote in to use Jellyfin on my phone etc. Basically i want to know if there’s a way i can both hide my public IP (such as using a conventional vpn for torrenting) while still being able to remote in to my server?
I’ve been thinking of running running all my network traffic through my server and setting up some sort of firewall too, but I’m fairly new to this as this was originally just a project I did out of spite after getting rid of Spotify. I’m fairly green when it comes to networking and servers, but I’m otherwise pretty good with computers and can muddle my way through most things.
Any suggestions are greatly appreciated.
You can’t hide your public IP. It’s public.
I presume your servers sit on your home network, and it’s a basic flat network. And you have a basic home router. And you forward a port on your router to your server that’s running wireguard.
Sound about right?You already use a VPN to access your homelab/home-servers.
So the only ports you are forwarding (presumably) relate to wireguard. So the only accessable ports are secured sensibly (by wireguard, cause thats what it is).So you are already doing everything right.
If you want a fancier router/firewall, then OpnSense or OpenWRT are good options.
But I wouldn’t run everything through your server. Let your server serve. And use a router to do network things.
If you really want to hyperconverge onto a single server like that, then I’d do it inside different VMs (probably running on a proxmox host). Have a VM running OpnSense that only does network and routing. Then VMs for other services.
You’re directly coupling your home internet access to the proxmox host and the VM, tho.
Which is why I prefer using a more embedded/dedicated router appliance (I’m a huge fan of mikrotik stuff, but my home network is TP-Link Omada. Tho I think I’ll move to Unifi)