Options for remotely accessing Linux server

Hi there.

I would be really grateful for some advice on how to safely connect to my Linux when outside of my home network.

I am running Openmediavault 6.

Are there any free ways to securely access my server from a mobile phone or PC, remotely?

I have been looking at VPNs (OpenVPN and Wireguard).

I have also been looking at Reverse Proxies like Cloudflare.

I cannot really tell the difference between them.

Any assistance would be much appreciated.

I recommend using OpenVPN with unique digital certificates and tls-auth. This gives you a very well-protected entryway which is concealed from view: those "scanning" your system will not detect that anything is there. So, there will be zero "unauthorized access attempts." Yet, to an authorized user, opening the tunnel is as quick and easy as clicking a button. Every piece of data that passes between the systems – each of which can securely identify the other – will be encrypted automagically.

Your home router may have a VPN too.

as that distro supports ssh, open that port and configure the sshd to accecpt X11 forwarding if you want access to the webUI without opening that to the world. Id also configure passwordless connection and mandate RSA token for login.

As for your phone getting access to the webUI, for that you will require a VPN. As mentioned above OpenVPN would be free and eventhough not easy, is still something you can find good documentations to install/configure/test.

Most phones also have the option of installing a Terminal that can be used to issue ssh commands. dont think the X11 forwarding will work on a phone, but i know ssh does work without to much issue, at least in the Android world. Cannot say for iOS devices.

did you try ddns already?

I use Tailscale to connect to my home server from my laptop or phone. Setup is stupid easy, but has all the security of Wireguard that it is build on.
Plus I have my NAS set to run as an end-point, so I can use it as a VPN exit from my other devices.

Thanks guys - much appreciated.

I am really not very good when it comes to networking, so I have been looking up some of the above. Am a bit out of depth on this one!

Is Cloudflare worth considering as an option?

I am not quite sure whether that counts as a VPN or not.

How are you accessing the files? You might get away with inbound (dmz) and iptables depending on the protocol.

I once again recommend OpenVPN precisely because it is a (digital-certificate secured) tunnel. Functionally, it behaves as a TCP/IP router (or switch), but which is cryptographically secured. It is therefore exactly what the name implies: a truly-private and reliable network connection that is also "virtual," taking place over an insecure public network. The users of the system not only do not need to "know how the trick is done," but they don't even need to know that "trick" is being done at all. And, unlike a simple "password," a digital certificate cannot be "hacked."

Authorized users bearing non-revoked certificates simply click on the icon at the top of their screen and wait a few seconds for it to turn from gray to black. They then think nothing further of it ...

Apart from the technical issues, keep in mind that unless you pay for a static (aka Business ctc) IP from your ISP, many will block home based servers / ports.
You should check with them before you try to implement a soln.

Quote:

Originally Posted by elsmandino Thanks guys - much appreciated. I am really not very good when it comes to networking, so I have been looking up some of the above. Am a bit out of depth on this one! Is Cloudflare worth considering as an option? I am not quite sure whether that counts as a VPN or not.

Cloudflare is a CDN, Content Delivery Network they do not have a VPN service they offer that I know of. You might be thinking of their DNS service 1.1.1.1

To save you a bit of time, if you do go with OpenVPN and will not have more then 2 users, then download the trial version of Access Server from openvpn.org as that has the web interface that makes everything easy. It is free to use but only allows 2 users to connect.
The opensource version you can get from your distro repository does not have the web interface so it needs to be setup and configured from the command line, but has no user limit.