PromptQuorumPromptQuorum
Accueil/LLMs locaux/VPNs and Local AI: What You Need to Know
Privacy & Business

VPNs and Local AI: What You Need to Know

·7 min·Par Hans Kuepper · Fondateur de PromptQuorum, outil de dispatch multi-modèle · PromptQuorum

Remote team members can access the local LLM server via corporate VPN without exposing it to the public internet. As of April 2026, VPN + firewall rules replace cloud API subscription for distributed teams. This guide covers setup, performance impact, and security considerations.

Points clΓ©s

  • VPN protocol: WireGuard (fast, modern) recommended. OpenVPN (slower, wider compatibility) fallback.
  • Setup: VPN server on same network as LLM server. Remote users tunnel in via WireGuard.
  • Latency: +5–10ms per connection (typically imperceptible). Throughput = limited by internet bandwidth.
  • Setup time: 30 min (WireGuard) to 2 hours (OpenVPN + auth integration).
  • Cost: Free (open-source) or $50–200/year (managed VPN service if you don't want to self-host).
  • Security: WireGuard has 4,000 LOC (low attack surface). OpenVPN is 400K+ LOC (complex).
  • Encryption: Both support AES-256. End-to-end security (remote user β†’ VPN β†’ LLM server).
  • No split tunneling = company controls all internet traffic. Split tunneling = user routes non-LLM traffic outside VPN.

VPN Protocols: WireGuard vs OpenVPN

FeatureWireGuardOpenVPN
β€”β€”β€”
β€”β€”β€”
β€”β€”β€”
β€”β€”β€”
β€”β€”β€”
β€”β€”β€”
β€”β€”β€”
β€”β€”β€”

Setup: VPN Server on LLM Network

  1. 1Install WireGuard on VPN server (Linux VM on same LAN as LLM server).
  2. 2Generate keys: Private key (server-side secret), Public keys (distribute to clients).
  3. 3Firewall rule: Allow UDP 51820 (WireGuard default port) inbound from internet.
  4. 4Client config: Each user gets a .conf file with private key, server endpoint, allowed IPs.
  5. 5Client software: WireGuard desktop app (Mac, Windows, Linux) or mobile (iOS, Android).
  6. 6Test: User connects VPN, pings LLM server (should respond), runs inference via API.

Performance Impact

Latency: WireGuard adds 5–10ms. LLM inference already takes 10–100ms/token, so impact is <5% noticeable.

Throughput: Limited by your internet connection (e.g., 100Mbps home internet = 12 MB/sec = fine for LLM).

Example: Sending 10KB prompt + receiving 5KB response = 15KB total. At 100Mbps = ~1ms network latency (negligible).

Encryption overhead: Modern CPUs have AES-NI instructions. Encryption/decryption at 500Mbps+ per core.

Split Tunneling (Access Only LLM, Not Internet)

By default, VPN routes ALL traffic (internet + LLM) through corporate tunnel.

This can be slow if users want to browse the internet while using LLM.

Split tunneling = only LLM traffic goes through VPN, internet traffic goes directly.

WireGuard split tunneling example: `AllowedIPs = 10.0.0.0/24` (only LLM network).

Trade-off: Faster internet, but less security oversight (user can exfiltrate data outside VPN).

Recommendation: Split tunneling for users (better UX). Monitor with endpoint detection (CrowdStrike, Sentinel One).

Security Hardening

  • Firewall: Only allow VPN server to talk to LLM server. Drop all other traffic.
  • Rotate keys: Every 6 months, regenerate client keys. Offboard users: immediately revoke their keys.
  • Logging: Log VPN connections (who, when, how long). Audit quarterly.
  • Passwords: VPN server should use SSH keys only (no password auth). Password-less SSH via key pair.
  • Fail closed: If VPN disconnects, client cannot access internet (unless split tunneling enabled).

Troubleshooting Remote Access

Can't connect: Check firewall rules on router (UDP 51820 open?). Check WireGuard service running (`wg show`).

Slow inference: Check latency (`ping 10.0.0.1` inside VPN, should be <20ms). Check internet bandwidth (`iperf3`).

API timeout: VPN connection dropped. Check logs (`journalctl -u wg-quick@wg0`). Restart WireGuard.

One user can't access, others can: Check user's public key in server config. Regenerate key pair.

FAQ

Should I use a VPN or expose the LLM API to the internet?

Always use VPN. Never expose LLM directly to internet (DDoS, unauthorized access). VPN + firewall is secure.

Can users access the LLM API without VPN?

Only from LAN (same network). Remote users MUST use VPN. Or use reverse SSH tunnel (less secure).

Does VPN encryption slow down inference?

Negligibly (<5% impact). Modern CPUs can encrypt/decrypt at Gbps speeds.

Should I use split tunneling?

Yes, for better UX. Monitor with EDR (endpoint detection) for data exfiltration.

What if a VPN key is compromised?

Regenerate that user's key immediately. Old key becomes invalid. No retroactive access.

Can I use corporate VPN (Okta, Azure)?

Yes, better for large teams. But requires integration (RADIUS, SAML). WireGuard is simpler for <20 users.

Sources

  • WireGuard official documentation and quickstart guide
  • OpenVPN community documentation and OpenVPN Access Server
  • NIST Cybersecurity Framework: VPN best practices

Comparez votre LLM local avec 25+ modèles cloud simultanément avec PromptQuorum.

Essayer PromptQuorum gratuitement β†’

← Retour aux LLMs locaux

VPNs for Local LLM Teams: Remote Access, Security, Split Tunneling | PromptQuorum