DigitalOcean

Report this

What is the reason for this report?
Question

Best way to securely access a homelab remotely without relying only on Tailscale?

Posted on June 2, 2026
VPN
Networking
Leon Junior

By Leon Junior

Techie

I currently run a small homelab on an old gaming PC with Proxmox and a few VMs. For remote access I mainly use Tailscale, which has worked well so far, but I’d like to have a backup solution and not depend entirely on a third-party service. I’m considering setting up WireGuard directly on my router or possibly using a DigitalOcean Droplet as a gateway/VPN endpoint. My home internet connection has a dynamic IP, so I’m also looking at dynamic DNS options. Has anyone here built a similar setup? What would you recommend as the most secure and reliable approach for accessing a homelab remotely while keeping management relatively simple? I’d be interested in hearing what architecture others are using and whether a small VPS adds any real benefits in this scenario. Thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
June 7, 2026

Hi there,

Using a DigitalOcean Droplet as a WireGuard jump server is a solid approach for exactly this situation. The Droplet gets a static IP which solves your dynamic DNS problem entirely, and you run WireGuard between the Droplet and your homelab. Your clients then connect to the Droplet, which forwards traffic to your homelab. No dynamic DNS needed, no relying on Tailscale’s infrastructure.

The basic setup looks like this:

Your devices → DigitalOcean Droplet (WireGuard) → Home server (WireGuard peer)

The Droplet acts as a relay. Your home server initiates and maintains the WireGuard tunnel to the Droplet, so even with a dynamic home IP the tunnel stays up as long as the home server is running.

A $6/month Droplet is more than enough for this. WireGuard is extremely lightweight and the bottleneck will be your home internet connection, not the Droplet.

For the WireGuard setup on Ubuntu, DigitalOcean has a solid tutorial here: https://www.digitalocean.com/community/tutorials/how-to-set-up-wireguard-on-ubuntu-22-04

You can keep Tailscale running alongside this as a fallback. They should not conflict and having two independent paths into your homelab is exactly the kind of redundancy worth having.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Start building today

From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.

© 2026 DigitalOcean, LLC.Sitemap.
Dark mode is coming soon.