Best Free VPN 2022 - Home Lab

I need a lot of coffee to tell you guys

about a solution that excites me this

much if you could have a modern VPN

solution that is cloud-based requires no

special firewall rules to be configured

uses a modern connector based approach

built upon the wire guard protocol you

can install the connectors inside of a

kubernetes cluster you can manage the

solution using terraform and by the way

the solution is free for you to use in

your home lab environment could this

potentially be the best VPN solution in

2022 for home lab environments stick

around let's Dive Right In let's see

what solution we're talking about

[Music]

the solution is called twin gate and

this is not a sponsored video by

twingate it's simply a solution that

I've been using in my home lab

environment and I want to introduce you

guys to it as well it's not just for

home labs this is a tried and true

Enterprise solution the great thing

about twin gate is that it offers a very

modern approach to both the management

as well as the implementation and

configuration of your VPN connections

across your environment as opposed to

traditional VPN Technologies twingate

helps to eliminate the normal choke

points of traditional VPN Technologies

such as a VPN concentrator that exists

in an on-premises network instead with

twingate you get the benefit of the

global Network that twingate has built

out so you're not backhauling traffic

all the way across inefficient routes

instead clients are connected via the

efficient Wingate Global Network so that

they have the best experience possible

twin gate is all also built upon the

wire guard technology so that you're

getting a fast efficient modern VPN

protocol and technology and again all of

this is exposed via efficient easy Cloud

management you also have the ability to

implement what's known as zero trust

networking what is zero trust networking

zero trust means that we do not give any

user access to resources that they

absolutely do not need so think about

micro segmentation as a lead-in

technology to your thoughts on zero

trust networking with micro segmentation

we only give resources access to other

resources that they absolutely need to

communicate with twingate and xero Trust

Network Technology allows you to

implement that same methodology with VPN

connections so clients no longer get

carte blanche access to an entire subnet

or entire sets of servers you can in a

very granular way Grant access to those

resources that users actually need what

I would like to do is Step you guys

through completely setting up a brand

new account with twingate showing you

exactly how easy it is to get up and

running with a couple of connectors that

you have running in your remote networks

and show you the true power of the zero

trust Network model that you can

Implement with twingate I want to give

you guys a brief overview of the pricing

model with twingate and why we are

saying you can use this for free

twingate is an Enterprise solution that

does have paid solution models however I

want to highlight this free tier or

starter model that they have and it's

has many great features for the free

version so no you can use it up to five

users with up to one device per person

and up to two remote networks and you

get many of the features that you get

with the paid solution so if you notice

you can deploy this on your Nas your

Raspberry Pi Cloud VMS even kubernetes

which I will show that in just a moment

you get remote access to Media servers

home automation native clients on

Android Linux Mac and windows so they've

really geared this free version to home

lab power users such as you and I

twingate is really the only vendor in

this space that is offering a free

version of zero trust network access

many of the other vendors while they may

Implement similar solutions they don't

really have this free tier that you can

take advantage of in a long-term way so

kudos to twingate for creating this free

tier model that really caters to the

home lab admin let's get started

configuring the twin gate solution I'm

going to click the try for free button

in the top right hand corner and

twingate allows you to create your

account with an existing Google

Microsoft GitHub LinkedIn or just simply

log into an account you've created

before so I'm going to sign up with

Google and we're going to enter our work

email now you can use a personal email

address if you've got a Gmail address

it's just simply a purse personal

address you can use that finish signing

up Wingate next ask a series of

questions see how you're going to use

twin gate so I'm going to click through

this are you going to be able to deploy

twingate on your own we're going to say

yes on the name Network field you're

going to want to name your network what

you actually are going to want that

address called in Twin gate so when we

think Network we're often thinking of IP

addresses or IP aliases here the network

name is the name of that Network that

you want it to be referenced in twingate

as so that's going to be the URL that

you're going to type into your twingate

VPN client as simple as that in a

three-step wizard process our network is

being built and here we go we have our

Network configured so the first thing

that we want to do is to add a remote

Network now in the context of twingate

the remote network is our on-premises

Network it could be an Azure Network it

can be be an AWS network but for the

purposes of Home lab we're going to

Simply add a remote Network and install

connectors so let's do that let's click

on the add a remote Network and we're

going to choose on premise on premise on

premises on-premise here and we're going

to call this home lab remote Network and

