I have a server and numerous devices that are connected to an OpenVPN server run on a VPS with a cloud provider (Digital Ocean). I had to choose this set up due to firewall issues.
The server and devices get VPN addresses. On a VPN address, the server provides many open ports for different applications. Most of these applications use SSL, though it’s hard to verify all of them.
Could there be a security problem with this set up? What are common mistakes? How to improve this security?
The cloud provider of course see plaintext traffic. I suppose cloud provider could see for instance my nextcloud login page. Still they need SSL certificate to intercept data or login password. Some of the certificates are sometimes self signed and I suppose the cloud provider or whoever hacks the provider could man in the middle me. Or for instance could try a zero day vulnerability with nextcloud, for example, recent vulnerability with log4j.
What are the risks?