I have been searching stuff for some hours now, trying to understand how this local vpn might work. One problem is that VPN providers have flooded the internet with useless articles containing no information about how a vpn service works. I want to create this post, mostly because i would like other people, to have a search result to help them. From what i understand about using pivpn to set up a home vpn = your own vpn at your own LAN: (*PLEASE CORRECT ME ON ANY POINT THAT I MADE WRONG*)
- There is no point in connecting devices from your local network. Even if someone inside your network is stealing information from you, you cant stop it, because even pivpn, has to send and receive unencrypted data to the router, and then to the isp. You basically add one connection step to the pivpn, and only that is secure. anything else is unencrypted. And that would only intoduce more latency.
- One could argue that connecting local devices to the pivpn, will make it look like a ton of different and contradicting searches are made by the same device, and thus, advertisement companies wont make an accurate profile of you and your family. But since 4 or 5 people arent many, and since you probably have some similar interests and searches, i wouldnt say it helps much with privacy. And it would be completely useless, if you live alone. Furthermore, i think that unless you use ipv6, noone can descriminate who you really are, since there is only one public ip: your routers public ip. The ip that your computer have is local, and cant be traced by the outside world as easily. Lastly, advertisement companies track coockies to create a profile. Not necessarily your ip.
- It doesnt protect you from your isp at all. You can only use it outside your home network, either because you trust the free wifi or mobile carrier less than your isp, or because you want to access your NAS. Privacy cant be achieved, since server (e.g. facebook) require unencrypted data, and with our commoner means, we cant buy bandwidth, and create our own carrier/VPN.
- Connecting to the pivpn goes like this: you are at a cafe with a laptop. you connect to the free wifi. you request a connection with the pivpn service you have at home. You establish that connection. After and only after you have established this connection, is your data encrypted and secure. You open e.g. facebook, sending encrypted data throught the cafe wifi, to your router, to your pivpn which then decrypts it, sends its through your router to the server you tried to contact (e.g. facebook). Facebook sees a connection with your pivpn. It sends data throught your router to your pivpn, the pivpn knows that this data has to be sent to you at that cafe, so it encrypts the data, sends it through your router, to the cafe router, to your phone. Your phone then decrypts the data and displays it.
- pivpn will work with pihole, you can set up a home server like a minecraft server, even through the pivpn, because you can route traffic and port forward. But as i said, you wouldnt want to connect your local devices to the pivpn.
- finally, what i didnt have time to search is whether i have to connect my NAS to my pivpn. idk how nas works yet.
I think you’re generally right! IMO VPNs get over-played/over-advertised (for obvious commercial reasons). They do have their place, for sure, but some of the advertising is like: “UNLESS YOU USE A VPN YOU ARE TOTALLY SCREWED AND EVERYTHING YOU DO IS PUBLIC!” which just really isn’t true. If your bank/facetwit/whatever has bad security/cryptography, then the VPN isn’t going to really help much. The first hop (You↔VPN) will be encrypted, but the second hop (VPN↔end site) still relies on whatever technologies the end site is usin
To me, there are three main things that having a PiVPN on your home network is good for:
- Secure remote access to your local network assets. Could be file storage, or a media server. I think the big use case here would be security cameras. You should absolutely under no circumstances ever let any security camera expose itself to the internet. That’s a recipe for disaster. So, if the cameras can’t get to the internet, but if you can get into your local network remotely, then it’s like being on your local network and you can view your cameras feeds (relatively) securely.
- A bit of peace-of-mind if you don’t trust the security of the coffee shop / airport / whatever WiFi.
- Geolocation issues. E.g., Your home is in Country A and you’re traveling in Country B. Netfulu has blocked your favorite streaming show from being shown in Country B. So you VPN yourself home and to Netfulu you look like you’re in Country A and you can keep binging.
I know this was written 2 years ago thank everyone for this. I’m about to install pivpn and was struggling to get a straight answer on what benefits I get. i especially didn’t realise that connecting local devices was pointless, all the videos I’ve watched don’t address this.