as you can see we have added our remote

Network in this case we've called home

lab now one thing you will note as soon

as you add your remote Network you're

going to see the red indicator that

tells us that we do not have

connectivity as of yet to that remote

Network that we have provisioned inside

of twingate and the reason for that is

we have not as of yet added our

connectors to establish that wire guard

connectivity between the cloud and our

on-premises home lab Network this is as

simple as deploying the connector so if

I click on the deploy connector we're

going to be presented with a screen that

allows us to choose the platform that we

want to use to actually deploy the

connector and this is one of the areas

where I think twingate is exceptionally

awesome here they give you all kinds of

options to deploy the connector which is

extremely lightweight as you can see you

can run this in a Docker container you

can use Helm to deploy this in a

kubernetes cluster of course Azure Linux

for a full-blown Linux virtual machine

which is the one we're going to

demonstrate today AWS ECS Ami instance

manually deploy the connector you can

also use terraform and other

infrastructure as code Solutions such as

palumi the process is very simple we're

going to generate an access token we're

going to use that access token in the

command that twingate is going to

generate automatically for us to paste

into our Ubuntu Linux virtual machines

and connect our on-premises connectors

with the twingate cloud let's now

generate the token that is going to be

needed to connect our connectors with

our twin gate Cloud environment so I'm

going to click the Linux option which

means we are going to be self-hosting

our twin gate connectors on Linux

virtual machines so I've clicked Linux

and I'm going to click the generate

tokens button for security purposes

twingate will ask us to re-authenticate

to the twingate account now we have our

tokens created as you can see we've got

the ability to copy the token we can

also down at the bottom if you scroll to

the bottom of the page notice step four

is install and launch connector service

what twingate has already done for us is

it has used the token that we've

generated using the generate tokens

button and it's automatically integrated

that with the command that we need to

run on our Linux virtual machines you

may wonder what I have spun up to

self-host the twin gate connectors I

have a lab VMware vsphere environment

that I have simply spun up to Ubuntu

2204 virtual machine as you can see I've

got T gate test01 and T GATE test O2 and

again nothing fancy they are simple

clean Ubuntu Server 2204 virtual

machines what I have gone ahead and done

is I have connected via SSH connection

to both virtual machines so as you can

see I've got SSH open to T gate Testo

one t gate testo2 what we're going to

now do is copy the custom command that

twingate has generated for us with our

access token and we're going to install

the first connector using the command

that was generated so now we are back at

the page where we can copy the command

we're going to click the copy command

button and we're going to go to our

first Linux virtual machine what we will

do is we will generate another token for

the second connector so each of the

tokens are generated per connector in

the first connector virtual machine I'm

simply going to paste the command that

I've copied from the twingate portal and

we're going to run that command

the installation will pull down our twin

gate connector insulation and it will

pass in the access token for our twin

gate environment in this way our

connector is tied to our specific twin

gate environment after running the

command on the Linux virtual machine and

waiting just a few seconds after

refreshing the page we can see that this

particular connector is now showing a

green indicator meaning that it is

successfully connected what we need to

do now is go back and repeat the process

for the second Twin gate connector

twingate recommends two connectors that

service the VPN Tunnels for your end

users and this is a good idea because if

you have anything happen to one or the

other connector users are automatically

failed over to the secondary connectors

if we go back to the network screen of

this particular Network that we are

configuring and the connectors that are

associated with it we can now see that

we've got one of the connectors

Associated so that's awesome now the

indicator for this network has went from

red to orange meaning that we are

partially there we have connectivity we

have one connector however it will not

go green until we have the second

connectors stood up and functional so

we're going to repeat that process with

a second connector we have repeated that

process with the second connector and

now you can see we've got a green

indicator on this particular twin gate

Network so now all we have to do is

provision the resources in this network

serviced by those connectors that we

just stood up that we want our end users

to have connectivity to let's now click

on the add resource button to see what

options we have available we have the

add resource dialog box that pops up we

have two options here we can provision

DNS resources or we can provision

Network level Resources with the cider

format most organizations or for your

home lab you will want to provision DNS

resources most likely since this will

will allow you to be able to reference

Resources by name and have those

actually resolve you can also though

simply add Network cider ranges if you

just simply want IP level connectivity

either way you can assign a label and if

you're adding a DNS level address you

can add the DNS address or you can click

