Apologies on my delayed response. I've had my head down trying ot push v15.0 out the door. Getting really close...

You shouldn't need a VPN, although if you hope to use SMB filesharing (i.e. via Windows fileshares) then yes you might want to use a VPN. Also I guess if you don't want WebUIs (etc) publicly accessable and don't trust password protection that may be another reason to want a VPN. AFAIK other than SMB, all other communications should be secure enough and require password authentication.

Depending on how you have it set up, you don't need to have OpenVPN running on the same server, just on the same network. Personally, rather than install stuff bare metal, I much rather have a hypervisor, then separate VMs for each function. That does mean a bit of redundancy, but IMO that's a good thing! If my fileserver goes down, then I can still access my LAN via SSH and debug it remotely. Obviously the hypervisor itself and my router are points of failure, but other than that, it's highly unlikely that everything will go down at once.

Having said that, if you've set things up already, then redoing everything from scratch probably isn't ideal! So from where I'm sitting you have 2 options:

• install OpenVPN on your server and configure it yourself
• install a TurnKey OpenVPN container on your current system
• install TurnKey OpenVPN on another machine (perhaps bare metal, or better still as a VM)

If you already have everything on a single (bare metal?) server, then 1 probably makes the most sense. But there isn't any easy way to do that using TurnKey. You'll need to install it from the repos and configure it yourself. You can download and use the helper scripts that we provide, but it will involve a bit of work on your behalf and a bit of trial and error.

The second option is another option that would be relevant if you have a bare metal server and want everything running on single hardware, but don't want to have to work out OpenVPN from scratch. The downside to that will be that you will need to work out Docker or LXC instead. On one hand, the OpenVPN side of things should mostly be a bit easier, but you may have issues specific to Docker or LXC. It will also require learning about whichever of these containerization technologies you choose. Personally I'm much more familiar with LXC, but Docker is incredibly popular so may be a better choice. In case you haven't heard of either, they're sort of like a VM, but have a much lower overhead because they leverage the host OS directly.

The third option will likely be the easiest option. As I noted before, personally that's more-or-less how I do things. I have Proxmox installed on bare metal, then have everything installed as either a (LXC) container or a (KVM) VM. FWIW on 10 year old desktop If you have a desktop that you can leave on when you're out, then you could just install VirtualBox and install TurnKey OpenVPN on that. You'll just need to make sure that you start it before you head out! And/or never turn that desktop off... Not ideal really but another option...

Another option (which I didn't mention in the list - because it's hardware dependant and may not be an option) is that some routers support VPNs, mine actually has OpenVPN pre-installed. So it might be worth checking if that's an option on your network (assuming you have a router)?