Using Balena's openVPN connection to as general purpose VPN

I’m currently looking for a VPN solution to make devices on the Balena device’s local network available to users on their laptops. A classical VPN use case that looks basically like this
<[n]local network devices e.g. in 192.168.0.0/24> - <[1]Balena device> - <[1]VPN Server> - <[n]end user laptops>

There’s no shortage of VPN solutions for that. However I was wondering if it’s possible to set that up using the already existing Balena openVPN. Routing to provide routes between Balena’s openVPN and the local network devices should be possible, but is there an easy way to connect to the Balena openVPN from a laptop and get access to a certain device? SSH is a bit tricky since it should be an abstract solution working for all kinds of ports and for users with little IT/networking knowledge.
I don’t expect the Balena openVPN to be capable of that since it’s clearly not designed for this use case but I still wanted to check before setting up a separate VPN.

The use of openVPN has sometimes given the impression that it can be used as a general-purpose VPN, but as you rightfully mention, it should not be used as such. The component that uses openVPN was actually renamed to CloudLink, to try to remove some of the confusion. This change is explained in more detail in this blog post.

2 Likes

Just to follow up, while you are looking at alternate VPN solutions I would recommend trying Tailscale as a subnet router.

It’s simple to deploy as a service container on balenaOS, and we have the wireguard module in our kernel so you can enable that for the performance benefits.

Here’s an example of a deployment to join a Pi-hole instance to a Tailnet:

If you try that approach you can change the value of TS_EXTRA_ARGS to enable the subnet router features.

Best of luck!

3 Likes