Hi Hammer,
Regarding the VPN part of your question:
Do you really want a permanent connection through OpenVPN for all your traffic through the B3?
I used my old B2 for such a setup for a while. The toll on the CPU because of encryption/decryption made it useless (100/100 Mbps reduced to something like 1.2).
http://forum.excito.net/viewtopic.php?f=9&t=3470#p19501
It was unreliable. It was horribly slow.
To make it start automatically was tricky - dependencies in the startup scripts only checked that the OpenVPN service was running and the TAP/TUN interface was available - not if it was actually working. A lot of "sleep", "ping", and other things went into customized scripts, and many hours was spent on this. Even when I got it working reasonably well, it was not good enough - I scrapped the whole project.
When it didn't work as planned (often because of timing (did sshd start before or after a VPN connection was established?)), the B2 became unreachable from the local network. Not a big deal, I could restart it - it was a spare machine not used for anything else. I would never set something like this up on my B3, which is the "production" machine. It is essential that it starts even if some dodgy company on the "internets" has their service up or not.
You can of course do what you want to do. Just install OpenVPN, and translate the instructions on the webpage into a config file that works.
When you install the openvpn package, you will get a bunch of examples for both client and server setups. The OpenVPN documentation on the web is one of the best I have seen - even if the extreme amount of information makes it confusing at times - every single configuration option is covered, and often with examples. There are tonnes of guides out there. The instructions in the link you posted would be enough to set it up on a headless Debian machine without the NetworkManager, plugins or applets installed without a problem.
The problem is: By setting this up you are adding another network interface to your B3. If you have the WiFi model, you've already got 4 (eth0, eth1, wlan0, br0) by default.
You have to be very careful introducing another one, and making it work with the others in a safe way.
My recommendation:
Install the VPN client on the machine(s) who are actually going to use it. They will have the processing power to handle the encryption without too much hurt, the B3 will just pass along the already encrypted traffic.
Or install OpenVPN on the B3, configure it carefully - but don't use it as the default interface. Start it when needed, not automatically (in other words: never rely on it working during startup - it is a single point of failure for your server, and in my experience it fails often). Configure services that should only communicate through your VPN solution so that they do exactly that.
Cheers,
/Cheeseboy
