Hei!
I'm a bit overwhelmed with all the different options right now and could use some guidance.
I followed this guide: https://paulsorensen.io/dnscrypt-adguard-home-opnsense/ to set up AdGuard Home with OPNsense. That works fine, but I also have an UnRaid server running several services. I'd like to make these services accessible either only within my LAN, or (for some of them) also from the internet.
I'm not sure what the best approach is here. Should I use Tailscale, or go with a reverse proxy solution like Nginx Proxy Manager or Traefik?
On top of that, I'm also confused about the DNS/DHCP side of things in OPNsense. Which is the better option: Unbound, KEA, or DNSmasq? Is there a good guide or best-practice resource for setting this up?
My main goals are:
- Local name resolution at home
- Secure and reliable access to some of my services when I'm away
Any advice or pointers to a good guide would be much appreciated!
For OpnSense, DNSmasq ist the recommended way to do DNS and DHCP, it is also in the ofiicial docs. You can use a combination of Unbound, KEA and radvd as well.
As for the access from outside, it depends. If there are Web-based services, you can use a reverse proxy like Caddy (also in the docs) or HAproxy with wildcard certificates as to not expose the real domains. Traefik is not available for OpnSense directly and it is always easier to have TLS termination, certificate regeneration and DynDNS in one place.
For E-Mail-Access, you can use port forwarding - that is, if you host your own services. There is also the option of TCP forwarding via HAproxy, which lets you use TLS termination there.
If you do not want the risk of exposing any service to the general internet or must access your whole network at home, better use a VPN like Wireguard or Tailscale.