Need a precise VPN/proxy configuration?
Need a precise VPN/proxy configuration?
So again, it’s just me with my precise questions I can’t find online. I’m searching for a particular setup involving VPNs, proxies, or similar tools that would effectively act as a barrier between users’ devices and the services your home server offers. Basically, I want to create a sort of “gate” before connecting to the games or other resources. My goal is to follow this path: [Client on someone’s computer] → [software on that computer] → [service on my server] → [actual game server]. In short, the end user enters a fake IP (like 127.0.0.1:7777) into the client, and suddenly they’re linked to your server. What I don’t want is:
- Overly complicated configurations for users who aren’t tech-savvy
- All traffic passing through the solution (e.g., Windows VPN)
- Licensing issues or restrictions on free versions
- Extremely hard-to-maintain, poorly documented server software
- Custom client identification methods (not just IP addresses)
- Flexible port selection to avoid constant updates
- Linux support for servers and Windows support for clients
- Port flexibility without forcing clients to change every time
- Clientside Windows support (especially important)
- No need for complicated setup or hidden costs
What I really value:
- Some form of client verification, not just IP-based
- Ability to open specific ports dynamically
- Linux compatibility on the server side
- Windows client support (preferably built-in)
- Portability of the client side (no installation needed)
- Flexibility in licensing and costs
- Good documentation
What I don’t care about:
- The exact implementation details (as long as it works)
- Encryption handling (everything should already be WAN-ready)
- Server setup being too simple or confusing
- Out-of-the-box VPN solutions that forward everything
I’ve tried or eliminated options like Hamachi, TeamViewer VPN, and OpenVPN, but none fit the picture I’m going for.
I recommend using OpenVPN. You mentioned trying it, yet it seems you missed the option that manages routing through the connection. Typically, the OpenVPN server should include a setting like "RedirectGateway" which tells clients to use the tunnel as their default gateway. You can disable this on the server or set it to ignore in the client command: "Ignore RedirectGateway". Once adjusted, configure your clients to send traffic specifically to your game server via the tunnel—use a /32 subnet for precise targeting, like "route 192.168.1.152 255.255.255.255". The main issue is avoiding conflicts with devices already using that IP in their local network. TL;DR: OpenVPN handles routing by default, but you need to modify the server settings accordingly.
I haven't explored OpenVPN too deeply because its client feels overly complex for some users (yes, that's a big deal), and setting up the servers is more involved than I'd like. In reality, it means I also need to create a barrier on my end to control access, which isn't what OpenVPN aims for. I've tried using OpenVPN as a VPN in the past, but it turned out to be more trouble than it was worth. Your approach also demands some familiarity with clients' home networks, which is beyond my current needs. Plus, it hasn't been consistently dependable for me.
You manage nearly all aspects from the server side once a client joins, particularly when using solutions like PFSense or OPNSense as your OpenVPN gateway. These platforms offer straightforward export options for configurations and certificates into one file. Unless a solution restricts access to specific processes or ports, you may still encounter problems. The best approach is setting up a DMZ zone where the OpenVPN and game servers reside, isolating them from your main network. OpenVPN functions as a general-purpose tool without being tied to a single application. Your focus should be on the standard installation setup, selecting a subnet such as 10.196.130.0/24 for both VPN and game server networks. Conflicts will only arise if another device uses the same subnet locally. This guidance applies regardless of the underlying technology.