I admit that setting up the local VPN server was easy only thanks to the fully customizable firmware that operates on my router (an Asus RT-AX88U, if you want to know). I can outline the procedure I followed, but I cannot write down a step-by-step solution since it won't be applicable to all the cases.
I can give you a link of a really detailed procedure that includes installing a custom firmware if your router supports it. Briefly, it boils down to three steps:
- Setting up the VPN server: installing the OpenVPN packages and creating the certificates and keys for both the server and the client(s)
- Putting together an OpenVPN configuration profile for your client. Once your server is configured, it provides you with a generic profile to which you have to add the certificate and key that you created in step 1. You will also have to create at least a pair of user credentials (username/password) for your client: this can be done once again during the server configuration.
- Installing the VPN client on your remote machine and connecting to the server with a simple
openvpn --config your_profile.ovpn
.
Be careful that, if you are connected via SSH to your remote machine, it's very likely that the connection drops because of the way the VPN server works. In brief, this happens because when connecting to the VPN server, you are suddenly changing the default gateway: the traffic that came in from your local machine through SSH is now going back "from a different route", and that breaks the SSH tunnel. Here is explained better, but the quick solution is to add an additional route to your remote machine before starting up the OpenVPN client with
sudo ip route add -host <public IP of VPN server> gw <default gateway of remote>
Another issue related to this is that if your ISP assigns you a dynamic IP (which is very likely: either you pay for a static IP or you are on some kind of Virtual LAN which can happen if you are connected to an optical fiber network). If that's your case, don't despair: the guide of the first link explains how to deal with it with Dynamic DNS. I know that it seems very convoluted, and the truth is that it's indeed a complicated setup and a lot of networking concepts are overlapping. Yet, the guide above is very thorough in explaining all the steps. That guide also assumes that you are doing all your configuration on Windows, so you should be more comfortable and maybe you can avoid using the WSL.
Once all is set on the VPN side, then your remote machine will have a new IP address in the subnet created by the VPN server. That's the address you should use in the "Kernel configuration" profile in Wolfram Mathematica/Desktop. On my machine, the configuration is the same I wrote here a couple of posts above.
As I said, I have to find out the proper way to start the VPN client automatically. That means that there should be a way to store the credentials securely, but at the moment I don't know how. Also bear in mind that I have just run a few simple tests and I want to work with it more extensively to be able to report any issue or other problems that may arise.
If you have questions, I will try to answer at best of my knowledge.