The only benefit that I'm aware of is that you avoid having to do port forwards from the router to the VPN server. But, you could use something like tailscale to avoid that. It's based on wireguard, but I don't know how viable it is to use on mobile devices, for instance. And it certainly would require client software to be installed on all the clients.Thanks both for your insights.
In my case I only want to tunnel IN to my LAN and access all my LAN devices. If I can get that functionality with the VPN server being on a LAN device rather than on the router I can see how that might be less hassle. At the moment I only have an ISP modem/router that doesn't have a VPN and on to which I am unable to install anything. I could set up OpenWrt router on a Pi again but don't really want to at the moment!
But I could swear there was some advantage to having the VPN server ON the router? Was there something about needing to set up static routes depending on which device in your network has the VPN server?
Flex
as far as routes, pistrong/strongSwan definitely takes care of the routing issues, and you can definitely access all the devices on the LAN from outside the network. It's automatic with wireguard as well, although you have to manually configure the settings. Don't know about openvpn.
Regardless of which vpn technology you choose to use, it would be worth reading some of the docs to see how they resonate with you. After all, you're going to be living the vpn dream with one of them once you get going
Statistics: Posted by bls — Mon Feb 26, 2024 1:59 am