OpenVPN Pfsense Ubuntu Research Advice?

Hellur interwebz. I’ve just recently got my router and server spun up, have been researching networking and banging my head against imaginary walls for a month or so getting everything going, it really hasn’t been too bad and pretty durn fun. But I’m to the point where i have everything in place now/working, and need to decide on how to set the VPN up for my use case and just don’t understand the proper search terms to target in order to learn more about the use-case I’m trying to achieve, and don’t really understand what is and isn’t possible with my setup.

Client/Gaming PC – This computer will be relatively open on the network. Would like an xRDP session on VPN to my ubuntu desktop/server- but this is about the only thing i care to tunnel.
Ubuntu Desktop/Server- 24tb mirror on zfs, os=500g ssd etx4- want nextcloud, local and remote file sharing, etc. Static address that makes services easy to manage/expandable/accesable from outside this subnet?
Router- Qotom Pfsense 6 1gig nic’s 2.5ghz cpu
WAP- Some iot/tv’s to access ubuntu desktop/server file shares?

What I want from the VPN

  • Ubuntu Desktop/Server machine- As secure as is convenient- file share across local network- Remote file share for nextcloud/ homeassistant/ other services
  • Client/Gaming PC- Secure xRDP session to ubuntu desktop/server
  • Reasonably easy/ expandable (under 5 clients max) setup for remote clients - Low priority

Why are there so many tutorials and guides for paid PIA/other VPN providers on a Pfsense instance/box? Isn’t part of the point of having a Pfsense box to host your own VPN? Makes me think i’m not understanding something correctly. Outside of location spoofing, why would tunneling out of your own network through someone else’s obfuscate more data than doing it locally?

Is it possible/effective to avoid using external VPN providers, host my own OpenVPN server instance on my pfsense box, and assign a specific interface to the OpenVPN instance in pfsense that hands an IPAddress to the ubuntu server/desktop? (I understand that there will be some sort of client certificate/ installation here, but the way that happens varies so widely i can’t wrap my head around what to choose).

I read a lot today about tun/tap and bridging, but really have just confused myself into a corner on where to start. Does anyone have some good search terms, or threads, that would help me nail down what configuration i’m trying to achieve, so i can read more lol?

Thanks for any help yall are willing to offer, and let me know if i need to type more stoof.

To sort of answer your question… The main reason I need to tunnel my traffic to another location is because A) my ISP intentionally throttles my traffic through their tunnel and B) done correctly I isolate my VPN IP used to purchase things online from my banking app etc so they don’t get data on what I’m purchasing.

I even had to go to the extent of encrypting my DNS along with routing over wireguard because my ISP was doing deep packet inspection and looking at what services I was using. YouTube would load fine but then I’d switch over to Twitch or an online game and both my up and down speed would plummet

Basically you get the benefit of going around your ISP’s network tunnel if it’s clogged by piping your traffic through openVPN or wireguard to another location like a Linode server

Thanks for the reply! I think I was misunderstanding locally hosted VPN’s thinking that i could replace myself as a vpn provider with the same utility. I get that a locally hosted VPN server can tunnel traffic from outside clients to access internal network resources securely etc. But i think i expected a locally hosted VPN server and client to somehow offer more security than that same machine without a VPN when it comes to data you’re downloading over the WAN.

But it seems this isn’t the case, so i guess the point is to pipe your data to a modem that isn’t in your name, or less directly tied to you? Hence lenode use cases etc? I’ll have to rethink stoof now i suppose.