Having one or more external servers is required to have proper and resilient home access from outside.

I will assume you have at least two external servers with public IP addresses:

• external-server1 with IP 99.99.99.99
• external-server2 with IP 77.77.77.77

Whether they are commercial servers, rented hardware, virtual servers or some box you plugged in in secret at your uncle workplace, i don't care. All you need is a public IP with a Linux operating system and a domain that you can point to it.

The best choice would be a physical hardware with unlimited bandwidth and data cap, and with free network attached console.

Now stop dreaming and get real.

I rent some hardware from a local provider, it's quite cheap and has been proved reliable over the years. You could do the same or get a Virtual Server (VPS) which are even chaper.

Things you need:

• public IP address
• enough bandwidth (10Mbit/s or better)
• possibly no data-cap, or a reasonable one (100Gbit/months should be fine for light usage)
• Linux operating system
• Remote SSH access to the server (or some kind of VDI access)

Things you might want to consider (price for value):

• Access to network console, for when the server doesn't boot and you need good old keyboard&mouse
• Freedom to install your own OS (which will be Gentoo of course!)

Things that don't need money spent on:;

• Storage (no data will be stored locally, only enough to install OS is needed)
• RAM (8Gb should be more than enough, no services will run on the machine)

Physical or Virtual server, that's up to you. Physical servers usually are more flexible (you can choose your OS) but more expensive.

I assume you can install your own OS, so let's install Gentoo. Follow the Quick & Dirty Gentoo Installation but on your external server.

You don't need to install anything beside the bare minimum of the basic text-only installation.

Do not create any additional users except one unprivileged user, because you don't want to login as root remotely.

Referring to Remote Access page, you will want to install socat and create a tunnel user as well.

I will assume your server has IP 99.99.99.99.

To access home remotely and securely, using SSL/HTTPS with regular certificates, you must have a domain. Get whatever domain you can, the level doesn't matter but you must be able to add subdomains to your domain.

In this page i show how you need to set-up the domain for the internal network by adding your subdomains pointing to your home server. This of course will not work when accessing from outside.

Assuming you own mydomain.com and home.mydomain.com and external.mydomain.com, here is how they would map on your public domain:

• mydomain.com → 99.99.99.99
• home.mydomain.com → 99.99.99.99
• external.mydomain.com → 99.99.99.99

While, in the /etc/hosts on your home server they will map as:

• mydomain.com → 10.0.0.1
• home.mydomain.com → 10.0.0.1
• external.mydomain.com → 99.99.99.99