Third party VPNs not only encrypt my traffic but also tunnel it through one of their servers located in a foreign nation which makes masks my public IP of my default country to the web server I’m accessing (and in turn gives me access to geo-restricted content alongside the added encryption and"privacy").
But what about a self hosted VPN at home?
Apart from encrypting the traffic it doesn’t change my public IP via tunneling too right? P. In that case what’s the point of using a self hosted VPN server since I’m still not able to access geo-restricted content?
If only data encryption is the purpose here why isn’t the default HTTPS encryption enough? What additional benefit does a self hosted VPN provide in terms of encryption? If I’m not wrong, even with a VPN server my ISP (by proxy the government) can still inspect the web servers I’m pinging via my public IP with packet inspection.
No, the principal of VPN is NOT IP masking. It’s an encrypted tunnel. You use it to allow access to the far end securely. Public VPN services then turn around and dump your data onto the internet, so it looks like it originated with them.
You would host your own VPN server in order to allow secure access to your home network. This might be to access other self-hosted resources (file servers etc) or to take advantage of your home security (good firewall, pihole and other anti-ad tools, etc).
As a side note, if your main goal is accessing geo-restricted content and you want to host your own VPN, then what you can do is get a DigitalOcean droplet or an instance from some cloud provider and install a VPN there. You can choose the datacenter location, although usually they’re much more limited (e.g. only Germany or the US) compared to commercial VPNs which might offer hundreds of countries.
Hosting a VPN server at your home would give you access to your home network remotely. If you are out of state, and need access to something on your home network, you can connect to your VPN server at home.
VPN traffic is only encrypted between the client and server
If you are sitting at home, connecting to a VPN on your home network won’t buy you anything (unless there are threats inside your own home you are trying to mitigate.
A better solution would be a VPN server you stand up in aws ec2.
The point of self hosting a VPN connection is to access local services from outside your network.
VPN isn’t “design for” getting around geoblocking etc. that’s just a thing the technology happens to work for.
What a VPN actually does is connect you to a private network which instead of local network cables uses the internet to connect all the devices.
When you connect to a VPN hosted in another country you are effectively making your device part of that network and using that networks gateway to connect to the WWW.
Regarding the last sentence of your post, I was thinking the same thing and made a post in this sub about a week ago. I asked if it’s possible to avoid both the isp seeing what sites I’m going to (self hosted vpn) and vpn providers seeing what sites I’m going to (3rd party vpn)
The answer is that it’s impossible. So to answer your question, I have no idea why you would self host a vpn if you’re looking for more privacy
The problem that I’ve found with this (and I do run a few of my own VPS instances) is that lots of streaming services have blocked whole sets of data center IP’s. I don’t use my VPS for geo-restricted content & streaming services but if I needed to, then I would honestly just pay $5-10 a month to a provider. At that point log or no log VPN provider doesn’t even matter cause you’re not doing anything sketchy
You couldn’t easily carry RDP, or Bittorrent, or SSL sessions, or FTP.
On all the listed services packets are encrypted by default (except for FTP which I doubt people still use when there’s FTPS available) so I still don’t see the purpose of self hosted VPN here.
People use VPNs for more than browsing web sites
I’m talking about self hosted VPNs, not commercial third party VPNs where tunneling is involved.
There are many reasons someone might want to use a VPN.
List some
In the west ISPs don’t give a fuck what sites you visit and won’t spend any money “inspecting” what you do.
Then what’s the point of using a self hosted VPN?
ISP routers do not have the ability to perform packet inspection
By packet inspection I didn’t mean their ability to decrypt the data packets into plaintext, I mostly meant their ability to log what web servers you visit which they can do anytime they want or when pressured by higher authorities.
My question is fairly simple. The principle of VPN is IP masking. How is that achieved on a self hosted VPN?
Yeah it seems we both had the wrong definition of what a VPN is. Circumventing geo restrictions and IP masking aren’t actually the features of a VPN it’s just that third party VPN providers seem to provide that as a feature.
I have no idea why you would self host a vpn if you’re looking for more privacy
It’s basically for remote access to your server but in a secure way compared to let’s say SSH or RDP. Check the comments above one guy explained it extremely well and that alone cleared my doubts.
As for IP masking it’s not possible on a self hosted VPN from what I gathered. Your best bet is to either rent a server (well third party comes into play) in some other country or ask any trusted acquaintance of yours in another country to host a VPN server there.
Nothing. Except ssh will only allow TCP connections, and rdp will limit you to applications and services on the device you are connecting to. A VPN Does not care. It will take any and all IP traffic.
SSH with keys is fine until there’s a vulnerability. By putting it behind a VPN there has to be an exploitable vulnerability in both SSH and the VPN to get attacked.
I’ll never expose RDP directly to the internet unless it use Active Domain, and even then on corp settings it’s mandatory to use VPN.
No, SSH is effectively an encrypted tunnel to a terminal. It doesn’t make the the connecting device part of the network.
A VPN doesn’t even need a GUI, look up setting up wireguard.
A VPN is used to behave as though your device is part of the network you are connected to, SSH and RDP are ways to connect to devices on another network but to use them over the internet you need to open the appropriate ports. Good network security says you should open as few ports as possible, so if you use a VPN to first connect to your home network, you don’t need to open any ports to use SSH RDP or whatever you want.
A VPN is used to behave as though your device is part of the network you are connected to, SSH and RDP are ways to connect to devices on another network but to use them over the internet you need to open the appropriate ports.
This cleared all my doubts. Thanks a ton man. Very well explained.