I've been trying to set up my home network so that I can access specific servers, computers, or devices on general so i can get data, files, or control the home automation while I'm away. I've tried many things, but it hasn't successful.

Reverse Proxy

One of the main things to access devices behind a secured network is to use a reverse proxy to the house so that I can access some of the applications that I'm hosting on the Synology Server, and also to access Home Assistant from outside of the house.  I've been working on this for months, trying different things for Dynamic DNS - DuckDNS, Synology.me, etc. But without any connection from outside.

IPv4

The internet had been running out of IP addresses for a while now, and companies like T-Mobile have been allocated a few set of address ranges to provide access to the internet, but there are likely more devices than addresses available and so everyone under the company gets to share the same IP addresses. They just keep track of who is connecting and where to route the data via a NAT table. The downside to this is that when you want to point to an IP addresses that is in the network, it only shows the public facing shared IP address. When you're trying to access inbound, their service doesn't know where to route, so the requests go nowhere.

IPv6

IPv6 is supposed to fix all of this. Theoretically we shouldn't be running into running out of unique IPv6 addresses for a very long time.  Each address is unique and doesn't need to have specific forwarding rules built.  It even avoids the NAT table issue. But for some reason after putting an IPv6 into the DDNS service, I still couldn't get into the home network.

VPN Solves the Issue, and it's even better than expected!

There's one more option I wanted to try, and that's to create a VPN to the house network. This creates a secure link between a remote device or network and connects to the home network.  I'm thinking about at setting up an account with Nabu Casa so at least we can control the Home Assistant automation. Since the project is open source, and the developers are privacy focused and all the data sent out can be reviewed.  I'm not too concerned about my data being sent to the wrong people.  There's always that trade off between convenience and privacy and security.

A second issue I had was to access some of my other programs on the network because I have a vaultwarden server set up and I can't update my other devices unless I'm on the home network.  It's a pain when I can't sync something onto my phone when it was set up on the home computer.  

But Tailscale is a VPN that has an Add on package in the Home Assistant add on store.  No need to go through and read the documentation on how to set it up on Synology.  It really was clicking a button to install the plug in, log in on the HASS server, download the app on the phone, and then log in from the phone.  The two were communicating right away.

On top of it all Tailscale offers more than just direct direct device-to-device connections.  I was able to configure it to connect to the rest of the subnet, or the secure network at my home. And it can also act as an exit node, meaning that if I wanted to, I can access the internet as if I were at home, which is useful since I run a local DNS server.  Tailscale is free for a personal network that can host up to 100 devices.  This saved me about $7 a month.

Wrap up

A VPN is a secure way to reach your home network.  Even though I would typically find a solution to host it on Docker via Synology, it was just too easy to install on the Home Assistant server.  This only solves that access issue.  There's still an issue with trying to set up different services to Home Assistant, such as connecting Google and SmartThings, which requires remote access via a domain name secured with SSL.  I read briefly that there's a way in tailscale to do this in DNS, but that will be for another time.