Home IOT 4 Steps to Securely Access Home Network Remotely from Anywhere

4 Steps to Securely Access Home Network Remotely from Anywhere

by Lakindu Jayasena
3.4K views 5 mins read
Securely Access Home Network Remotely

Exposing locally hosted services in your home network is a nightmare. Assume in your home network you may have several network-connected devices and if you want to access home network remotely, the traditional method is something like follows right?

  1. Configure a Dynamic DNS since I do not have a static IP.
  2. Add a script to update the DDNS entry in case my IP changes.
  3. Port-forward to the server’s local IP address by punching holes through your router.
  4. Set up certificates to support HTTPS.
  5. Implement the security practices separately.
Traditional Home Network
Traditional Method of Exposing a Service to the Internet

But, In this article, I’m going to expose home network resources to the Internet in a few clicks. Now don’t be afraid. This is entirely secure and crazy actually because we’re not punching holes through your firewall, which is what you might do with the traffic forwarding and exposing ports, no we’re not doing that. Instead, we’re creating a tunnel. With this tunnel, we can securely expose anything on your home network to the Internet. Everything you expose will have its own subdomain and SSL Cert, even if you only have HTTP or a self-signed Cert.

Brief about Cloudflare Tunnel

Cloudflare Tunnels is a feature provided by Cloudflare and it will create an encrypted tunnel between your server and the Cloudflare network using the cloudflared daemon. Because of this, external users won’t directly connect to your server, instead, they will connect via proxy through Cloudflare’s network.

This is a totally free service that allows you to securely access home network remotely from anywhere. And it doesn’t matter what kind of home network you have. Setting this up is super simple, see the following diagram to get an overview of how it works.

Securely Access Home Network using Cloudflare Tunnel

Benefits of using Cloudflare Tunnel

  • No need to punch holes through your router to open any ports on your network.
  • No need to create, buy or manage TLS certificates as cloudflared handles everything for you and it is very secure.
  • Cloudflare uses intelligent routing to reduce traffic latency. They avoid congested networks and areas with high latency by routing traffic through their edge network.
  • You get a WAF and DDOS protection built in.

Prerequisites to Access Home Network Remotely

Here’s what you need, First, you will need a domain name. It cost between $10 and $20 per year or else you can use any free domain provider. Second, you’ll need a computer or server inside your home network and this can be running pretty much any OS (make sure that the computer/server should be able to access your home network resources). I think you might have at least one, right? And it’s on this computer or server that will install Cloudflare Tunnel. And then it will tunnel out to Cloudflare and it’s through that tunnel that we can tell Cloudflare to route any subdomain to anything inside your home network.

Setup a Cloudflare Account

You can head out to CloudFlare.com. Click on Sign up. Here you will find more details on how to set up a Cloudflare account in a few clicks. Create a Cloudflare account

Once you create the account add a new site. So what you need to do is put your domain and get the name servers from Cloudflare and update it in your domain registrar. For more details refer Add a Cloudflare site.

Let’s Create the Cloudflare Tunnel

Step 1: Enable the Cloudflare Zero Trust Account

Once your Cloudflare account is ready, go to the Cloudflare dashboard and click on Zero Trust from the left panel. Then navigate to Access >Tunnels from the left side panel.

Click on Complete Setup and click on Next.

Getting Started with Cloudflare Zero Trust

Give a unique name to your Cloudflare Zero Trust account.

Give a Team Name
Important
In the next step, you have to select a plan. So I’m selecting the free plan and proceeding to the payment of $0. During the payment process, you have to add the payment method as a credit card or Paypal. But it shouldn’t charge you anything because, again, zero is zero. So let’s click on next and then click on purchase for your $0 purchase.

Step 2: Create a Tunnel

Now it is time to set up the Cloudflare tunnel. Once you are done with the $0 payment and enable the Zero Trust account, again navigate to Access > Tunnels, and let’s create our first tunnel by giving a name for the tunnel.

Create a Tunnel

Then you will move to the tunnel configuration page. As I told you you could pretty much install this anywhere. They have all the flavors. So I’m going to use the Debian version with arm64 process architecture because I’m planning to install this on my Raspberry PI.

Tunnel Configuration Code Snippet

Step 3: Install configured Deamon

I’ll copy this snippet of code right here and paste it on my Raspberry PI machine.

sudo apt update

curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb 

sudo dpkg -i cloudflared.deb 

sudo cloudflared service install <Your Tunnel Token >
Install Cloudflared on Raspberry PI

Done. It’s running. Now if you get back to the tunnels section, you can see your tunnel status is healthy. That means that whatever I did on my raspberry pi, it’s working. We’re connected. You didn’t have to do anything to my home router.

Cloudflare Tunnel Status

So now it is time to route my services. I’ll do my NAS first. Navigate to the tunnel configurations and click the Public Hostname tab and click the Add a public hostname. Then I’ll add my service details as follows.

Add a Public Hostname

As you know most of the service’s built-in has a self-signed certificate, but I want to click on Additional application settings, and under TLS, I can say no TLS Verify, so it’ll be okay with that.

Modify Additional Settings

Step 4: Let’s Test it

So let’s test it out. I’m going to navigate out to nas.sysopstechnix.com from the web browser, and it’s working. How cool is that?

Access NAS Through Internet

Now, looking back at Cloudflare, all we need is that one tunnel for everything. So if I click on Configure, I can add more public hostnames.

Conclusion

Successfully established a secure Cloudflare Tunnel that exposes locally hosted home network resources to Cloudflare’s network without requiring any public IP address, port-forwarding, or punching through a home router.

So, I hope that’s the easiest way you’ve seen to securely access home network remotely from anywhere. I mean, just a few clicks and you can expose your services inside your home network, no matter what type of network you have, and you can securely access it from anywhere.

Related Articles

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.