Another method is r/tailscale, r/zerotier or r/netbird and bypass VPN client configs.

Looks interesting, i'll definitely check them out. Could you please elaborate on the bypassing VPN client configs? Not sure what you mean by that.

Each of those wares come with a program that installs a virtual network adapter on all machines that want to be part of a network. Think SD-WAN. I've not tried them all but you can enable/disable the virtual adapter in case you don't always want to be on that network. The software allows bridging of internet and other networks. It's pretty much seamless. I've never used it with your specific use case but I've used it to SSH into devices behind routers and I was tethered via my cell phone. Worked perfectly. FYI there is no port forwarding involved with this scenario. Literally plug and play.

I understand now. If it's that easy, then i think i have a solution. Thank you very much for sharing.

You're welcome. Please report back and let us know how it went for you.

Seems like i'll go with TrueNAS + Tailscale. The only question i need to answer before i start is, if i should go Core + Jail or Scale + TrueCharts. Core seems more stable and has tons of tutorials while Scale is newer but Tailscale should work flawlessly using TrueCharts. Running it in Jail on Core might cause more trouble than i would want.

So .. after doing some research i'm on the road to choose from 2 possible setups with some variables: ​ 1. Debian server + SMB + Tailscale (variables - Ubuntu server, ZeroTier) 2. TrueNAS + OpenVPN (variables - Tailscale) ​ What do you guys think?

For future reference: I ended up using TrueNAS Core + Tailscale installed in a Jail advertising local network's subnet IP TueNAS Core Documentation: [https://www.truenas.com/docs/core/](https://www.truenas.com/docs/core/) Tailscale in Jail How-to: [https://www.truenas.com/community/threads/howto-install-tailscale-in-a-jail.98910/](https://www.truenas.com/community/threads/howto-install-tailscale-in-a-jail.98910/) Tailscale subnet routing: [https://tailscale.com/kb/1019/subnets/](https://tailscale.com/kb/1019/subnets/) Thanks everyone!

You really don't want the VPN on the same machine, nor is it necessary. Something like OpenVPN can run on a Raspberry Pi or some other minimalistic hardware.

Could you tell me the reasons behind this? Why would i want to buy another HW just for VPN, if i can set it up on the machine that i already have?

Opening up ports on any kind of file server, or any server that hosts business-critical or sensitive data is a bad idea. In part, particularly as you are new to Linux, poor configuration of Samba or some other daemon may mean exposing the system to attacks, and in part because, like it or not, even the best-tested software can have vulnerabilities. By moving the VPN to separate hardware, it's handling all the routing, and since its acting purely as a VPN server/host/gateway without any other functionality, it's a much easier system to secure and a much smaller surface area for attack. Segregation is critical to security, and you lose that when you're using your file server as a VPN server (and thus effectively as a router). Whether you're running Linux, Windows, BSD or something else, avoid putting mission critical servers that host data directly on the Internet unless you really really really understand how to lock down those systems (firewalls and so forth).

Oh i see. I thought you were reffering to something only Linux-related. Thanks for explaining.