Hi Everyone,
I have a few students I teach for free. I have a pretty beefy idle server at home and would like these students to connect into it remotely, to do labs like virtualization and GNS3/Eve-ng networking.
Any idea how I can accomplish this?
Thanks
Hold up, you teaching networking and maybe some cyber security but don’t know how to set up a VPN server?
I would never allow outsiders on my home network, what if someone decides to download CP and FBI comes knocking on your door. Sharing your servers requires careful planning and setup.
I host VPN server at home which set up to have egress through public VPN server. I also have KASM workspaces for sharing server compute resources, similar to the ones you plan to share, but it doesn’t require VPN to access, just simple reverse proxy
Wireguard or TailScale would be my recommendation
Hi Everyone,
I have a few students I teach for free. I have a pretty beefy idle server at home and would like these students to connect into it remotely, to do labs like virtualization and GNS3/Eve-ng networking.
Any idea how I can accomplish this?
Thanks
In general: You set up a VPN server, make it accessible to the outside world and hand out credentials to your students.
How easy and painless that is depends on you preexisting knowledge and on whether your uplink with your ISP already provides you with a public IP (instead of, for example, putting you behind a CGNAT as most mobile providers usually do).
How safe it is depends on how easy to traverse your LAN is and on how adventurous your students are.
vpn via hardware eg firewall or router or software eg open server or easier still tailscale.
Why aren’t you just sharing a desktop, this doesn’t seem very well thought out.
Tailscale is the way.
Tailscale all the way. 
Never any shame in asking questions.
Yes. Because setting up enterprise SSL tunnels is much different from what I want to do here. Asked here not because I don’t know what to do but because I want to see what others have done.
chain=forward in-interface=vpn out-interface=wan action=drop?
In OP’s usecase clients does not need internet access through vpn, just access to private resources. Therefore, create separate vlan for those resources, deny access to everything from it except for example http/s and icmp to wan and cut throughput to 1Mbps should be sufficient to secure them.