How to tunnel to home router running OpenWRT?

Hi everyone,

I am running a simple setup of ISP provided model -> OpenWRT router -> A few VLANs local VLANs. In general, I will need access to my home IP during travel. What is the simplest way I can set this up through the OpenWRT router? Which tools will I need?

Additionally, from the websites' and services' perspective, do they see a difference at all in the connection from this tunneling set-up, versus me physically at home to connect? Can they tell that my devices are tunneling home rather than directly connected to them from home?


Edit: I don't run any self-hosted services nor servers at home if that is relevant.

Woreguard is pretty simple

1 Like

HAProxy on OpenWrt is a great option to access your internal services.

Can you log into the ISP provided box and configure it? In particular you need two essential things:

  • Confirm that the wan facing IP held by the box is directly on the Internet and not a CGNAT. This IP must match the IP that is reported when visiting a "whats my IP" test site from a computer on the home LAN.
  • Confirm that you can forward ports to the LAN. This will allow incoming Wireguard encrypted packets to reach your OpenWrt router.
1 Like

I will have a look at the ISP modem. For this setup, do I need to use dynamic DNS, which is something frequently mentioned when people talk about tunneling home?

Dynamic DNS gives your home's IP address a name. This is important because most ISPs change the IP that a customer has from time to time. So yes you probably will want dynamic DNS, but it isn't essential when you are first testing-- you can get the numeric IP from the router then enter it into your client.

1 Like

how about frps on a cloud VM , and frpc on your router

If I use a free dynamic DNS service, is there any particular security or privacy concern? I only plan to turn on this set-up during travel, so very occasionally.

No brain solution if you have the ram and don't care about security (in the sense of owning the entire chain) cloudflared is a no brain... It's just wireguard wrapped in cloudflare cdn (wireguard info can even be extracted)