Forgive the basic, noob questions here, I’m hoping to learn!
I found out that I can VPN to my home network in order to use Pi-Hope when I’m on the go. While this seems like a great idea, I’m a bit concerned about the security of it and I don’t fully understand how the two work together. I’ve read some guides to try and grasp a proper understanding but those don’t talk about the “why,” just the “how.”
I currently use a VPN to connect to the internet, to hide traffic from my ISP, easily change my IP to bypass download limits etc. How do things change with PiHole? Can I use a major VPN provider or do I need to create my own VPN using OpenVPN? Will it provide the same security, or am I opening myself up to potential risks?
Can I use a major VPN provider or do I need to create my own VPN using OpenVPN
To tunnel back to your Pi-Hole, you need to create your own VPN, not use a major VPN provider. The providers are for outgoing traffic, you want to VPN your incoming traffic.
I’m a bit concerned about the security of it and I don’t fully understand how the two work together
It’s plenty secure. You set up a VPN client on the Pi, set up Pi-Hole to listen on that interface. Each remote client gets the proper credentials (strong encryption) to use the VPN. Without the credentials, nobody will be able to get into your VPN. The VPN client you install uses the same security protocols as the commercial providers.
You can use a VPN (hide from your ISP) and use pihole at the same time, for example I had my netgear R800 router, I put DD-WRT on it and put PIA VPN on it so my IP address is hidden from my ISP, and then set that router up to use my pihole to all of my requests so that the ads were gone.
You can likely set up your pihole to have an incoming VPN to connect your phone whilst at work to your home network, and an outgoing VPN with a commercial provider to then hide all of your data from your ISP
I’d still only be using one VPN, but in this case it would be my own instead of a provider, correct?
I’m guessing my remote device accesses the VPN, which then connects to the internet, which then links me to my Pi at home on a single open connection (IP? Port?), which then links me to the internet via my home router. Is that correct?
Would I be able to change my location/IP address, or is that something only the larger providers can do?
Your remote device connects to the VPN via VPN software (e.g. PiVPN, OpenVPN, Wireguard) on your home network. Once connected, it is almost as if your remote device is physically in your home—you will get PiHole blocking (assuming the VPN is configured properly) and your IP to the outside world will be your home network’s public IP.
If you want to appear like you’re in a location that’s NOT your home, you would need a VPN server in that location. It is common for VPN providers to have many server choices in various locations.
This means that a home hosted VPN provides security (via a secure tunnel to your home network), but not anonymity since your traffic goes out to the wider internet from your home IP. That makes it a good solution if you want ad blocking, more security on public WiFi networks, or to be able to access other devices on your LAN remotely. But it’s not the only way to accomplish the former two.
If you create your own VPN server on your home network, you would connect to that from the outside world and it would appear that your internet traffic originated from your home.
If you use a VPN provider, you would connect to any of their servers and it would appear that your internet traffic originated from the chosen server’s location.
(This is a simplification without getting into uncommon 2-hop VPN configurations.)