I would like to set up an OpenVPN server at home so I can access my home network from other places. I plan to have a NAS, a general purpose server that runs Ubuntu and OpenVPN, router port forwarded to the OpenVPN server, and a bunch of regular computers. I’m currently in the planning state. Assume I’m in Los Angeles on vacation with a Windows laptop and my home is in New York.
After using the OpenVPN client on default settings, will all network traffic automatically go through the VPN? Will it be the equivalent of being a direct connect to an Ethernet port on my Ubuntu server? If I use a web browser in Los Angeles, would the internet treat it identical to me using a web browser directly on the Ubuntu server in New York? Would I automatically see any shared network folders (e.g. Windows shared folders, Samba) in my New York LAN on my laptop in Los Angeles?
Would Wireguard be an option? is a lot easier to handle and also faster. I learned OpenVPN and leanred a lot setting it up, but it’s just not worth it any more.
Yes it’s like a direct network connection toy our home network. There is an option to force all traffic through the gateway, which is what you are looking to do, not sure about what is default (been a while since I started using wireguard). You will see all your network drives and everything. More importantly, your traffic is obscured/encrypted so whatever unsecured wifi network you are on (hotel, etc.) will not be able to snoop on your traffic. Your ISP will see it all, just like if you are at home.
There are two options, “full tunnel” and “split tunnel”. Full tunnel sends all traffic back over the vpn, split tunnel only sends some. In almost all cases you want split tunnel, otherwise your internet experience is horrible. Split tunnel means that the openvpn server pushes a route to the device, like 10.0.0.0/16, then any traffic in that range is sent over the vpn. Traffic to any other IP address goes out over the regular internet. (FYI you can always deploy both on different ports, and then you can change based on your situation).
Normally you’ll also want to set your client dns to that of your home network over the VPN (nearly every openvpn config does this, so it’s easy). This means you can resolve network names to the right internal IP. This will also lookup internet names over your home connection, and may cause some strange CDN locality issues. But if you’re only in mainland US it should be fine.
Some people will suggest wireguard. It’s nice, and it works, but it doesn’t have all the features of openvpn (like dynamic IP address support).
You probably wouldn’t see shares automatically, that relies on layer 2 discovery. (Please note that you don’t want a layer 2 vpn, those are nasty). Instead if you browse to the computer directly (//nas), you’ll see all the shares there.
I also switched from OpenVPN to Wireguard. The server config is literally like 10 lines (vs pages), no need to generate certificates, less potential for bad misconfigurations, low attack surface, much faster, no slow reconnects on mobile,easy client config w/ full/split tunneling …