ok the thing is i want to have VPN to encrypt my traffics and downloads. but still i need to be able to access my computer from outside, coz i've plex and file server set up on that computer.
so specifically, can i direct everything through VPN except expose webdav and plex to unencrypted route?
I suppose you have the following setup:
Switch/Hub/WiFi AP -
Broadband_Router -
WAN
Let's think on the possibilities:
1. LAN -> WAN way:
Inside your LAN, I don't know why you need encryption, but if you really need it, it will only prevent members of the LAN from reading your traffic. Once the data gets into the internet, it will become unencrypted.
2. WAN -> LAN way:
Now it makes sense encrypting your traffic, and you can encrypt everything from your remote station until it reaches your MacMini.
In my Mini, I did a "VPN-like" connection in the following way:
1. I enabled remote access and screen sharing on my Mini;
2. I created a port forwarding from 443 (exposed port on WAN) to the MacMini's port 22 (SSH);
3. In the remote (WAN) computer, I created a tunnel to my home Mini with the following shell script (mytunnel.sh):
Code:
#!/bin/sh
ssh -NfL 5900:127.0.0.1:5900 -p 443 $1@$2
Usage exemple:
Code:
./mytunnel.sh MacMiniUsername BroadbandRouter_WAN_IP_Address
This command will basically allow that I access my MacMini screen through the Screen Sharing app. Then, to connect remotely to my Mini screen when I'm outside home, I basically have to do:
open vnc://localhost
This will show my Mini's login screen. I don't know if OSX screen sharing estabilishes encrypted connection, so I created a VNC tunnel just for prudence. Remember to decrease the screen resolution on your Mini equal or below 720p. Otherwise, the connection will be very laggy.
A similar approach can be done to connect to a FTP service running in the Mini. Just create a port forwarding on your router to your Mini and change the tunnel command properly, like:
Code:
#!/bin/sh
ssh -NfL 21:127.0.0.1:21 -p 21210 $1@$2
where 21210 will be the port configured in your router to be redirected to your Mini's port 21.
So, if you want accessing both your FTP and ScreenSharing (VNC), you'll need to run the two scripts, like:
Code:
./myvnctunnel.sh
./myftptunnel.sh