Featured image
Info

Homelab Series Index

Digital freedom: building a personal services ecosystem without depending on big tech.

  1. Homelab: Necessity or Whim?
  2. Homelab: Proxmox and LXC Containers
  3. Homelab: Immich Setup
  4. Homelab: Navidrome Setup
  5. Homelab: Secure Remote Access
  6. Homelab: Migration from iCloud to Immich
  7. Homelab: AFFiNE Setup
  8. Homelab: KISS Backup Strategy
  9. Homelab: Network Migration and Wireguard
  10. Homelab: UPS and Network UPS Tools
  11. Homelab: From AFFiNE to Obsidian with Syncthing

Network Scenario Change Link to heading

I moved my homelab mini PC to a different network. This change brings some modifications to the remote access strategy: I will switch from Tailscale to a direct Wireguard connection configured on the router.

The reason is simple: having more direct control over VPN tunnels by managing everything at the router level, eliminating the dependency on an external service for home network access.

Tip
Hybrid Strategy I’ll keep the Tailscale container as a backup solution, shut down but ready to use if needed. This redundancy ensures there’s always an alternative remote access method.

Wireguard vs Tailscale: Direct Control Link to heading

Migration to Wireguard configured directly on the router offers some advantages:

  • Total control: Configuration managed entirely at home
  • Reduced external dependencies: No intermediary cloud service
  • Performance: Direct connection without external relays
  • Simplicity: A single VPN tunnel to manage

Tailscale remains an excellent solution for more complex scenarios or when configuration simplicity is desired, but for a monolithic homelab, direct management makes sense.

Troubleshooting: Gateway Change Link to heading

The network change required updating gateway addresses on both the Proxmox node and LXC containers.

Proxmox Gateway Correction Link to heading

Warning

Temporary Fix Before modifying permanent configurations, always test with temporary changes:

ip route replace default via 192.168.1.1
ping -c3 8.8.8.8

Permanent Fix:

nano /etc/network/interfaces

Update the iface vmbr0 inet static section:

gateway 192.168.1.1

Restart networking:

systemctl restart networking

LXC Container Gateway Correction Link to heading

To quickly update all containers:

Single container method:

# First check the current configuration
pct config 101
# Then update with the complete configuration
pct set 101 --net0 name=eth0,bridge=vmbr0,ip=192.168.1.X/24,gw=192.168.1.254

Automatic batch method:

for i in $(pct list | awk 'NR>1 {print $1}'); do
  current_net=$(pct config $i | grep '^net0:' | sed 's/net0: //')
  new_net=$(echo $current_net | sed 's/,gw=[^,]*//' | sed 's/$/,gw=192.168.1.254/')
  pct set $i --net0 "$new_net"
done

Verify current configuration:

pct config <vmid>
Tip
Configuration Verification After each modification, verify connectivity with ping 8.8.8.8 from both the Proxmox node and containers.

Managing the Transition Link to heading

The migration process was designed to minimize downtime:

  1. Wireguard configuration on the router while Tailscale was still active
  2. Complete testing of remote access through Wireguard
  3. Gateway update across the entire infrastructure
  4. Tailscale container shutdown (kept as backup)

This strategy ensures operational continuity and allows for immediate rollback in case of problems.

Note
Lessons Learned Network changes in homelab environments are more frequent than they seem. Having standardized procedures for batch gateway updates greatly facilitates infrastructure management.

Next Steps Link to heading

With the network migration completed, the homelab is now optimized for:

  • Direct remote access through Wireguard
  • Centralized VPN tunnel management
  • Reduced complexity in network infrastructure

The Tailscale container remains shut down but configured, ready to be reactivated when needed for specific scenarios or as an emergency solution.