I actually bought an banana pi (not pro) today and have a similar vision of using my BaPi as a standalone media / file server. As my current setup is using a physical PC, the power consumption is to high for these basic tasks, so it makes allot of sense to use a low-power solution to share my personal files.
The experiences I have so far with OpenVPN, FritzBox (which I assume you are using, living in Germany) and DynDNS No-IP.com, are shared below.
TL;DR: When setup OpenVPN correctly the security threats are really minimum to non existing as it is very difficult to intercept.
If you do want to be a bit more secure, as it is actually more security by obscurity, you can have a look at below tips.
Using DynDNS like no-ip.com
As this is it a very straight forward solution to a good cost friendly solution to forward your IP Address. It is also a very good way for hackers to look up for less secure home servers and exploit some security threats. They can use reverse DNS lookup, sub domains finders or use the crawlers from google to find your sub domain.
I my case I don't use domains but instead use my FritzBox to forward the new IP Address to my email address.
In case you do use domains
- Use your own domain
- Check your firewall settings (inbound open ports)
n.b.: I know that FritzBox has some default ports open (VOP, Backdoor for the ISP, ...), that's why I have 2 routers
Using default ports
As most hackers will look for default ports it makes allot of sense to use customized ports for your applications.
For OpenVPN I use my VPN IP subnet as port (eg. 10.120.60.x) 12060
- Use non default ports for your applications