I want to add OpenVPN to my home LAN. The main purpose is providing secure remote access to the entire LAN rather than a specific machine (SSH). For this project I am not concerned with anonymity, hiding, evading, etc. Just having secure remote access to the LAN -- and learning something about OpenVPN.
The big question:
where to install a VPN with respect to a typical home LAN while maintaining security for the LAN? (I have asked similar questions before on LQ, but I was too vague in those threads.)
I suppose the answer is "that depends."
I have a dedicated multi-purpose LAN server. Layout shown below.
Do I use port forwarding on the router and configure OpenVPN directly on my dedicated server? Is this secure?
Or configure OpenVPN on a virtual machine on the existing server? Would I need a second physical NIC to support this?
Or configure OpenVPN on a second physical "mini server" with two NICs? I prefer to avoid the cost of more hardware, but where would the device be installed?
Any thoughts and opinions are welcome.
I am running Slackware 14.2 64-bit on all LAN systems. I want to remain with Slackware for this project. I am aware of the
slack docs article.
My LAN:
Code:
Test Computer ------------------------|
| |VOIP ATA|
Computer ----------------| | |
Computer ----------------| | |
Computer ----------------| | |
Printer -----------------| | |
| VLAN |
LAN Server -----------|Switch|-----|Router|--------|Switch|-----|WISP CPE|
VLAN (Static IP)
Guest Computer -----------------------|
As always, thanks!
Side comment: I use SSH and SSHFS through port forwarding on my router. Works fine, but I want a VPN because SSH connects me to a machine whereas a VPN connects me to the network. Connecting to the network solves problems such as shortcuts, bookmarks, VNC, network mapping, and scripts functioning correctly.