This setup keeps multiple local ports automatically forwarded to your home lab machines whenever you are away from home (coffee shop, hotel, mobile hotspot, etc.).
As soon as you come back home or connect to your WireGuard VPN, the tunnel stops itself – no duplicate tunnels, no wasted bandwidth.
larry1chan@qq.com
e269928465
first commit
|
1 月之前 | |
|---|---|---|
| readme.md | 1 月之前 | |
| start-tun.sh | 1 月之前 |
readme.md
README – Persistent Home-Lab SSH Tunnel (autossh + systemd)
This setup keeps multiple local ports automatically forwarded to your home lab machines whenever you are away from home (coffee shop, hotel, mobile hotspot, etc.).
As soon as you come back home or connect to your WireGuard VPN, the tunnel stops itself – no duplicate tunnels, no wasted bandwidth.
(this set up has been tested on my ubuntu HP laptop (kirin)
What it does
- Forwards these ports from your laptop → home network:
- 3000 → ryzen7 Ollama
- 8188 → ryzen7 ComfyUI
- 3822 → ryzen7 SSH
- 11922 → yazoo SSH
- 9084 → yazoo Transmission-GM web UI
- Uses key-based authentication (passwordless)
- Survives suspend/resume, reboots, Wi-Fi changes, temporary disconnects
- Automatically disables itself when you are already at home or on your own WireGuard VPN
Files & Locations
~/.ssh/start-my-tunnel.sh ← main script (this file)
~/.config/systemd/user/my-ssh-tunnel.service ← systemd user service
~/autossh-tunnel.log ← runtime log (optional but useful)
Prerequisites (done once)
# Install autossh
sudo apt update && sudo apt install autossh
# Make sure your SSH key is in the jump box (oscara2.hopto.org)
ssh-copy-id root@oscara2.hopto.org -p 4922
# (or manually paste ~/.ssh/id_ed25519.pub into /root/.ssh/authorized_keys on the jump box)
Installation steps (copy-paste)
# 1. Save the script exactly as-is
mkdir -p ~/.ssh
curl -o ~/.ssh/start-my-tunnel.sh https://raw.githubusercontent.com/yourrepo/... # or just edit it manually
chmod +x ~/.ssh/start-my-tunnel.sh
# 2. Create the systemd user service
mkdir -p ~/.config/systemd/user
cat > ~/.config/systemd/user/my-ssh-tunnel.service <<'EOF'
[Unit]
Description=Persistent home-lab SSH tunnel (autossh)
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
Restart=always
RestartSec=10
ExecStart=/home/%u/.ssh/start-my-tunnel.sh
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
[Install]
WantedBy=default.target
EOF
# 3. Enable and start it
systemctl --user daemon-reload
systemctl --user enable --now my-ssh-tunnel.service
That’s it. From now on everything is 100 % automatic.
How to check everything is working
# Quick status
systemctl --user status my-ssh-tunnel.service
# Live logs
journalctl --user -u my-ssh-tunnel.service -f
# See the actual listening ports
ss -ltnp | grep autossh
# Or check the old-school log
tail -f ~/autossh-tunnel.log
When the tunnel should NOT start (and it correctly doesn’t)
| Condition | Detection method used | Variable in script |
|---|---|---|
| Connected to home Wi-Fi “W739A” | SSID check via iwgetid |
HOME_SSID="W739A" |
| Your own WireGuard VPN is up | Interface wg0 exists |
VPN_INTERFACE="wg0" |
| You can already reach an internal machine | Direct TCP connect test to 192.168.6.1:22 | DIRECT_REACH_TEST |
You can comment-out or modify any of these checks if your setup changes.
Updating the port list later
Just edit the FORWARDS=( ... ) array in ~/.ssh/start-my-tunnel.sh and then restart the service:
systemctl --user restart my-ssh-tunnel.service
Removing everything (if you ever want to)
systemctl --user disable --now my-ssh-tunnel.service
rm ~/.config/systemd/user/my-ssh-tunnel.service
rm ~/.ssh/start-my-tunnel.sh
systemctl --user daemon-reload
Enjoy seamless access to Ollama, ComfyUI, and your home servers from anywhere — with zero manual intervention.