I have wanted to set up a VPN server into my home network since before I fully understood what a VPN server could do. Back then I knew it could facilitate me being able to access my files in my home network while remote, however, if you were to ask that version of me how to set it up he would wind up embarrassing himself. The fact of the matter is I have two key choices to be able to do this
In an ideal world, I want to set up Wiregard on Open BSD. The reason behind this is because, in my opinion, and many others, OpenBSD is one of the most secure server operating systems in circulation today. The reason behind this is that they implement a secure by default design, facilitated by its minimal attack surface. This is especially important because this is going to be the only port that will be open on my network. If I am going to open a hole in my perimeter, which anyone can scan or enumerate at any point, then I want to trust the tech stack that is running on that hole - this is especially true for the operation. This is a similar reason why in this ideal configuration I will be running Wiregaurd - while it is the new kid on the block, it does many things a lot better than a lot of its competitors. The reason behind this is that the underlying protocol is very simple
Notice however how I said ideal? Well, this is where we move into Agile territory, where that is the end goal but the MVP is going to be Wireguard running on Ubuntu. Now there is nothing wrong with this software combination; It works, and it is reasonably secure. I am choosing this to start with because there are many many tutorials, some from content creators that I trust, on setting up this sort of server (the one I will be following is this one from wolfgangs channel). If it fails with wireguard however, I will settle for OpenVPN in the meantime while I learn more about WireGuards setup.
Also worth mentioning here is my issue with BT. Now this is not a problem as long as I configure the VPN correctly, however, I do not want to be put in this position for much longer. Because my TP-Link router is not plugged into the demarcation port directly, all traffic still flows through the original ISP router, which is not in bridging mode. What this means is that my home network is essentially a private network, within a private network - which is cringe. This means if I want to port forward my VPN connection, I need to port forward it on the TP-Link router, with it pointing to the Raspberry Pi AND THEN port forward the BT Router to point to the TP-Link router. While this is not difficult to do, I do not like it, and because of that, I want to treat depreciating the BT router as a P2 in the medium term. I need to replace the BT Router with a modem, and from the research, I have done the Huawei HG612 is the model that was typically used by BT back in the day, and can still be bought from eBay fairly cheaply (either that or I go ham and buy this). The only other issue is that one of our home lines runs into the BT Router - I think I can plug this directly into a phone itself, but I will need to look into this.
A general purpose blog for me to braindump anything I might be thinking about. Please dont hesistate to reach out if you have any questions