Jump to content

Remote access via OpenVPN or SSL-encryption?

Hello everyone!

I want to access my homeserver from the outside. Reason being that I want to be able to access all the photos on it when I´m e.g. at my grandmothers place. I also want to share my media library with my friends as well as letting them play on a gameserver I´m hosting. What process should I use? I figured I could use OpenVPN which would be pretty safe as I dont have to poke a hole into the firewall as well as that other people need a file that I create as confirmation to be able to access the homenetwork. But this would be a problem right? Once they have connected to it, it would be like they are on the same network. That would mean that all traffic they are generating (e.g. illegal traffic or just a lot of traffic in general) is seen by my ISP. I really don´t want to have that risk. So can I use OpenVPN to let them access only the services my homenetwork provides and not have them access the internet from there? So when they google something it will go through their ISP?

The next option i´ve seen is OpenSSL. I really don´t know if i understand that quite right but let me try. I create a certificate which has to be installed on my server as well as the clients PCs. Only those who have this particular certificate can access the server via https. I then deactivate all http traffic and only allow https connections. Would that do the trick? Is that even possible? It would be very kind of someone can help me out here.

Thanks so much in advance

~Söfgi

p.s. Is a reverse proxy also a smart thing to consider as I have to poke only one whole through the firewall?

Link to comment
Share on other sites

Link to post
Share on other sites

Hi,

You can host your own OpenVPN server in a virtual machine on your server, this will allow any connection as if youre physically present in your home. Just install Pfsense (or any other operating system that can run an OpenVPN server) and use this guide, it explains all the certificates etc:

Edit: theres an option in Pfsense that forces all traffic through the tunnel, if you leave that unchecked only traffic meant for the lan should go through the tunnel, wan connections should go straight to the internet via their own gateway. But i'm not an expert on this...

 

Link to comment
Share on other sites

Link to post
Share on other sites

You can create an OpenVPN server for only accessing your servers.

OpenSSL is indeed for creating certificates that you would use in applications but you would need to open ports for those services.

Link to comment
Share on other sites

Link to post
Share on other sites

On 10/14/2019 at 9:54 PM, mtz_federico said:

You can create an OpenVPN server for only accessing your servers.

OpenSSL is indeed for creating certificates that you would use in applications but you would need to open ports for those services.

thank you very much! So OpenVPN is a viable option for me. Nice! Still i dont mind opening one port as long as i can use the ssl method then i guess.

Link to comment
Share on other sites

Link to post
Share on other sites

On 10/14/2019 at 8:44 PM, Olaf6541 said:

Hi,

You can host your own OpenVPN server in a virtual machine on your server, this will allow any connection as if youre physically present in your home. Just install Pfsense (or any other operating system that can run an OpenVPN server) and use this guide, it explains all the certificates etc:

Edit: theres an option in Pfsense that forces all traffic through the tunnel, if you leave that unchecked only traffic meant for the lan should go through the tunnel, wan connections should go straight to the internet via their own gateway. But i'm not an expert on this...

 

Thank you! If the wan doeas go through their own gateway and not through mine i should be safe. But i guess i can check that by looking up my public IP when in a VPNtunnel.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×