I’m looking to expand and further secure my home server, and I’ve been poking around at the FUTO self hosting guide, and as a result I’m looking to host OpenVPN then connect to my services through that.
However, is it safe to have the machine running OpenVPN connected to my router, with my router operating normally, but forwarding the port to the OpenVPN server?
Then once I’m into that, I’d connect to what I’d like. Unless I’m misunderstanding, this would offer me sufficient security, correct?
I do have a backup RPi that I might end up turning into a router as the FUTO guide suggests, but I’d rather not mess with my network where possible, plus I’d need to buy a switch.
You must log in or register to comment.
OP ignore anyone saying wireguard is better than openvpn, it’s not. they are two solutions used to solve for multiple problems.
openvpn is highly configurable and is more widely supported across almost all platforms but the learning curve is medium to difficult.
wireguard is easier to setup for first timers and has stronger encryption but lacks multiplatform support and has shorter track record ensuring security and viability.
some say wireguard is “faster”, but I haven’t seen any real world instances of this being true unless you get close to the theoretical full saturation of a 1g interface. unless you’re dealing with HA or high throughput apps in a commercial setting I doubt you will run into that issue.
personally I prefer openvpn because I use it across multiple platforms and have peace of mind knowing it’s a tried and tested solution with decades of public and private support.
Why the hell would the FUTO guide recommend OpenVPN? It’s a nightmare. I guess they also recommend pfSense instead of OPNsense so there’s that.
For your own sanity, learn about Wireguard.
This guide seems pretty dated. I wouldn’t recommend most things in here anymore, honestly.
The FUTO guide is a bit dated, but it still has some great info.
I have no idea what the FUTO guide is but I would make sure to setup the openvpn server so that you connect with user+password+client certificate.
That and being able to set it up to use 443/tcp are the primary benefits to openvpn compared to wireguard in my mind.It was posted here a while back. But yeah I should have linked to it in the main post.
If you’re in a situation where you can replace your router with a pfsense or opnsense as per that guide I would definitely go for it. I’ve setup some pfsense devices with openvpn servers and it’s been one of the smoother installs imo and they make the self-signed client certificate part really easy to get right.
No idea what you mean with the port assignment. You can run either on whatever port you want. Most residential ISPs block incoming on 80/443 anyway.
I must be lucky with my ISPs then, no trouble using 443/tcp for me.
To my knowledge Wireguard runs over UDP.
edit: And the reason to use 443/tcp is because it’s a port that will be open as outgoing from wherever your client tries to call home.This, I used to run an ovpn server to call home from restricted networks that didn’t allow for wireguard ports. I’ve since moved onto netbird, which runs wireguard under the hood and automatically syncs to a relay server when needed.
deleted by creator
I’d use something more modern. Wireguard at the very least, but Tailscale’s implementation of Wireguard makes things extremely flexible and simple to manage. Tailscale or ZeroTier, there’s a few of them now.
Have you considered Tailscale, ZeroTier, or even the evil Cloudflare Tunnels/Zero Trust options?
I’m not super familiar with those, so I haven’t.
Though I know I definitely don’t want to go for a cloud fare tunnel, as that’s very similar to what I’m trying to get rid of. I have like 3 game servers running through playit, which is essentially the same thing.
