101: VPN service

πŸ“‘ How to
, , , ,
1

Using a VPN service

An alternative to exposing your services directly to the internet is to use a VPN service in order to access your internal network, which can include Nextcloud and any other internal services.

  • User device β†’ traditional www proxy β†’ https://cloud.nextcloud.local
  • User device β†’ VPN access β†’ a.dd.r.ess
  • Please note the details of VPN’s and how to use them are well outside this document and community. We are here to get your Nextcloud working, that is all.
    • Any particular issues and support questions should be directed to those communities, such as OpenVPN community, Wireguard, etc.
    • Please do not ask support questions for VPN services here on the Nextcloud forum.

Who is VPN access for?

If you are uncomfortable making Nextcloud available on the public internet, or would rather not use a domain, then a VPN could be the answer for you!

  • Only people within your VPN will have any access.
  • Common in the private sector and useful to understand.

advantages

  • additional layer of privacy & security as Nextcloud is not accessible from the public internet.
    • IP forwarding will only apply to the VPN service itself (wireguard, OpenVPN, etc.)
    • Access other β€œinternal” services on your network, as you would locally.
  • no additional domain name, TLS certificate or DNS service necessary.

disadvantages

  • additional complexity
    • Managing your own VPN is similar to hosting your own reverse proxy.
    • Or, use a pre-made, hosted option (tailscale) to remove complexity of Wireguard, similar to choosing a DynsDNS service instead of paying to manage your own domain.
  • reduced user experience by design
    • User device must establish VPN access, then β†’ Nextcloud
      • sharing is only possible within VPN user group
      • collaboration is no longer an option for β€œexternal” people.
      • Users may require your assistance in understanding they must run an additional app or configuration file on each device to access the VPN.
        • If you reach this point, consider running an additional Nextcloud that is publicly accessible to those not wanting VPN access.
        • Hosted Nextcloud accounts are also useful for sharing and collaboration if you find one you trust. Worth considering a host in order to have public data an sharing, which can be federated back into your VPN-isolated instance.

Can I make use of DNS routing to access a VPN?

Yes, to learn more as an overview see split brain DNS explanation to get an idea of how it could be applied to split tunnel VPN systems as well to access specific applications, etc.

  • Advanced technical topic, which requires technical understanding of DHCP routing, DNS servers, Split Brain DNS, networking and firewalls.
  • No questions about this are supported here, because it is all based on that particular networking setup as opposed to Nextcloud. Sorry.

Wait, I would rather use a publicly accessible www address and skip this VPN stuff.

Good, Please see documentation on configuring your Nextcloud to use a publicly accessible domain as normal.

1 Like