Security benefits

What does OpenVPN do for security?

OpenVPN has been used for close to 20 years for remote access to secure applications and services. It's used more for this application in the business space, with corporate VPN systems that give you access to a corporate network from home, or let you access specific resources from the office. We're just using the same sort of system to secure your servers. With the way that we run OpenVPN, we're able to take services entirely off of the internet so that the panel, web-servers, files, databases and any other services simply cannot be accessed over the internet, which makes it extremely difficult to compromise from an attacking standpoint. After all, it's very difficult to attack something you can't see.

By running everything locally, we are able to also prevent application-level exploitation, meaning even if there was a vulnerability in the login system of Pterodactyl, it wouldn't matter too much as an attacker wouldn't be able to get to the login screen to exploit it, and the same goes for any other services we run that are behind OpenVPN.

In all, OpenVPN allows us to hide services from plain view, ensure that only the correct people can view your sites, panel, and other services while also protecting these services from exploitation and minimizing the attack surface.

In addition to all of that, when using , it can compromise security to have these services accessible over the internet, and point a domain to these services with a public IP, an attacker can figure out the panel URL, and just do a quick ping to get the IP address of the machine, while Cloudflare and other proxying solutions can be used these are often ineffective at concealing the machines IP address and so with the VPN, we can just point the domain to a local IP which is useless to an attacker.