Connecting remotely through OpenVPN and adding let's encrypt to Nextcloud

  • I have been running OMV for a couple of months now with Nextcloud, Jellyfin, and Bitwarden. Everything is connected to the Network through a PFSense Router. I really like it. It has been stable, backups are easy (both data and OS), and it's really easy to use. There are a few things that are stopping me from getting rid of some of my other online services.


    One, is that I still haven't managed to access the system from outside my network. Preferably, I would like to do this with an OpenVPN connection so I am more protected. I followed some of the tutorials I found on Youtube, but none of them worked. I am not sure what the issue is but I feel like maybe there is some step I am missing.


    The other major thing is that I am running a private certification which causes me to get a warning every time I access the Nextcloud. This wouldn't be a big deal except it blocks me from adding Nextcloud to Gnome accounts, which blocks me from seeing teh files on my desktop. Recently, I tried to sync Joplin notes to it and ended up with the same problem.


    I would be very grateful if someone can help me solve these two issues.

  • I run OpenVPN on my pfsense router. Are you doing that or running it on OMV?

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 16GB ECC RAM.

  • I am trying to do it through the router, but so far have failed every time. I have used several different methods/howtos. I don't need an actual VPN right? Is there maybe some major step I am missing.

  • You need an OpenVPN client application on the machine you will be connecting from. You do not need a third party VPN service.


    This is the HowTo I used.


    Code
    https://chrislazari.com/pfsense-setting-up-openvpn-on-pfsense-2-4/

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 16GB ECC RAM.

  • I tried that one as well as a few on Youtube and never got it working. Perhaps there is some setting on PFSense that is blocking it. I will try to reset PFSense to default and try again.

  • If the OP still wants the VPN on pfsense, then WG is not an option.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 16GB ECC RAM.

  • Yes, preferably on PFSense as I would like to access the local network, including all the files/apps on the server such as Nextcloud, Jellyfin, etc.

  • You need an OpenVPN client application on the machine you will be connecting from. You do not need a third party VPN service.


    This is the HowTo I used.


    Code
    https://chrislazari.com/pfsense-setting-up-openvpn-on-pfsense-2-4/

    So, just to be clear. I don't need any kind of third party service. I just need to correctly setup my router and my computer? I don't need any kind of dynamic dns or dedicated IP?

  • You do not need third party VPN service.


    You will need a host name. A dynamic DNS host name will do. I use one on duckdns.org, it's free. There are others that are free.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 16GB ECC RAM.

  • Okay, maybe that is the step I am missing. I didn't have a dynamic DNS setup. Is there any security issue when using something like this?


    Thank you for your help!

  • The final step of the setup is "Configuring OpenVPN Client Access on PFSense." This is where the client credential is created and where the server host name must be placed. You can use an IP address instead of a host name, but if your IP is dynamic and it changes the credential will be worthless and will have to be recreated.


    So just setup dynamic DNS service in pfsense. For a duckdns.org host you use the Custom Service type in pfsense and all you need to put in is the Update URL which duckdns.org will give you.


    With an OpenVPN setup like this you will be generating a Client Access Credential. Anyone who has the credential can connect to the server, so use a strong password on the credential when you create it. If you give the credential to others, then you are trusting them. You can however, revoke the credential at any time.


    Follow the HowTo exactly and it will Just Work™

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 16GB ECC RAM.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!