Jump to content

OpenVPN:Integration

From jb-vpn.uk Wiki
Revision as of 14:04, 16 May 2026 by Josh (talk | contribs) (Updated documentation from markdown files)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document describes how the OpenVPN server integrates with the reverse proxy system.

Integration Overview

The OpenVPN server is essential for the reverse proxy system:

Synology NAS connects via VPN (10.8.0.2) for DSM, Plex, and SSH

Caddy reverse proxy forwards public hostnames to local VPS services or to 10.8.0.2 via VPN

Services are accessible via HTTPS without exposing the NAS directly to the internet

All traffic is encrypted through the VPN tunnel

Network Flow

Internet → VPS (87.106.61.62)
  → Caddy
  → (local) MediaWiki / WebApp on 127.0.0.1
  → (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex

How It Works

Client accesses a public subdomain (e.g., dsm.jb-vpn.uk or wiki.jb-vpn.uk)

DNS resolves to VPS public IP (87.106.61.62)

Caddy receives the request on port 443 (HTTPS) and terminates TLS

For VPS-hosted services (wiki, WebApp), Caddy proxies to 127.0.0.1

For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to 10.8.0.2

The backend responds; Caddy returns the response to the client

Benefits

  • No Direct Exposure: Synology NAS is not directly accessible from the internet
  • Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN
  • Secure Access: Services are accessible via HTTPS while remaining isolated
  • Centralized Management: All services accessible through a single VPS

Requirements

For the integration to work:

OpenVPN server must be running on the VPS

Synology NAS must be connected to the VPN (10.8.0.2) for DSM/Plex/SSH forwards

VPN tunnel must be active (tun0 interface up) for Synology-backed hostnames

Caddy must be configured in /etc/caddy/Caddyfile

Verification

Check that the integration is working: 

=== Check VPN is running ===
systemctl status openvpn

== Check VPN interface ==
ip addr show tun0

== Check Synology is connected ==
ping -c 2 10.8.0.2

== Check wiki on VPS ==
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/

== Check DSM on Synology (via VPN) ==
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1
  • [System Overview](index.md) - Overall system architecture
  • [Server Configuration](server-configuration.md) - OpenVPN server setup
  • [Adding Services](index.md) - Configuring services
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=OpenVPN:Integration&oldid=260"