https web services as VPN alternative: access to the network

 

For a long time I used a VPN (Virtual Private Network) to access the home network from the Internet. And for along time I thought that a VPN was without alternative for accessing data or devices on one's own network. The VPN allows a connection from the Internet to the own network (LAN), just as if the device would be in the WLAN at home. But do I really need access to the entire network? Wouldn't it be better to enable only certain services? What do I need from my own network on the road? Access to the PC at home? To files on the NAS? To the SmartHome? Nothing at all?

The cloud simply works

Today, the majority of users have no need to access their own network or PC while on the road. Those who entrust their data to a cloud provider such as Google or Apple can access it at any time via the Internet. Even certain devices, such as a surveillance camera, the robot vacuum cleaner, current NAS systems or other smart home solutions usually offer a connection to a cloud service, usually controlled via their own app. Devices that are accessible from the Internet in their own network via a cloud provider establish an outgoing connection to the cloud provider. The associated app on the smartphone also establishes a connection to the cloud service, which controls both connections and thus also enables access to the user's own network, among other things. Especially those who are not very concerned with the topic will find simple solutions in the cloud. However, the cloud is a collection of different providers and their web services hosted on the Internet. Accordingly, the cloud is about many different isolated solutions. The largest providers for such isolated solutions are the well-known providers: Microsoft, Google, Apple and Amazon. Even if their services are not or only partially compatible with each other, they have at least one thing in common: the providers want to earn money with their services. The only alternative is to store the data at home. But what about all the conveniences that the cloud brings us? How can the data be accessed at home with a simple browser or app?

Better than VPN and more independent than the cloud: your own private web services.

I do have a VPN in use, but I hardly need it anymore. Not because I have hosted my data with a cloud provider, the reason is rather that I have published corresponding web services securely with HTTPS on the Internet for all relevant data, completely without a cloud provider. I am not an opponent of cloud services; on the contrary, I also use cloud services for certain devices, such as my vacuum robot. However, all my documents and photos are on my own server, provided by a local Nextcloud instance. For SmartHome, I also rely on an open source solution that runs entirely at home, see: Home Assistant. The services are accessible via a normal URL over the Internet, much like a cloud provider, which provides a very similar convenience. To ensure that access is also secure, I used the Let's Encrypt reverse proxy Traefik.Alternatively, private web services can also be operated securely over the Internet using Cloudflare securely from your own network over the Internet. The call is encrypted and directly to the shared services. In comparison, a VPN would connect the entire network and also allow access to devices enable which are not needed.

Security VPN vs. HTTPS web services

If HTTPS and up-to-date encryption is used for a web service, the connection is considered secure. Security depends less on the transmission and more on the individual services: How their authentication is implemented. In addition to using passwords that are as secure as possible, MFA authentication (multifactor authentication), i.e., a 2nd factor for logging in, should be set up in the web service. Many web services offer MFA via an authenticator app on the cell phone. If the service does not offer MFA, or if you don't trust the service itself, you can set up an additional login via Traefik. This means that a connection to the web service only takes place after logging in to the reverse proxy. In addition to a username with associated password, other login providers can also be used for login. As an example, see: Traefik Google authentication. For the web service itself, a login is optionally required again.

Is a VPN the wrong way?

I don't want to claim now that a VPN is basically the wrong way, rather a large part of the access could be made available without a VPN, much more comfortable and granular: if necessary also for others. As an example, the last vacation photos could simply be shared via the private cloud. For certain people also with write access, which allows the files to be stored on specific folders. At this point, the available storage space is purely limited by the hard disk capacity of the private cloud. There are also dedicated smartphone apps for certain web services, which makes the user experience similar to that of a real cloud service. Access to a device in one's own network could look concretely as follows:

Publish "only" certain web services, not the entire network.

If you run your own server at home, you can use it to release individual services, here in the form of Docker containers. For access I have tested 2 different variants:

For both variants a registered domain is required, see: Website builder vs. web space or an own web server?

Variant 1: Port forwarding and Docker reverse proxy

In detail, access to the services of a mini-PC could be done via a public domain name (DNS):

Legend:

  1. URL for access to own web services: Own domain/DNS or: free DynDNS service - access with changing public IP.
  2. Access to own network at home: make available from the Internet: port forwarding - OpenWRT
  3. Hardware: Build NAS yourself: flexible, low power and cheap [HowTo] or MiniPC as server
  4. Operating system (OS) and Docker installation: installing Ubuntu Server and Docker - Snap vs. Apt
  5. Access via https:// including Let's Encrypt certificates: secure https connection: Traefik Reverse Proxy + Let's Encrypt
  6. self-hosted web services

Variant 2: Access via Cloudflare

As an alternative to direct access to the public IP address of the Internet connection, a tunnel service such as Cloudflare can also be interposed:

Legend:

  1. URL for access to own web services: Own domain/DNS.
  2. Cloudflare tunnel setup,see: Publish your own web services at home with Cloudflare
  3. Hardware: Build NAS yourself: flexible, power-saving and cheap [HowTo] or mini PC as server
  4. Operating system (OS) and Docker installation: install Ubuntu Server and Docker - Snap vs. Apt
  5. Cloudflare Tunnel Connector,see: Publish your own web services at home with Cloudflare
  6. self hosted webservices

Examples for self hosted webservices

Conclusion

With or without VPN: First, the data must be provided by a certain device in the own network. A normal PC is only suitable to a limited extent, since it would have to be switched on at the time of access or, if it were to run constantly, would consume a relatively large amount of power. There is also the question of how the data can be made available. One possible solution is a dedicated hardware, in the form of a Mini-PCs. A mini-PC requires relatively little power and enables the use of certain web services. Private web services provide a similar level of convenience as corresponding cloud services from the well-known providers, and: dial-in via VPN is not required.

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Questions / Comments


By continuing to browse the site, you agree to our use of cookies. More Details