I am about to embark on a much-needed vacation this Friday. I travel relatively frequently for work and something that has always been a stressor in the back of my mind was leaving my homelab unattended. With my luck, as soon as I lock my door and get in the car, the server will wait for that exact minute to go down. The way I have managed this problem is by creating a checklist to ensure that, no matter where I am, I can access my network. Stuff goes wrong, that’s the nature of any real work, but I can fix anything so long as I have access. Best of all, this checklist can save you from having to call your wife and tell her to push a button on your computer!

In this post, I give you the checklist I use for unattended server access. In future posts, I will create how-to’s for implementing these features.

1) Check VPN Connection:

VPNing into my DMZ is my primary method of access for resources on my network when I am not at home. The advantages of being able to connect to my DMZ via VPN is enormous since it allows me to act just like another client on the network.

How To Set Up WireGuard on unRAID
A quick-start guide for setting up WireGuard on Unraid. Benefits of WireGuard include easy deployment, lower latency, and improved battery life.

2) Check Reverse SSH Tunnel Backup (x2):

Let’s say my VPN server has gone down (in either a controlled or uncontrolled fashion); in that situation, my primary means of unattended access has gone with it- I’d be locked out of my own network. The Army has a phrase for this: “One is none, two is one, three is better.” Since we have currently only discussed one way of accessing the network remotely, applying the military’s logic, I have no way into my network to fix it; therefore, I need a backup. This is where a reverse SSH tunnel comes to the rescue. You can either create one manually or use a 3rd party service.

I use Remote.it’s connectd. With it, I can SSH into another device on my network (keeping with the idea of redundancy for critical systems, this device should not be the same one running your VPN server) and do what I need to do from there. (See WOL below).

You can learn more about setting up your own reverse SSH tunnel backup in my guide: The Homelab Lifeline: The Easiest Guide to Creating a Reverse SSH Tunnel:

The Homelab Lifeline: The Easiest Guide to Creating a Reverse SSH Tunnel
The easiest, quick step-by-step guide for accessing your homelab network remotely via a reverse SSH tunnel on a Raspberry Pi (or any other Debian/Ubuntu device).

3) VNC Server Available on Backup Devices:

My router uses a GUI, so being able to spin up a VNC server on demand from the SSH connection above is necessary.

How To Install a VNC Server On Raspberry Pi for Remote Desktop
A rapid-start guide to setting up a VNC server on an RPi for remote desktop, allowing you to quickly obtain a GUI into your homelab.

4) Test Automatic Server Shutdown When Running on Backup Power (UPS):

I have an APC UPS directly connected to my server over USB. In the event of a power failure, the UPS tells my server that we are no longer on utility power and allows it to gracefully shutdown. Testing is essential here since it not only checks to make sure that this feature is still functional, but it also serves as a check on the UPS’s battery life.

5) Test Server Wake-on-LAN (WOL) from Backup Device:

Unlike my other network devices (router, hardware firewall, the above backup devices, etc.), my server is set up to NOT automatically restart upon the restoration of utility power. Since power outages often can have brief periods of power restoration, I don’t want it to continuously startup to then only lose power again. Therefore, after a graceful shutdown, I want the server to stay down until I bring it back up. I accomplish this via a WOL message (“magic packet”) from one of the backup devices to the server.

You can read about how to set this up in the guide- Remote Start for Servers: How To Set Up Wake-on-LAN (WOL):

Remote Start for Servers: How To Set Up Wake-on-LAN (WOL)
Start your unattended server wherever you are in the world over the internet. A complete tutorial on wake-on-LAN (WOL) with a reverse SSH tunnel using nothing more than a Raspberry Pi.

I hope this helps you out and allows you to enjoy your vacation a little more!

Have you implemented this checklist? Do you take any additional precautions with your unattended server? As always, if you have any questions or feedback, I'd be glad to hear them in the comments below!

Interested in this topic and others like it? Join our community and join in the discussion! We currently have a need for moderators so if you can help out it would be much appreciated!