Saturday, 2021 June 05
I have a fairly extensive personal infrastructure within my house - Home Assistant on a Raspberry Pi, a Synology NAS with a massive disk array, etc. It would sometimes be useful to be able to access these things from outside my house. While there are various third-party options available, I'd rather take care of this myself.
One rainy Saturday morning I decided to tackle this. The first step is to give my house a stable name. After a bit of fumbling around I discovered that my pfSense firewall could interact with Digital Ocean's API to keep an A record up to date if/when my WAN IP address changed. This is exactly what I wanted.
The details of how to do this were hard to find. It turned out to be quite simple in the end, but there is a lot of outdated information online. This is what is necessary as of 2021 June.
- First, you'll need a Digital Ocean "personal access token" with write permissions. I created a new one because I prefer to have a specific purpose for each token to make them easier to replace in case of leakage/loss.
- I also created a new A record in my domain (home.brutallogic.net). I'm not sure if this is strictly necessary as I was still looking at outdated documentation at the time.
- In pfSense I went to "Services -> Dynamic DNS", then clicked on "Add". Fill in the form
- The service type is "DigitalOcean" (not v6; I assume that's for IPv6 but I'm not sure).
- Hostname is home and domain is brutallogic.netfor me. (A LOT of documentation online states that you need to use the Digital Ocean record ID for the hostname, but that is outdated - you can just use the actual hostname now.)
- The password is your personal access token.
- I used 3600 for the TTL.
- That's it; I clicked 'save' and, after a few seconds, I was redirected back to the dashboard with a happy green IP address.
I then had to wait a while for the DNS record to propagate. Once that happened I could set up a VPN.Wednesday, 2021 April 07 Sunday, 2021 June 06