<div dir="ltr"><div dir="ltr"><div style="font-size:small" class="gmail_default">Thanks for all the replies ...</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">I briefly looked into SSH tunneling, which I used decades ago but in a far simpler scenario (ssh access). </div><div style="font-size:small" class="gmail_default">It should work, and with AutoSSH, it should be more robust (restarted if traffic ceases, or daemon dies).</div><div style="font-size:small" class="gmail_default">But my conclusion is that it is only good for one (or a couple) of ports that one needs to open, and then gets complicated from there (one tunnel and one Systemd unit file per port), so that is a future limitation. <br></div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">Maybe I should try SSH tunneling first before delving into more complex solutions ...<br></div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">Complexity includes setting up for split tunneling, so that not all traffic goes through the VPN server.</div><div style="font-size:small" class="gmail_default">(e.g. large backups from one's laptop to the server, on the local LAN, now go to a third server, and back)</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">John, you confirm that a private VPN will get over the issue, and that is encouraging. <br></div><div style="font-size:small" class="gmail_default">Any specific reasons you didn't go for WireGuard?</div><div style="font-size:small" class="gmail_default"><br></div><div style="font-size:small" class="gmail_default">I assume that pfSense is not the only way to run it, and it can be run on a plain Ubuntu machine.<br></div></div>
</div>