How to set up a VPN connection for both traffic encryption and secure point-to-point access to a remote server?

Question

I live in a country (USSR) that does internet censorship, but doesn't (yet?) go so far as to shut off foreign internet altogether, implement "white-list" Great Chinese Firewall or ban encryption. I would like to set up a VPN connection on my home router and rented foreign VPS server (say, in Helsinki) with OpenVPN to fully encrypt traffic and safely and reliably circumvent the censorship systems.

The thing is, while I'm doing this, I could as well set up a point-to-point encrypted secure connection to my server in Amsterdam.

How should I set up a system for such use? I am familiar with Ubuntu and command-line.

I think if I go into all the trouble, I could as well set up VPN on a home router (I know it supports VPN), but could I set up VPN at the level of an individual computer or individual application?

b) access a closed (corporate) network that only accepts outside connections through VPN. First and foremost I had (a) in mind, but now I think if I could have (b) as well. How do I set up a system for such case? Say I'm in Moscow, my VPN server is in Helsinki and my server is in Amsterdam. My connection goes encrypted from Moscow to Amsterdam, but my destination server is further yet, in Amsterdam, so from the VPN endpoint onward it should go as a regular, unencrypted connection; it would be better to have it encrypted all the way, but.. then I wouldn't need a server in Helsinki, or would I?

I am somewhat familiar with Linux, command line and server administration, just confused about how encryption works in this case.

I use a home router that should support VPN for all my home devices nicely.

Answer 1

There are a few different configurations that could solve your problems.

1. Set up one OpenVPN server (my preference would be on the server in Amsterdam) and both your home router and the server in Helsinki as OpenVPN clients. The client-to-client configuration option will allow you to see your Helsinki server through the VPN from home.

2. Set up a VPN server on the Helsinki server and set up routing for VPN connections. This seems the most complicated option for the least gain.

3. Set up OpenVPN servers on both units and connect to them individually from home. A big downside here is that you'll have to maintain two CAs or manage passwords in two places.

Personally, I would go with option 1 as you will only need to maintain one CA, etc. OpenVPN has a good HowTo with example server configuration and/or client configuration files.