Jump to content

OpenVPN:Integration

From jb-vpn.uk Wiki
Revision as of 14:04, 16 May 2026 by Josh (talk | contribs) (Updated documentation from markdown files)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document describes how the OpenVPN server integrates with the reverse proxy system.

Integration Overview

[edit]

The OpenVPN server is essential for the reverse proxy system:

Synology NAS connects via VPN (10.8.0.2) for DSM, Plex, and SSH

[edit]

Caddy reverse proxy forwards public hostnames to local VPS services or to 10.8.0.2 via VPN

[edit]

Services are accessible via HTTPS without exposing the NAS directly to the internet

[edit]

All traffic is encrypted through the VPN tunnel

[edit]

Network Flow

[edit]
Internet → VPS (87.106.61.62)
  → Caddy
  → (local) MediaWiki / WebApp on 127.0.0.1
  → (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex

How It Works

[edit]

Client accesses a public subdomain (e.g., dsm.jb-vpn.uk or wiki.jb-vpn.uk)

[edit]

DNS resolves to VPS public IP (87.106.61.62)

[edit]

Caddy receives the request on port 443 (HTTPS) and terminates TLS

[edit]

For VPS-hosted services (wiki, WebApp), Caddy proxies to 127.0.0.1

[edit]

For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to 10.8.0.2

[edit]

The backend responds; Caddy returns the response to the client

[edit]

Benefits

[edit]
  • No Direct Exposure: Synology NAS is not directly accessible from the internet
  • Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN
  • Secure Access: Services are accessible via HTTPS while remaining isolated
  • Centralized Management: All services accessible through a single VPS

Requirements

[edit]

For the integration to work:

OpenVPN server must be running on the VPS

[edit]

Synology NAS must be connected to the VPN (10.8.0.2) for DSM/Plex/SSH forwards

[edit]

VPN tunnel must be active (tun0 interface up) for Synology-backed hostnames

[edit]

Caddy must be configured in /etc/caddy/Caddyfile

[edit]

Verification

[edit]

Check that the integration is working: 

=== Check VPN is running ===
systemctl status openvpn

== Check VPN interface ==
ip addr show tun0

== Check Synology is connected ==
ping -c 2 10.8.0.2

== Check wiki on VPS ==
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/

== Check DSM on Synology (via VPN) ==
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1
[edit]
  • [System Overview](index.md) - Overall system architecture
  • [Server Configuration](server-configuration.md) - OpenVPN server setup
  • [Adding Services](index.md) - Configuring services
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=OpenVPN:Integration&oldid=260"