I’ve set up a VPN at home and, honestly, in my config, it’s a PAIN! I have 3 routers that need to have ports opened and then I need to make sure that certificates and passwords are all secure.
Then I found Tailscale.com! What a breath of fresh air. Why didn’t anyone think of this before? Create an account on tailscale.com then install the tailscale service on the machine you want to be a part of the VPN and run it. The service connects to the tailscale server and it becomes an immediately available VPN target, complete with its own hostname (which you can change) and its VPN IP address. If you enable their “MagicDNS” in your settings then the hostnames all resolve to their VPN IP addresses (i.e. the hostname is first checked against the hostnames on the VPN before being checked against other DNS resolvers). Voila! No config, no ports to open, no firewall rules to manage! Now, when you’re away from home, you can get to your home server with confidence.
It’s free for a single hobby/personal user. There are a few restrictions as to how many subnets you have available but, honestly, if you’re a home user, the restrictions probably won’t bother you. It’s multi-platform with binaries for Android, MacOS, iOS, Windows, and Linux so you can connect just about anything you want. They’re on github at https://github.com/tailscale and a place to discuss it at https://forum.tailscale.com/. And, yes, you can use tailscale to act as a subnet router – https://tailscale.com/kb/1019/subnets/ – to get to those devices (e.g. printers) on which you can’t install tailscale.
Apologies for the delay between postings but I prefer to try the things before I post about them and tailscale took a while.