Would you mind sharing your tips for setting this up? I've been considering doing something similar for a little while now but am unsure how to get started.
1. Add a VPN host to your home network, either as another role on your router/firewall or as role on a host inside your network. For example, if you're running pfSense as your firewall, you can add an IPSec/L2TP or OpenVPN role to the pfSense host. Many hardware router/firewall devices have VPN host capabilities. You can start simple by defining users at the VPN host. Later you can use your home network's LDAP directory for users, but I personally didn't bother doing that.
2. Set up your laptop(s) and phone(s) to connect to that VPN. Disable "split tunneling" on the devices. If split tunneling is enabled, only traffic that is intended for your private network would be sent to the VPN. Disabling it requires that all traffic—even traffic destined for the public Internet—needs to be routed through the VPN host.
3. Connect to the VPN whenever you are outside of your home.
4. You can optionally assign a static private IP to each device so that when you're connected, all devices use known IP addresses that you can name using a local DNS server. This would allow you to, for example, reach your laptop by the name "laptop.yourdomain.org" (or whatever). I give all of my devices hostnames so that I don't need to remember their IP addresses.
5. The result is you have a personal "virtual private network" that facilitates private LAN-like communication between all of your devices. For example, I use this to access my personal file server from anywhere.
6. You can get even more sophisticated by setting up site-to-site VPN connectivity between your home network and a machine or network you run at a data-center. This allows you to, for example, reach not just your home file server but also manage your personal public-facing Internet services running at your data-center hosted machine or VM—from any of your devices.
> 4. You can optionally assign a static private IP to each device so that when you're connected, all devices use known IP addresses that you can name using a local DNS server.
This is where I’ve always got hung up. I’ve for a long time wanted a static URI for a machine at home (e.g. SSH, IRC bouncer, music files, etc.)
I assumed I’d have to use some kind of local host tunneling solution (like pagekite.io), which are either expensive or difficult to trust/rely-on, or register as a business to get a static IP.
I was speaking of assigning private static IPs to everything on your virtual private network, and then using a private DNS server. This allows you to reach your devices/hosts by name rather than their IP.
However, the entire scenario relies on you having at least one static IP address for your firewall/VPN endpoint. You need to be able to reach that from anywhere on the public Internet.
I think the easiest way is to get a router capable of running DDWRT or similar that has an OpenVPN server built in to it, flash your router, generate some keys, and hook in with all the OpenVPN clients on Windows, Linux, Android, iPhone, and MacOS. It's really not that bad. I use it all the time when I'm out of my house. I can browse knowing that no one between me and my home can know anything about what I'm doing. Of course, my ISP at home can see everything all the time.
I can even access my home automation system. Shoot, I have one installed at my mom's house and can monitor her furnace when she's on travel in the winter. Everyone would enjoy a personal VPN.
One low maintenance way of doing this would be to setup a SSH server at home (and configure your home NAT/Router to forward traffic to that machine)
Once you have SSH access to home there are a number of ways to tunnel your traffic (on desktop platforms, not sure about mobile). Sshuttle works pretty nice. You can also optionally just tunnel traffic for certain apps or browser profiles by using ssh -D (SOCKS5 proxy)
