Back to blog

Breaking Through 5G Barriers: How Hohenstein Digital Fitting Lab Unlocked Remote OpenVPN Access

Discover how a cutting-edge digital fitting lab turned a challenging 5G connectivity limitation into a streamlined remote access solution using Portier's innovative approach.

Portier Team
June 1, 2025
8 min read
case-studyopenvpnnas5gdocker

When the team at Hohenstein Digital Fitting Lab faced a seemingly impossible networking challenge, they turned to innovation to find their solution. Their story perfectly illustrates how modern problems require modern solutions – and how Portier makes the complex simple.

The Real-World Challenge

Picture this: You're running a state-of-the-art digital fitting lab with a Synology NAS server that needs to be accessible from anywhere in the world. The catch? Your internet connection is a 5G cellular uplink – blazing fast, but without a static public IP address. Traditional VPN setups just won't work in this scenario.

This was exactly the situation facing Hohenstein's team. They needed secure remote access to their OpenVPN server, but conventional networking approaches hit a wall when dealing with dynamic 5G connectivity.

The core challenge: How do you provide reliable OpenVPN access when your server sits behind a dynamic IP address that changes without notice?

The Elegant Solution

Instead of fighting against the limitations of 5G connectivity, the Hohenstein team embraced a cloud-native approach using Portier. By leveraging the NAS server's built-in Docker capabilities and Portier's client-side forwarding, they created a bridge that makes their OpenVPN server accessible from anywhere – regardless of IP address changes.

Here's how they transformed their challenge into a success story:

Setting Up Your Digital Bridge

Step 1: Register Your NAS as a Portier Device

The journey begins with a simple registration process that takes just minutes:

  1. Visit portier.dev and log into your dashboard
  2. Navigate to Devices and click the friendly "Create" button
  3. Give your device a name – something memorable like "Lab-NAS-Server"
  4. Secure your credentials – note down the generated device ID and create an API key (remember, you'll only see this once!)

That's it! Your NAS is now ready to join the Portier network. 🎉

Step 2: Prepare Your Credentials File

Time to set up the connection between your NAS and Portier's cloud infrastructure:

Open your NAS dashboard and navigate to File Station. Create a new folder called portier under the /docker directory – this will be your command center.

Inside this folder, create a file named credentials_device.yaml with your device credentials:

APIKey: 037*****-****-****-****-******a43898

Pro tip: That simple parameters is all you need to establish a secure connection to Portier's infrastructure!

Step 3: Launch Your Portier Container

Now for the magic moment – bringing your setup to life:

  1. Open Container Manager on your NAS
  2. Import the image marinator86/portier-cli (grab the latest -amd64 tag)
  3. Configure your container with these settings:
    • Auto-restart: Enabled (for peace of mind)
    • 📁 Volume mapping: /docker/portier → /config
    • 🌐 Network mode: Host network
    • Run command: run -t /config/credentials_device.yaml

Watch the container logs for this exciting confirmation message:

uplink event received: {connected Connected to portier server: wss://api.portier.dev/spider}

When you see this, celebrate! 🎊 Your NAS is now successfully connected to the Portier cloud.

Step 4: Configure Your OpenVPN Server

Set up your OpenVPN server on the NAS as usual. In this case, let's assume it's running on port 1194 (the standard OpenVPN port). The beauty of this approach is that your OpenVPN server configuration remains completely standard – no special networking tricks required.

The Client-Side Magic: Using the Forward Command

Here's where Portier truly shines. Instead of complex server-side configurations, all the magic happens on the client side using the simple forward command.

Step 5: Accessing Your OpenVPN Server from Anywhere

When you need to connect to your OpenVPN server from a remote location, the process is elegantly simple:

On Your Client Machine (laptop, home computer, etc.):

  1. Install Portier CLI and login:

    portier-cli login

  2. Register your client device:

    portier-cli register --name myLaptop

  3. Use the forward command to access your NAS:

    portier-cli forward Lab-NAS-Server:1194->1194 --no-tls

That's it! The forward command:

Why --no-tls? In this specific use case, we disable Portier's TLS encryption because OpenVPN already implements military-grade encryption protocols (typically AES-256). Adding another encryption layer would create unnecessary overhead without security benefits. OpenVPN's proven cryptographic implementation handles all the encryption we need.

Step 6: Connect Your OpenVPN Client

Now your OpenVPN client can connect exactly as if the server were running locally:

Configure your OpenVPN client to connect to:

Connect normally:

# Using OpenVPN command line
openvpn --config your-config.ovpn --remote localhost 1194

# Or use your favorite OpenVPN GUI client
# pointing to localhost:1194

The Beautiful Outcome

What Hohenstein Digital Fitting Lab achieved is remarkable: they turned a connectivity limitation into a competitive advantage. Their solution is:

Advanced Usage Patterns

The forward command opens up numerous possibilities beyond basic OpenVPN access:

Multiple Service Access

# Access OpenVPN
portier-cli forward Lab-NAS-Server:1194->1194 --no-tls

# Access NAS web interface simultaneously (with TLS for web traffic)
portier-cli forward Lab-NAS-Server:5000->5000

# Access SSH for administration
portier-cli forward Lab-NAS-Server:22->2222

Temporary vs. Persistent Connections

# Persistent connection (saved for future use)
portier-cli forward Lab-NAS-Server:1194->1194 --no-tls

# Temporary connection (not saved)
portier-cli forward Lab-NAS-Server:1194->1194 --no-tls --no-persist

Custom Local Bindings

# Bind to specific local interface
portier-cli forward Lab-NAS-Server:1194->127.0.0.1:1194 --no-tls

# Use different local port to avoid conflicts
portier-cli forward Lab-NAS-Server:1194->11194 --no-tls

Why This Approach is Revolutionary

Traditional VPN-over-VPN solutions are complex, fragile, and performance-heavy. Portier's client-side approach is fundamentally different:

Traditional Approach:

  1. ❌ Configure complex port forwarding on router
  2. ❌ Manage dynamic DNS services
  3. ❌ Handle firewall traversal
  4. ❌ Worry about IP address changes
  5. ❌ Debug connection issues across network layers

Portier Client-Side Approach:

  1. ✅ Register NAS device once with Docker container
  2. ✅ Run portier-cli forward command from any client
  3. ✅ Connect OpenVPN client to localhost
  4. ✅ Everything just works, everywhere
  5. ✅ No server-side configuration changes needed

Security Considerations

Portier's approach actually enhances security while simplifying setup:

Looking Ahead

The Hohenstein team's success story demonstrates how Portier bridges the gap between traditional networking challenges and modern connectivity solutions. Their client-side approach works seamlessly, making remote access invisible to applications while providing rock-solid reliability.

The key insight: move complexity from the server to the client, where it's easier to manage and doesn't require infrastructure changes.

Stay tuned for our next deep-dive where we'll explore how development teams are using similar client-side patterns for remote hardware access and share more real-world success stories from the Portier community!

Have a similar challenge? We'd love to hear about it! The Portier community is always ready to help you find innovative solutions to complex networking problems.