After getting my lab going I find ever so often while at work or on a business trip, I need to do a quick test of a scenario and I have no access to my equipment. When I had regular ADSL internet this was not a problem as I could easily configure DYNDNS on my modem and then vpn into my network from outside. This is no longer the case however with the new fiber service as now my provider has implemented CG-NAT and is leasing a routable public IP for almost the same cost as the service.
I thought about using teamviewer but my lab network, by design is separated from my how network so not a viable option.
The next option I looked at is creating the equivalent of an hamachi tunnel where the remote sites dont need to rely on a local public IP but traffic between sites can be routed using the native private subnets.
My solution ended up looking like this.
I created an ubuntu VPS on the amazon cloud and installed strongswan 5.3 then I setup a tunnel between my edge router and the strongswan server, publishing all the subnets for both my lab and the house network.
I then created a roadwarrior account on the strongswan for my laptop and tablet then by the magic of VPN I now have access to my home network using all private IPs and most importantly, without having to pony up a rental fee for a public IP.