VPN will it solve my problem?

Not quite. NordVPN serves a different purpose than what you're looking for.

You need to run a VPN server(usually on the network that you want to access from somewhere else). I don't know how this is implemented on your router specifically.

Once that's done, you can connect to this server from your devices when you aren't at home, and access everything as if you were on your home network.

TP-Link has this guide: www.tp-link.com/.../

 colporteur first I need some answers if it windows no luck (dont use it) But if you use a Linux distro, btw all I use here is Debian its a very easy thing what you want to do is install on host or sever put ssh server on it on your client put ssh client on it. Now the thing you will need is you fixed address of the host (server) and generate a key. put the info on the client. thats it.  check the web for more details ~~~ Cris.  

Hi Sean,

I think best advise is to avoid accessing your home network completely if you can avoid it. Corporate VPNs have the luxury of having decent equipment and up-to-date software and configs that are well tested. For home use, there are lots of decent services to file share, and they are very safe. 

I use Onedrive, but there are others that are just as safe and easy to use. An alternative might be box.com but I've not used that in ages,

For me, OneDrive is effectively free because it came with Microsoft 365 (which gets me the entire Office suite and e-mail, for a very reasonable cost which is even lower with family packages).

Even if you need access to your network for any other purpose, it would be great to hear it, because there's likely going to be a good alternative solution for most use-cases, that avoid requiring a VPN.

"Corporate VPNs have the luxury of having decent equipment and up-to-date software and configs that are well tested."

I believed that too, until I actually saw what companies are actually doing, and now I'm wondering how the world hasn't imploded yet.

OpenVPN and Wireguard for example, are very secure, and if properly configured, they won't cause any issues. I'd go as far as trusting them more than what Microsoft/Amazon/Google/whoever else are doing.

I'd argue that an exposed Wireguard server for example, would be more secure than an SSH server. There are a huge number of "bots" scanning for exposed SSH servers and trying to brute force logins, causing significant load on the server. In comparison, a Wireguard server's exposed UDP port will never reply to requests unless properly authenticated, making it very very difficult(if not impossible) to even find the port of the server.

If exposing an SSH server, it's a good idea to have port knocking and/or fail2ban set up at the very least.

There are, for sure, backward companies, and all bets are off with what they do.

However, the reality still is that one should be extremely wary of opening a port on a home-grade, very typically underpowered (especially for TP-Link! - that's business-as-normal for their products) router, which could fall over at any time with a flood of traffic, might well be running ancient firmware (it's an end-of-life router as it is), and then also maintain the software or OS install to be up-to-date too, which might be running on some PC with a network interface, both of which were never designed for acting as a server in the first place.

There often is no major benefit to all that risk when it's possible to use a cloud service to get many things done instead.

I reached out to a buddy of mine that offers client web services. He uses a Ubiquiti UniFi Dream Machine Router. It contains an OpenVPN server that he can connect do using a VPN client. I'm thinking this follows the suggestion of  vmate of using a VPN server.

I've exposed ssh on public facing routers and the connection attempts logs once discovered are in the 100K range from failed attempts. Wireguard and OpenVPN have some appeal. PiVPN uses the pair. Pi solutions are something I would attempt. Unfortunately time to develop and feel comfortable are not a luxury I have.

I'm thinking the over the counter solution (will cost some coin) is the option I'm looking at. The person who provided the recommendation has some experience I trust. He has been using the router on his network for a year and is satisfied.

Thanks folks for providing feedback. I do miss my IT coffee buddies since I retired. I enjoy sounding ideas and the discussion that follows.

Since my last post I've been in VPN purgatory. The procedure in the router manual is not complete. As you read posts of a search of why it doesn't work, you discover a number of changes that need to be done to the OpenVPn file generated at the router. I have discovered Dynamic DNS is a must if you are using Musk's Starlink constellation. The IP changes at the same rate as a toilet seat goes up and down at a mixed party.  The VPN still doesn't work on MS or Ubuntu Linux O/S.

I did invest in PiVPN and got OpenVPN to work from a Windows client. I was hoping I could get the AX11000 router VPN to work so I could avoid hanging another device off the network but that hope is fading fast. I have one more attempt to make with the router and then I will pickup where I left off with the PiVPN. 

Another option if you're behind CGNAT or have a constantly changing IP, is to rent a super cheap VPS, and run the OpenVPN server on that, and connect to it from your home router. You can "publish" routes to your home network even when connecting as a client, so any other device that connects to the server will be able to access your home network.

See this for a more detailed description:
wiki.archlinux.org/.../OpenVPN