The time has come for me to start using a vpn. I will eventually set up or buy server space for my business. 
Should I set up a vpn on the server or get a separate vpn service? 
I'm on my phone and laptop a lot and will be running financial stuff across the connection as well. Would setting up my web/ mail/ file server as a VPN expose it to more risk? 
I log on to my laptop through Wi-Fi hotspots. So far not an issue due to the hotspots i use. In the future motel / hotel hotspots will be an issue. 
Am I over thinking this?

It depends on what "kind" of data you will be working with.
As a standard more layers of protection is better. 3 is a min. for intellectual property, HR matter, financials, personal identification info, and anything that falls under HIPPA
I wouldn't source that since its the company information. But that is me. There are plenty other "secure" methods.

Tag for info.

 Sorry, a little more information on the subject. 
1. I am starting up a truck leasing business. Most of the financial stuff will be QuickBooks. Routine accounting mostly accounts payable, some accounts receivable. Since I will be mobile I will keep my QB files on the server.
2. A small web site to advertise my business. It may have an employee portal at a future date. 
3. A mail server for business and employees. It will be fully encrypted for security. I may farm this out. I may farm it all out.

Not sure what you're accessing over public networks or how you're doing it, but the bottom line is if you're accessing LAN based resources unencrypted you have more to worry about than using a VPN.  


If you have LAN resources that you need to access remotely (i.e non web accessible resources) then yes you'll want a VPN and in some cases it's prudent to have a web server based application not exposed to the internet and made only accessible via LAN/VPN

Most higher end firewalls (watchguard, sonic wall etc) provide a functionality for a built in VPN server that can ingrate with your existing active directory, RADIUS or just use local authentication to the appliance.

If you're working on quickbooks for example I would VPN -> RDP to the QB Server  
If you're using Quickbooks online well just use that..

Also, I wouldn't get to hung up with hosting your own email server, I would look into Gmail for business, office365, hosted exchange or what have you.  

If you go with Office365 you can get sharepoint & one drive which basically solves the problem of needing a file server (for the most part) you can mount sharepoint sites via WEBDAV (they show up just like a mounted file share) to access files conventionally or use the sharepoint frontend.   Office has sharepoint integration etc etc.
Keep in mind that virtually anything you can do with Office365 your an roll your own and self host as well and even migrate back and forth or run hybrid environments which all of this (I'm guessing) is probably not in your repertoire.

ETA: it appears you're in Texas, if you're local to me (Houston) I would be happy to have a beer and help you.

OP take him up on his offer.  He'll be able to explain why putting ALL your critical business functions on a single server exposed directly to the internet is a really bad idea.

We hosted our own mail here at work for years and it's not as bad as some people make it out to be.  Having said that, gmail for business is great for what it costs and I wouldn't recommend hosting mail yourself.  

Be aware that most if not all commercial "VPN" services are really just designed to anonymize traffic for file sharing, not to provide an encrypted tunnel to another network.

I run a $10 Amazon vm as an Open VPN server so I can work from home when I need to.  If you can follow along with docs you find on the internet it can be set up in an hour.    Register a domain, put your VPN server in DNS and use appropriate key strength.  Run the Open VPN client as a service and forget about it.