0

Seeking a bit of guidance on how I should set up my OpenVPN tunnel from client -> gateway server -> home server.

Right now I'm running an Ubuntu 20.04 server on my home network. In order to

  • have a static IP address for DNS purposes
  • depend on some built in security features from my cloud provider
  • restrict incoming traffic on my home network from one location
  • some extra encryption to hide from my ISP or anyone else that feels like snooping around

The way I've accomplished the above thus far is by:

  • Setting up an OpenVPN server on a VPS on Oracle Cloud. Most of the configuration I've got so far is from the sample server configuration found on Ubuntu's OpenVPN tutorial and a collection of other resources from either Ubuntu or OpenVPN.
  • Configure ipables and Oracle security filters to allow for traffic on port 1194
  • Configuring a firewall on my home server to only allow traffic on necessary ports (only 22 right now, but the list is intended to grow)
  • Configure port forwarding on my home router to only accept incoming traffic from the VPS's IP address on the necessary ports (still only port 22)
  • Distribute *.ovpn files to my intended clients with some fun PKI information attached to it
  • Connect to the VPN from a client machine, from there SSH (or whatever other service) into my home server.

Now, with the above I'm securely able to get from client -> gateway -> home network, however the jump from the gateway to my home network is missing something...

Nothing's encrypted anymore. Data was encrypted at my client, decrypted on Oracle, and then sent in plain text (if I'm not using a different secure protocol) to my home network.

My IPS and any other big bad internet tough guy has access to my raw packets.

I think I want to set up an additional client/server relationship between my server and the VPS. Is that the appropriate route? What are the advantages and disadvantages here?

How would that work? Would each client need an additional client configuration waiting on the VPS, or can the VPS be a singular client that forwards traffic for all users?

My example project here might seem a bit mundane, but lets also pretend that there are multiple home servers. This gateway server is intended to be a jump server for any of my "organizations" servers.

In addition, you may or may not have been able to tell (lol) that I am extremely new to this stuff and if any of you have some literature or resource's you'd recommend in this area, I'd love to hear about it.

For example, I am a Software Engineer and I think a critical piece of literature is Programming Language Pragmatics by Michael Scott.

Improve this question
New contributor
backward forward is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .