Home

So basically, I will be away from home for several weeks. Unfortunately, this became the perfect time for our home router to start acting out and factory resetting itself. We are awaiting a new router for replacement, but the time is tight.

My stuff is ethernetted in, so that connectivity isn’t an issue - the issue is that I couldn’t actually connect to the router to restore services even if it had internet by fixing all the settings including port forwarding.

What I would like would be the ability to have a VPN connected to my homelab, so I can hop on the router and restore the settings if this issue happens while I’m away. Any ideas?

Without a secondary internet connection this isn’t possible.

The router is the connection - its the gateway (a term we don’t hear much these days).

You could setup an independent connection via a cell modem - becoming a secondary connection. This is common for remote locations or even small businesses that need a failaover just for management.

You could even have it on a single machine and have a vpn there. Then you could RDP/VNC to that one machine and manage things from there.

But there’s not much I could see you doing if the gateway is down anyway.

Even with something like no-ip, which some routers support, if the gateway is down, nothing is going to happen.

A jumpbox. Set up a VPS somewhere, have some remote hands at home set up a VPN client to connect to the VPS, and then you connect to the VPS as well.

if op still has connection, but the router just reset itself and closed all the ports, tailscale could help.

but yeah if the connection goes down, there’s no way in.

Not what you asked, but regardless of whatever else you’re doing, I would take any really critical data you need, encrypt it, put it on a laptop or other portable device, and bring it with you. Trying to throw together some last-minute setup that you rely on and can’t easily resolve is asking for trouble.

Another fallback option, if you have a friend who you trust and can call and ask them to type stuff in – give ‘em a key before you go and call ‘em and ask ‘em to type whatever you need.

If the router reconnects to the internet when it factory resets and it still works as a gateway, there may still be hope. You’d need some SSH host on another machine behind the router; you’d probably also need some sort of minimal VPS. You could setup a reverse SSH tunnel on the SSH host that would tunnel through the router to the VPS, then you’d be able to connect through the VPS into your network.

Honestly tho, this is a lot of work and if time is tight you might just wanna roll to a store and buy whatever cheap router you can find to limp along til you get back.

Tailscale would work as another user said. You could run TOR too. I’ve got a TOR service that I can SSH into for “plan b” if my VPN is down. It doesn’t need port forwarding.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #132 for this comm, first seen 4th Mar 2026, 02:40] [FAQ] [Full list] [Contact] [Source code]

Chiming in to say: I’ve had issues in the past where the WiFi router was factory resetting itself and it turned out this can happen if the power supply isn’t powerful enough for the device. In this case, I think I had gotten the WiFi router 2nd hand from Goodwill or something, and the provided power supply fit in the port, and it had the same voltage was an amp off, instead of being something like 12 volts 3.5amps, the plug was supplying 12v 2.5 amps, and I guess everything was fine until the init needed lore power (likely from routing high amounts of traffic, or more WiFi units connected)

I had no idea factory resetting could be the effect or something like this so I was at a loss for a while until I found the info online.

Some kind of time switch to make the router reboot at regular intervals. Then hope that this prevents the factory reset.

At least as many amps. An over-specced PSU is fine in watts or amps, but if voltage is too far off, you’ll see just the same issues, or worse, it’ll get fried.

(PSUs do require a certain level of load to run, especially efficiently, so don’t have a whopping 15A PSU for a 500mA device, but anywhere in the same ballpark is fine.)

You could setup netbird on a jump server (VPS hosted somewhere) and have a machine inside your home network tunnel out to the netbird server, allowing reverse tunnel access inside of your network. Lowendbox has some good deals on VPS that would work well for this. This is what I do.

If you don’t want to pay for a VPS, you could use your laptop or whatever you’re going to use while traveling to be the netbird server. Use a DDNS service or just manually update a DNS record for a domain to point at your travel device IP and the home device should be able to tunnel out and make the connection to the netbird server on your travel device. Not a great long term solution, but would work in a pinch and domains are fairly cheap if you don’t have one already.

Netbird is pretty great for this type of thing and there are some good guides on YT for getting it up and running. You could even relay a reverse tunnel connection through a device inside your network to your homelab or the router.

Tailscale. Create an account, put the client on the LAN device, put the client on the remote device, log in on both, you’re done. It bypasses NAT, CGNAT, and the firewall through some UDP black magic fuckery. As long as the router allows outgoing connections, it will work.

Netbird is EU-based and similar to Tailscale (and its fork Headscale).

In addition to Netbird, I also suggest Pangolin, https://pangolin.net/ it’s quite efficient at what it does.

Tailscale or headscale if you have a VPS.

I’m keep thinking at some point tailscale is going to incorporate a feature similar to pangolin. I mean pangolin is just a proxy server tied to wireguard ( or newt). You can also do very similar things with cloudflare.

True, but the point is you don’t need cloudflare or tailscale (i know headscale exists), so end to end you can likely trust it.

Yea, Tailscale would work if the router was fully reset,.

Even without a VPS Tailscale will work fine after the router resets.

Oh yes absolutely. I actually have Tailscale installed on a pfsense machine in several data centers with no up overlap and routed subnets. Works like a dream. I finally convinced work we needed to buy this. It just works too well.

But for headscale, which is essentially just a self-hosted tailscale, you should probably have a machine somewhere on the public internet to coordinate it all.

I much prefer things self-hosted. I was just saying I wouldn’t be surprised if tailscale offers something similar to pangolin.

Ahh, thank you for clarifying. Sorry :/

I have set up Tor secret services in the past to do this.

The service exposed the SSH port which could then be accessed from anywhere as long as you can connect to Tor.

Tailscale already does though, I think.

https://tailscale.com/docs/features/tailscale-funnel

Although it might work differently.

The most basic solution would be a SSH reverse tunnel to a VPS outside. Have a machine in your network establish that tunnel and set it to reconnect automatically. Now you can SSH into one box of your network. If the router acts up and factory resets (as long as it reestablishes the connection), you can SSH back into your network and reconfigure everything from there.

Unifi Cloud Gateway Ultra as your router - Wireguard VPN in to your network and if that fails to connect then you can use Teleport feature via the WifiMan app.

Sorta. This opens up a Tailscale node to the world with their weird names. I want my own custom domain pointing to Tailscale endpoints like pangolin does. So the funnel is very close you’re right, but needs a tiny bit more.

i use it too, but why does it require a google or microsoft account? or idk what the other option is

To delegate the responsibility of securing login data. You can also use an external OIDC provider.

Thank you, I set this up and it works 🙂