I decided to dive into a new area of networking for me, a VPN. Here is the situation.
I have my home network, and my work network, both of which I administer to the best of my limited abilities. At work, I have a Debian server running a web based CMS that I don’t want to have on the open web because of the personal information in it. I would like to access this CMS from my home network when I’m working from home. I would also like to have a git server that I self host at work where I can have a versioned backup of all of my configuration files or dotfiles instead of hosting those on Github so that I avoid having those out on a public server, just in case I make a mistake one day and git commit a config file with a secret that shouldn’t be out on the Internet. I could easily run that on this Debian server at work as well.
I have a RPi that I have set up PiVPN on as my Wireguard server. All of this is working great, and using this article WireGuard in NetworkManager – Thomas Haller's Blog I got my wireguard profile for my home computer running Fedora 35 connected to the VPN using the nmcli connection import type wireguard file "$CONF_FILE"
command that he highlighted. From home I can ssh into the RPi using its DHCP reserved IP address (which is a different subnet than my home network) so I should be able to access the web app CMS in my browser by just going to its DHCP reserved IP address in the address bar.
Here are my questions:
-
After running the above command my VPN tunnel was active and I could ssh into the RPi back at work that was running the Wireguard server using PiVPN. Does that mean that all of my internet surfing was going through the tunnel, so that if I wanted to surf to hulu.com it would go through my VPN tunnel and use the work internet connection so I could stream a show?
-
I only need the VPN to securely access the Debian server at work and the RPi (the only two computers that are running after work hours on that network anyway), can I configure my VPN connect on the Fedora 35 home computer (which is really just a client) to send only my ssh or use of the web app CMS through the tunnel and everything else through my home internet connection?
-
Is it best to just have the VPN tunnel active when I want to access those work computers and then shut it down afterwards? If so what is the command that I would use, to start and stop that connection? Something like
nmcli connection down "$NameofVPNConnection"
and thennmcli connection up "$NameofVPNConnection"
?
If anyone has some articles or documentation I could read to gain a better understanding of this technology, I would appreciate those links as well. A couple attempts at Googling haven’t given me the clarity I was hoping for. Thanks everyone.