Opening/forwarding ports is risky as anyone can discover them and run exploits against whatever is listening. Someone really clever/determined could snoop on any unencrypted traffic you might send.
With OpenVPN you open only one port which allows in only encrypted connections from trusted machines. Those machines can then freely do anything as if they were on your local LAN, no need to open/forward any more ports.
So it's a good idea. We have to very much trust OpenVPN to do its job properly but better to trust one app than several.
For extra security have OpenVPN listen on - or forward on the router from - a random port rather than the default. But I had to edit its user key file to do that :-S
Neil
On 20/03/2014 17:20, Chris Green wrote:
I keep thinking that a VPN might be what I need, but then when I look at VPN documentation etc. I wonder whether it is what I need.
So, if I set up an OpenVPN server on my home desktop machine (which stays turned on all the time) and set up access for me as a client from my laptop, what does it mean that I could do that I can't do already? Or, maybe more to the point, what does it make it easier to do?
(Note that my home desktop is visible at a fixed IP address from the outside world and I can open up any additional ports through the firewall if necessary.)