Local NetBird Network for Zero Trust network, accessible from WAN - eviltoast

I’m re-setting up my HomeLab and one of the things I’m trying to learn about on this go-around is Zero Trust networking. To accomplish this I am planning on using NetBird’s mesh overlay network. I would like all of my services to use the NetBird mesh network at all times, whether they are communicating within my homelab’s LAN or I am accessing them from outside via the greater internet.

I have successfully set up the NetBird management interface on a Hetzner VPS, however the issue I run into is if I lose internet access at home, none of my services are able to function as they can no longer reach the management interface. However, if I self host the management interface in my homelab, I am unable to access it from outside my home LAN.

I’ve identified 2 solutions that could solve this:

  1. Self host the management interface and set up a Cloudflare tunnel to the management interface, which would allow access from outside my home network.

  2. Self host the management interface, then set up a wireguard proxy/tunnel on a VPS that forwards traffic to my management interface (Similar in my mind to option 1, but not relying on Cloudflare)

What are your thoughts? Any other ideas?

I appreciate your comments/criticisms!

  • tapdattl@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    you’re almost certainly routing local network traffic over NetBird instead of using local routes

    That’s precisely the functionality I want, though. Secure, encrypted, mutually identified traffic should be the only traffic in a zero trust network.

    I’m simply trying to create an ingress point into this network for outside access.