OpenVPN:Integration

This document describes how the OpenVPN server integrates with the reverse proxy system.

Integration Overview

The OpenVPN server is essential for the reverse proxy system:

Synology NAS connects via VPN (10.8.0.2) for DSM, Plex, and SSH

Caddy reverse proxy forwards public hostnames to local VPS services or to 10.8.0.2 via VPN

Services are accessible via HTTPS without exposing the NAS directly to the internet

All traffic is encrypted through the VPN tunnel

Network Flow

Internet → VPS (87.106.61.62)
  → Caddy
  → (local) MediaWiki / WebApp on 127.0.0.1
  → (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex

How It Works

Client accesses a public subdomain (e.g., `dsm.jb-vpn.uk` or `wiki.jb-vpn.uk`)

DNS resolves to VPS public IP (87.106.61.62)

Caddy receives the request on port 443 (HTTPS) and terminates TLS

For VPS-hosted services (wiki, WebApp), Caddy proxies to `127.0.0.1`

For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to `10.8.0.2`

The backend responds; Caddy returns the response to the client

Benefits

No Direct Exposure: Synology NAS is not directly accessible from the internet

Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN

Secure Access: Services are accessible via HTTPS while remaining isolated

Centralized Management: All services accessible through a single VPS

Requirements

For the integration to work:

OpenVPN server must be running on the VPS

Synology NAS must be connected to the VPN (10.8.0.2) for DSM/Plex/SSH forwards

VPN tunnel must be active (tun0 interface up) for Synology-backed hostnames

Caddy must be configured in `/etc/caddy/Caddyfile`

Verification

Check that the integration is working:

=== Check VPN is running ===
systemctl status openvpn

== Check VPN interface ==
ip addr show tun0

== Check Synology is connected ==
ping -c 2 10.8.0.2

== Check wiki on VPS ==
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/

== Check DSM on Synology (via VPN) ==
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1