The Pangolin client on your laptop creates a WireGuard tunnel to the Pangolin VPS. Through that tunnel you can reach every service on the home and farm LANs using their normal IP addresses โ nothing is exposed to the public internet.
Laptop (hotel/airport) โ WireGuard โ Pangolin VPS (172.93.50.184)
โ Newt (Proxmox PVE 192.168.8.221) โ Home LAN (192.168.8.x)
โ Newt (Farm PVE 192.168.0.191) โ Farm LAN (192.168.0.x)
Pangolin uses resource-based access control โ clients can only reach resources that an admin has explicitly defined in the dashboard, not entire subnets. This keeps everything private: no public URLs, no open ports on the home router.
At home, disconnect the Pangolin client. It routes
192.168.8.0/24through the tunnel, which conflicts with direct LAN access. Only connect when you’re away (see At Home vs. Away below).
| Component | Location | Role |
|---|---|---|
| Pangolin client | Your laptop | WireGuard VPN โ connects you to home/farm networks |
| Pangolin client | Mac Studio (192.168.8.180) | Provides farm LAN access from home network |
| Pangolin | VPS (172.93.50.184) | Auth, coordination, relay |
| Gerbil | VPS | WireGuard server |
| Newt | Proxmox PVE (192.168.8.221) | Tunnel endpoint for home LAN (systemd service) |
| Newt | Farm PVE (192.168.0.191) | Tunnel endpoint for farm LAN (systemd service, v1.10.1) |
The Pangolin client is already installed on the MacBook. To connect:
pangolin
Credentials are saved in ~/Library/Application Support/olm-client/config.json from the first run. No need to re-enter them.
Verify it’s working:
ping 192.168.8.180 # Mac Studio
ping 192.168.8.100 # Docker CT 100
ping 192.168.0.50 # Farm Home Assistant
If pings work, open any service URL in a browser. You’re on the network.
Once connected, use the same LAN URLs you’d use at home.
Mac Studio (192.168.8.180)
| Service | URL |
|---|---|
| Life Archive Search | http://192.168.8.180:8900 |
| Life Archive MCP | http://192.168.8.180:8901/mcp |
| Paperless-NGX | http://192.168.8.180:8100 |
| Hugo Docs | http://192.168.8.180:1313 |
| SyncThing | http://192.168.8.180:8384 |
| SSH | ssh bee@192.168.8.180 |
| Screen Sharing | vnc://192.168.8.180 |
Docker โ CT 100 (192.168.8.100)
| Service | URL |
|---|---|
| Portainer | https://192.168.8.100:9443 |
| Uptime Kuma | http://192.168.8.100:3001 |
| Navidrome | http://192.168.8.100:4533 |
| Audiobookshelf | http://192.168.8.100:13378 |
| N8N | http://192.168.8.100:5678 |
| Gotify | http://192.168.8.100:8070 |
| Lidarr | http://192.168.8.100:8686 |
| FreshRSS | http://192.168.8.100:8180 |
Proxmox (192.168.8.221)
| Service | URL |
|---|---|
| Proxmox VE | https://192.168.8.221:8006 |
| SSH | ssh root@192.168.8.221 |
Farm โ Brownsville (192.168.0.x)
| Service | URL |
|---|---|
| Home Assistant | http://192.168.0.50:8123 |
To use Life Archive tools from Claude on your laptop while away, add the MCP HTTP server to your Claude config:
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"life-archive": {
"url": "http://192.168.8.180:8901/mcp"
}
}
}
Claude Code (~/.claude/settings.json):
{
"mcpServers": {
"life-archive": {
"url": "http://192.168.8.180:8901/mcp"
}
}
}
This gives you life_archive_search, life_archive_entity_lookup, life_archive_temporal_search, and life_archive_stats โ same as at home. Requires the Pangolin client to be connected.
Navidrome speaks the Subsonic API. Use a Subsonic-compatible app on your phone with the Pangolin client running.
iOS apps: play:Sub, Amperfy, iSub
| Field | Value |
|---|---|
| Server URL | http://192.168.8.100:4533 |
| Username | Your Navidrome username |
| Password | Your Navidrome password |
Requires the Pangolin client running on the phone (if available) or on the same network as a device running it.
Do this before leaving:
- Disconnect Pangolin client on laptop (don’t need it at home)
- Verify all services are running:
http://192.168.8.100:3001(Uptime Kuma) - Verify Pangolin Dashboard shows Proxmox Home site Online
- Verify Pangolin Dashboard shows Farm Brownsville site Online
- Add Life Archive MCP config to Claude on laptop (see section above)
- Bookmark this page:
http://192.168.8.180:1313/homelab/remote-access/
Once in KC:
- Connect Pangolin client:
pangolin - Test:
ping 192.168.8.180 - Open any service URL to confirm
The Pangolin client routes 192.168.8.0/24 through the WireGuard tunnel because the Proxmox Home site defines that as its network. This is by design โ it’s how clients reach home services when they’re away.
When you’re already on the home LAN, this creates a conflict: traffic to 192.168.8.x goes through the tunnel instead of staying local. There is no split-tunnel or local-network-detection feature in Pangolin yet (community request pending).
The rule is simple:
- At home (laptop): Disconnect the Pangolin client. You’re already on the LAN.
- Away (KC, travel, anywhere else): Connect the Pangolin client. Everything works by LAN IP through the tunnel.
- Mac Studio: Runs its own Pangolin client permanently so it can reach farm resources (192.168.0.x) from the home LAN. This is separate from the laptop client.
| Problem | Fix |
|---|---|
| Can’t reach anything | Is the Pangolin client connected? Run pangolin |
| Pings work but browser won’t load | Service is stopped โ SSH in and restart it |
| Everything down at once | CT 100 is probably down โ open Proxmox at https://192.168.8.221:8006 and restart CT 100 |
| Farm services unreachable | Farm Newt offline โ check Pangolin Dashboard; requires on-site fix if farm internet is down |
| Pangolin client won’t connect | Check VPS: ssh admin@172.93.50.184 โ make sure Pangolin/Gerbil are running |
| Works at home but not away | You were testing with Pangolin client off; connect it |
| LAN broken while Pangolin is on at home | Disconnect the client โ you’re on the LAN already (see At Home vs. Away) |