So basically, I will be away from home for several weeks. Unfortunately, this became the perfect time for our home router to start acting out and factory resetting itself. We are awaiting a new router for replacement, but the time is tight.
My stuff is ethernetted in, so that connectivity isn’t an issue - the issue is that I couldn’t actually connect to the router to restore services even if it had internet by fixing all the settings including port forwarding.
What I would like would be the ability to have a VPN perhaps connected to my homelab, so I can hop on the router and restore the settings if this issue happens while I’m away. Any ideas?
You must log in or register to comment.
In addition to Netbird, I also suggest Pangolin, https://pangolin.net/ it’s quite efficient at what it does but either way would work fine if you want to self host it.
I’m keep thinking at some point tailscale is going to incorporate a feature similar to pangolin. I mean pangolin is just a proxy server tied to wireguard ( or newt). You can also do very similar things with cloudflare.
True, but the point is you don’t need cloudflare or tailscale (i know headscale exists), so end to end you can likely trust it.
I much prefer things self-hosted. I was just saying I wouldn’t be surprised if tailscale offers something similar to pangolin.
Ahh, thank you for clarifying. Sorry :/
Tailscale. Create an account, put the client on the LAN device, put the client on the remote device, log in on both, you’re done. It bypasses NAT, CGNAT, and the firewall through some UDP black magic fuckery. As long as the router allows outgoing connections, it will work.
If the factory resets cause the router to lose connection to the ISP, though, then nothing will work.
Netbird is EU-based and similar to Tailscale (and its fork Headscale).
Tailscale would work as another user said. You could run TOR too. I’ve got a TOR service that I can SSH into for “plan b” if my VPN is down. It doesn’t need port forwarding.
Tailscale or headscale if you have a VPS.
Even without a VPS Tailscale will work fine after the router resets.
Oh yes absolutely. I actually have Tailscale installed on a pfsense machine in several data centers with no up overlap and routed subnets. Works like a dream. I finally convinced work we needed to buy this. It just works too well.
But for headscale, which is essentially just a self-hosted tailscale, you should probably have a machine somewhere on the public internet to coordinate it all.
@Flax_vert I don’t get the hate of poet forwarding. Wireguard is very secure and if it doesn’t get the handshake port just shoes as closed.
Because if my router factory resets, the ports are closed
deleted by creator
The more open ports, the larger the attack surface.
That’s all.
And today with the script kiddies out there, port scans happen all the time.
I’ve had a consumer router become almost useless from all the attempted connections on an open port someone found that I had up for a week.
Months later I’d still get hits on that port though it had been closed.
There are ~50,000-60,000+ available IP ports. If you had Wireguard configured correctly and running on every single one of them a port scanner would get exactly the same result as if every port was closed. Wireguard is completely silent unless the correct key is provided.
The “script kiddies” could scan every port for months and they’d get the same result. There is no known way to even know there’s an open port much less know that Wireguard is running on it AND have the correct key for access.
I understand being gun shy after your experience (I would be too), but that experience has nothing to do with what happens when you open a port for Wireguard.
Without a secondary internet connection this isn’t possible.
The router is the connection - its the gateway (a term we don’t hear much these days).
You could setup an independent connection via a cell modem - becoming a secondary connection. This is common for remote locations or even small businesses that need a failover just for management.
You could even have it on a single machine and have a vpn there. Then you could RDP/VNC to that one machine and manage things from there. I’ve done the VPN this way with Tailscale. One machine has it (I’ve even done it with a Raspberry Pi), then you can RDP/VNC to other machines from there.
But there’s not much I could see you doing if the gateway is down anyway.
Even with something like no-ip, which some routers support, if the gateway is down, nothing is going to happen.
if op still has connection, but the router just reset itself and closed all the ports, tailscale could help.
but yeah if the connection goes down, there’s no way in.
Yea, Tailscale would work even if the router was fully reset.
Chiming in to say: I’ve had issues in the past where the WiFi router was factory resetting itself and it turned out this can happen if the power supply isn’t powerful enough for the device. In this case, I think I had gotten the WiFi router 2nd hand from Goodwill or something, and the provided power supply fit in the port, and it had the same voltage, but was an amp underpowered, instead of being something like 12volts 3.5amps, the plug was supplying 12volts 2.5amps, and I guess everything was fine until the unit needed more power (likely from routing high amounts of traffic, or more WiFi units connected)
I had no idea factory resetting could be the result of something like this so I was at a loss for a while until I found the info online.
So: check to make sure that
-
The power supply matches what the unit is requiring, and if it is,
-
If you have another power plug that matches the barrel jack size, volts and amps, try using that one in case the power supply itself is going bad.
At least as many amps. An over-specced PSU is fine in watts or amps, but if voltage is too far off, you’ll see just the same issues, or worse, it’ll get fried.
(PSUs do require a certain level of load to run, especially efficiently, so don’t have a whopping 15A PSU for a 500mA device, but anywhere in the same ballpark is fine.)
-
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CGNAT Carrier-Grade NAT DNS Domain Name Service/System IP Internet Protocol NAT Network Address Translation PSU Power Supply Unit SSH Secure Shell for remote terminal access UDP User Datagram Protocol, for real-time communications VNC Virtual Network Computing for remote desktop access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) k8s Kubernetes container management package
11 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.
[Thread #132 for this comm, first seen 4th Mar 2026, 02:40] [FAQ] [Full list] [Contact] [Source code]
Not what you asked, but regardless of whatever else you’re doing, I would take any really critical data you need, encrypt it, put it on a laptop or other portable device, and bring it with you. Trying to throw together some last-minute setup that you rely on and can’t easily resolve remotely is asking for trouble.
Another fallback option, if you have a friend who you trust and can call and ask them to type stuff in – give 'em a key before you go and call 'em and ask 'em to type whatever you need if you get into trouble.
Some kind of time switch to make the router reboot at regular intervals. Then hope that this prevents the factory reset.
If the router reconnects to the internet when it factory resets and it still works as a gateway, there may still be hope. You’d need some SSH host on another machine behind the router; you’d probably also need some sort of minimal VPS. You could setup a reverse SSH tunnel on the SSH host that would tunnel through the router to the VPS, then you’d be able to connect through the VPS into your network.
Honestly tho, this is a lot of work and if time is tight you might just wanna roll to a store and buy whatever cheap router you can find to limp along til you get back.
A jumpbox. Set up a VPS somewhere, have some remote hands at home set up a VPN client to connect to the VPS, and then you connect to the VPS as well.
Alternatively, is it possible that your ISP can remote config your router and set up the port forwarding again for you?
You could setup netbird on a jump server (VPS hosted somewhere) and have a machine inside your home network tunnel out to the netbird server, allowing reverse tunnel access inside of your network. Lowendbox has some good deals on VPS that would work well for this. This is what I do.
If you don’t want to pay for a VPS, you could use your laptop or whatever you’re going to use while traveling to be the netbird server. Use a DDNS service or just manually update a DNS record for a domain to point at your travel device IP and the home device should be able to tunnel out and make the connection to the netbird server on your travel device. Not a great long term solution, but would work in a pinch and domains are fairly cheap if you don’t have one already.
Netbird is pretty great for this type of thing and there are some good guides on YT for getting it up and running. You could even relay a reverse tunnel connection through a device inside your network to your homelab or the router.
