So…I’m not an IT expert…I dabble but enjoy learning. I’m wanting more security at home and on the go. I’ve got a SFF PC from work to use an an opnsense router. I also want to host a VPN service from the house(opnsense). I understand the obvious nature of using openVPN from outside the house and how that makes a secure, hopefully obfuscated, connection to home for anonymous interneting. This is where I lose it. How does hosting that VPN service help when interneting from home? Am I missing an extra piece? Or just a fundamental of what a VPN is?
How does hosting that VPN service help when interneting from home
It doesn’t
Hosting a VPN server is for you to access your internal network when you are elsewhere but need access to your LAN.
If you want to use a VPN when you are home (for whatever reason) then you either need to be hosting the VPN server elsewhere (in a region that allows whatever it is that your home connection does not) or pay for a service like windscribe which will allow you to appear to be in whatever region you desire
For a homelab setup you probably don’t want a home VPN at all. If someone breaks into your VPN they acces the entire network. Yikes!
A much better way to consistently access homelab services is by purchasing a domain name and using Cloudflare tunnels. Here’s how this works. You are outside of home and want to access your nextcloud. Your device, say your mobile phone, can’t find your homelab. Why? First, because your router assigns an internal IP address to your homelab, and that internal address can’t be used to find your device on the open Internet. Second, your router does have an external IP address, but it’s likely you haven’t purchased a static IP from your Internet service provider. This means that even if you setup Port forwarding, you won’t be able to consistently tell your mobile phone where your homelab is.
So first thing you do is go to namecheap and buy a domain name. Anything you like. Now you’ll be able to put in that domain name into your mobile phone and always go to a specific location. Great. You’re not done yet, because that domain name doesn’t yet point to your homelab.
Second, you want Cloudflare to manage the domain. They have easy instructions on how to set that up. This is a prerequisite for step 3.
Third, you then install Cloudflare tunnels on your device. The package is the cloudflared package which you’ll run on the server. Cloudflare tunnels allows you to setup a subdomain like “photos.yourdomain.net” and point it straight at your homelab service without needing to worry about VPNs or certificates. Please note that in addition to the server software, you will need to go to the application section of Cloudflare Zero Trust to setup the subdomain.
Fourth, you need to go into Cloudflare ZeroTrust Access section and configure who can access the homelab service and how. Cloudflare will put up a login page every time you attempt to access photos.yourdomain.com. That login could be a Code sent to your email or it could be your Google id.
So let’s recap. With a domain name and Cloudflare tunnels we can securely tell remote devices where to find our homelab. This is enterprise grade security and what’s great is that It is relatively easy and low code. Finally, once you’ve mastered your first homelab service, you’ll be able to easily setup additional subdomains.
secure,
yes
obfuscated
no
How does hosting that VPN service help when interneting from home?
it doesnt.
what a VPN is?
a VPN is just a tunnel between two places across an untrusted network.
What you put through that tunnel is up to you.
Thus, its purpose may vary, depending on where you are, versus where the tunnel is, versus what you’re putting through it.
How does hosting that VPN service help when interneting from home?
Traditional VPNs are, as the acronym suggests, a way to access your home or corporate network remotely. Eg Tailscale is a convenient way to achieve this.
Your confusion is because there are many companies selling a completely different product which is ‘forward all your internet traffic through our proxy server’. These services are usually called VPN because they use the VPN support features built into operating systems to support the first type of VPN. These services are useful if you live in a police state or are doing something illegal (eg if your ISP sends rude letters to people torrenting) but are a waste of money for most people. Unfortunately running such a service is extremely lucrative so they pay for misleading ads on practically every YouTube video.