Julian OliverWhy run your own Virtual Private Network, in 2026?
I wrote a post unpacking this Q, with a view to pushing folk to reclaim VPN technology in this neo-feudalist era of the Internet, clawing back autonomy (and privacy) from the big VPN providers.
Scott Murray 
@JulianOliver This is great. 😁👍
If I may ask… I already have a home server (NAS) and have considered running a VPN on it (among other services). However what always causes me pause is the potential vulnerability of opening an IP/port to the public internet while not trusting myself to “secure” it properly. Also, how to reach the home server that doesn’t have a static IP? (assigned domain name with DDNS?)
Do you have a general recommendation in that case?
Your essay has me thinking: run a VPN on a rented VPS, then have the NAS be just another client to the VPN (instead of hosting the VPN at home). Maybe that’s better but I feel silly paying extra when I already have invested in this nice box at home. 😅
OK that turned out pretty long — feel free to tell me “just take my course”. 😅
@scott Yes you are right. That NAS is behind your NAT, & so you want it on a VPN whose server is on the public Internet. That way you can reach that storage through the NAT, over the VPN, from any outside network.
Put your phone & laptop on the same VPN, ensure they can all talk to each other, & then you will be able to access that NAS when you are away from home.
There is no need for any port forwarding on the router. Just be sure to firewall, restricting access to your desired/needed ports.
@JulianOliver Amazing thank you for the reply!
Sounds like hosting the VPN externally (not at home) also has the advantage of: should the VPN host’s IPs get targeted (for some reason) it’s easy to abandon and spin up a new VPN on another server (as opposed to having your VPN and NAS etc all in the same location/IPs).
@scott Yes, that is an advantage. When 'up on a hill' on the public Internet, all your VPN clients connect to the VPN server from whatever hostile or finnicky network they are in, so escaping their constraints and confines. Meanwhile, none but the VPN server itself is exposed to any outside the VPN.
In fact a well configured VPN server needs just three ports open on the firewall: SSH (high port, tunnelled over the VPN is good), the chosen VPN port itself, and port 53 for DNS.