cider add a label and The Cider level

address it's interesting too twingate

has recently added the functionality of

protocol restriction you can easily

select whether you want to allow or

restrict such traffic as TCP traffic UDP

traffic or icmp traffic and this is an

easy way to restrict pings for instance

if you don't want end users to be able

to Ping various resources but you want

to allow access to other services that

may exist on an endpoint well I'm going

to allow a subnet I'm going to click the

cider button I'm going to say homelab

servers and I'm going to add The Cider

address here again we can allow or we

can restrict TCP UDP your icmp traffic

and we can simply add resource once

we're finished after you've added the

resource you can also restrict that

resource based on the user that is

logging into the VPN so now we're

starting to get into the realm of being

able to enforce zero trust network

access we can assign various users to

different resources within the

environment that we have created in Twin

gate you can give access to network

resources based on the role that a user

actually has now we've added our first

resource so we have home lab servers

available as a network cider range I

want to point out a few of the other

really powerful features that you get

with twingate the following features

that we're going to cover are not

included in the Free Solution however I

wanted you guys to be aware of the

really powerful capabilities of twingate

when you start getting into the realm of

an Enterprise team assigning policies

and defining access and Trust profiles

based on certain types of devices if you

go up you can actually see which devices

have requested access to your network

you can also set trust profile so for

instance I can restrict access to a

particular Network resource or

application within the twingate network

based on certain requirements that I

have of that end user device and as you

know they already have many of these

built in that are pre-configured that

are readily available to use for example

I can go through on the minimum OS

requirements and I can configure which

are required for access to the twingate

network on the Windows requirements I

can set the minimum Windows requirements

to require hard disk encryption a screen

lock firewall to be enabled or antivirus

to be active and healthy you can set

those requirements and confirm your

changes so once again you can base and

restrict access to that twin gate

network based on the device security

health checks that you set forth and

twingate again refers to those as

trusted profiles on the policy screen we

can actually set the requirements that

add those requirements we set in the

profiles as well as authentication

requirement we can enforce whether users

are required to log in so many days or

after a time period and you can also

very importantly enforce two-step

verification which for remote access

systems should be mandatory under the

team menu and configuration of the

groups we can actually tie a policy with

the group so if I look at groups

underneath the team menu and I go to

groups and I click everyone for instance

we can see that the resource policy is

set to the default policy however I can

change that if I have an additional or a

custom policy created for my

organization I can then set policies

based on the user group a user is a

member of really powerful when we're

thinking about zero trust network access

the twin gate Windows app is very nice

and easy to get connected I have already

installed the twingate windows client

and as you can see all we need to enter

is our overall network name and going

back to the very beginning of this video

as you recall this is the name that we

enter that we had come up with when we

first were creating our twingate account

so you enter that here and it

automatically populates the.wingate.com

so there's no need to fill that in after

you enter your network name you simply

click the join Network Wingate will then

ask you to authenticate and after we've

authenticated twingate has now connected

to the network as I wanted to briefly

show you I mentioned terraform in the

very outset of the video I want to show

you what you can do with the terraform

provider for twingate as you notice I've

got the terraform registry page pulled

up for twin gate and you can just Google

for this and land on this page you can

configure via terraform many aspects of

the solution for instance your

connectors you can control those

connector tokens twin gate groups also

adding and configuring twingate remote

networks as well as resources not only

is this a modern solution that runs on

Modern infrastructure such as kubernetes

you can also use an infrastructure as

code approach in a declarative way to

control your VPN access for clients and

that is awesome we could never do

something like this with traditional VPN

Technologies guys after that I think I'm

going to need a coffee refill what do

you guys think about twin gate for me

the features the functionality the

capabilities are truly awesome

especially when you're thinking about

the home lab environment and accessing

your critical home lab services and

servers remotely I mentioned this

earlier but twin gate checks all the

right boxes for me for a modern VPN

solution that I can run in a kubernetes

cluster if I want to I don't have to

deal with firewall rules manage this

from the cloud and I can even use

terraform to configure it and add

resources manage it in a declarative way

but let me know what you guys think in

the comments please do like the video

subscribe to the channel keep your

coffee hot keep the VPN connected and I

will see you guys soon

[Music]

thank you