Purpose of OpenVPN
@eddowding Yes, this is right. OpenVPN is much more used like VPN was intended to be used for. Secure the network transport layer to your "network". So a common use case for using OpenVPN for private is that you can secure the access to internet when you don't trust the WiFi access you might have in a Hotel or at the Airport and so on...
I see several use cases for OpenVPN on a Cloudron instance:
- If you are running Cloudron on your local network (aka home server), it is your gateway from the Internet to your home network.
- If you're running Cloudron on a VPS in, say, the US and you live in Europe, you can connect to geo-restricted services like pandora.com
- You are at a conference like Chaos Computer Congress with open wifi, you need a secure connection to the internet because of possible hacks
- You have different computers on different networks and want to build a connected network? Use openvpn on a Cloudron instance and all computers are connected by a private network
- Install more than one Cloudron instance on different geographical locations and you have something similar to NordVPN.
Adding to that.
Cloudron can be your "bastion" host with the OpenVPN app.
One recent example I setup for a customer.
He has an ERP system and wanted to use Metabase for some custom views / exports.
So here we go, setup the firewall to allow this one Cloudron to access the DB port.
Setup the DB to only allow external connections from Cloudrons public IP.
Install Metabase on Cloudron setup everything, done.
Where is the OpenVPN part?
Well he has developers who also wanted a live connection for fast db dumps.
Now they can enable OpenVPN to BE the Public Cloudron IP and just dump it.
Also yes, the external connection is only allowed via. specific users with specific DB read-only access.
Don't want people accessing the DB anymore? Stop the OpenVPN app for everyone.
Only want specific users to access OpenVPN? Cloudron / LDAP User Management.
The list grows
If you host at home, OpenVPN can be your access to the local network, e.g. to SSH into your instance if you have disabled external SSH access (which is advisable when at home).
I also have access to other tools on my server (Plex etc.)
(TBH, these days I use Wireguard, courtesy of my AVM Fritz router - but before that, OpenVPN on Cloudron was the way to go...)