technology

23908 readers

236 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net

Any VPN Self-hosters about? (hexbear.net)

submitted 2 weeks ago by aanes_appreciator@hexbear.net to c/technology@hexbear.net

16 comments fedilink hide all child comments

Hello comrades! In light of the fucked up state of the UK govt I'm looking at some VPN options to further harden my homelab.

Right now, I have zero VPN coverage for my seedbox/jellyfin server which of course means a major security hole, even if my ISP hasn't shit over me for it yet.

I had a few questions about selfhosting a VPN versus a third party service.

How does a self hosted VPN actually do anything? I was under the impression that VPNs had to be off-site to give the benefits of, say, location spoofing.
Do I need to pay any subscriptions to other services for a self hosted VPN? At least in order to access features such as location spoofing.
We use Cloudflare WARP at work to access internal services. Will a LAN-VPN Fuck this up even if I explicitly avoid spoofing my location to ensure my IT guy doesnt shit a brick?

thanks cumrades!

you are viewing a single comment's thread
view the rest of the comments

[–] LanyrdSkynrd@hexbear.net 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

VPNs are simply a way to securely access one network from another. Commercial VPN providers are allowing you to use their networks as if they were your own.

Self hosting isn't really for location spoofing, it can only allow you to spoof the location where the VPN server is installed. They are used most commonly to access your home network while you are away without exposing your home network to all the threats of open internet ports.

You could run your own VPN on a paid VPS hosting provider and spoof that location. Some folks do that for various reasons. It can give you more privacy than a commercial vpn, but you should assume that three letter agencies could harvest that data, although it would need to be more of a targeted attack rather than the wide scale harvesting that likely happens on commercial VPN providers. You'd also only be able to spoof the one location where your vps server is.

Edit: I think I may have misunderstood the question. What are you wanting the use the VPN for? To access your jellyfin from a remote location, or prevent your ISP from seeing you torrent? Or is it for location spoofing for web browsing and preventing data tracking?

If the former, use wireguard or tail scale, or cloudflare service(can remember the name). If the latter you can use a commercial VPN only for your torrent software.

[–] aanes_appreciator@hexbear.net 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

My main goals are as follows:

Provide wider network privacy.
Obscure Torrents traffic from my ISP/Government should their enforcement against this increase.
Obscure traffic and bypass censorship of sites and services targeted by the so-called "Online safety act". Whether that's porn, wikipedia, or social media censored for Antizionism, I don't care. I only mention location spoofing as that's a mechanism of bypassing said censorship.
Allow access to my home server remotely via my existing hosted domain in Cloudflare, which allows me to set family memebers up with client applications easily.

[–] PorkrollPosadist@hexbear.net 5 points 2 weeks ago* (last edited 2 weeks ago)

These goals won't work well on the same setup. A commercial VPN provider will make you (more) anonymous to third parties like copyright snitches by mixing your traffic with other customers emerging from the same endpoint. A self hosted VPN can be useful for accessing your home network from outside, accessing the Internet from the location of your VPS, or hosting services from behind your ISP's firewall, but does nothing for anonymity. The IP of the endpoint is leased exclusively to you.

A VPN itself is just a means of tunneling traffic from one location (e.g. your home) to another (e.g. some office or data center). You would want two separate VPNs to cover these use cases. A commercial (not self-hosted) one for piracy, and a self-hosted one on a VPS for the homelab to bypass the ISP firewall (and potentially non-pirate web browsing emerging from one specific location outside UK).

Be careful with the routing! Funny and unexpected things can happen when you activate or deavtivate network interfaces. The traffic WILL be sent over the wrong interface (I.e. unencrypted torrents to your home ISP, bank transactions to the "anonymous" torrent VPN) unless there is a firewall preventing it, and IPv6 traffic will not be blocked by rules explicitly written for IPv4 address ranges. :)