I’ve had same difficulties working through things!
Most helpful way I can think about internet security is sending locked boxes inside other boxes with delivery addresses on them. If you’re communicating via wifi with facebook it’s like sending a locked box to your router which has the only key. Upon opening it finds another locked box addressed to “facebook dot com” (as facebook and most sites use SSL encryption - i.e. https rather than http which is unencrypted) and sends it on. Facebook opens the last box and reads what you’ve sent. Return message happens similarly.
If you use a VPN outside your home, the router sends on a locked box marked “vpn provider dot com”, the vpn then unlocks that and sends contents to “facebook dot com”, who thinks it’s from the vpn address.
When you VPN to your pihole from an internet cafe (with unsecured wifi), you’re passing a locked box marked for your pihole, which then opens it and sends the contents back to the router to be sent on to (and unlocked by) facebook.
So the key payoffs for this are a) the messages you send on a wifi outside your house are only openable by your pihole, b) all your internet surfing looks like it comes from your pihole, c) it adblocks it as if you were at home, and d) if you use an external wifi no local device will intercept your data and all communications look like it’s coming from there.
I think this corresponds with most of what you’ve written above. To respond to your points to the best of my knowledge:
- Yes - no point doing it locally. You tell your router to send an encrypted message to your pipvn ip address, it circles right back round and your pivpn sends the unencrypted messages back to the router and onwards. No danger if you’re communicating to https site (except that interceptors know the destination).
- Yes you only have one IP address for your household. All your devices look like they’re communicating from the same place anyway. Overall utterly no reason to connect to pivpn when you’re on the same local network as it.
- Your ISP - whether you’re surfing from home network or VPN-ing in - can see where you’re sending traffic to, but in almost every case it’s encrypted traffic (facebook only accepts encrypted traffic). Unless you go NordVPN/TunnelBear/Pihole on a cloud VM etc., then ISP only knows that you’re sending data to the VPN provider and can’t figure out anything else
- Essentially yes, although even your pivpn cant fully read the data that you’re sending/receiving to/from facebook as that’s encrypted too. It just does one layer of decryption (unlocks a box), works out the destination and passes it on.
- Yup, this is the way I run it. I use wireguard to vpn back into my home network only when I’m out and about to get the full adblocking still running. Unnecessary when at home.
- Never tried it. If your NAS is local and only accepts local requests then that should work as expected - when you’re either at home or connected via pivpn you should be able to access it in similar ways. I find I can ssh into any of my pi devices from anywhere in the world* when I connect back home using pivpn.
^(*an exaggeration, I haven’t actually left my own country since setting this all up.)
yes. thats what i am saying. But there is all this crap on the internet right now, which obscures that info. You search “how vpn works” and all you get, is sites, saying that vpn encrypts your data… Also, videos that i watched always differentiated pivpn from regular vpns, EXCEPT when they were talking about privacy. They never stated that pivpn doesnt help with privacy, when doing regular browsing, which made it even more confusing.
As the colleague said, on your local network the only advantage it has would be encryption, but you will also lose speed due to latency. In a mobile network, apart from encryption, you can access your Raspberrypi with its local IP, through the terminal for example. You can benefit from pihole to block domains, and even watch your movies on plex. Problems that may occur…several devices are connected to the same tunnel at the same time. Although on the street I have seen a movie on my plex server that is hosted on my Raspberry, in 1080p without cuts with my VPN. To connect to the VPN from abroad, the ideal is that you have a Dynamic DNS, more than anything because if your public IP changes, which will surely be dynamic, you will not be able to access it, and then you must have port 1194 forwarded and open. UDP from the router to your Raspberry, too. You can also do home VPNs from your neutral modem and they work quite well.
oh so facebook wasnt a good example because they use encryption. thank you for that
Es que yo creo que están llamando VPN a aquello que NO ES UNA VPN, es un simple proxy ubicado en el extranjero sin caché intermedia.