OpenVPN tunnel

[dryfly]

I have set up my home Asus router as an OpenVPN server and it functions as a tunnel VPN so I can safely have remote access to my home IP camera system. Just curious if anyone else has done this? I just realized that when camping and using a public WIFI I can activate the VPN on my client device and basically be accessing the internet (and being encrypted)through my home router. This should make possible secure browsing as in being able to make purchases, etc.

[MoonShadow_1911]

I have set up my home Asus router as an OpenVPN server and it functions as a tunnel VPN so I can safely have remote access to my home IP camera system. Just curious if anyone else has done this? I just realized that when camping and using a public WIFI I can activate the VPN on my client device and basically be accessing the internet (and being encrypted)through my home router. This should make possible secure browsing as in being able to make purchases, etc.

That's what I had set up before we went full time. More that we are full time, I no longer have my firewall set up.

[dryfly]

That's what I had set up before we went full time. More that we are full time, I no longer have my firewall set up.

So I assume you felt secure when using a public WIFI? Did you activate the OpenVPN client app before logging into a WIFI, or after. Or does it make any difference?

[MoonShadow_1911]

So I assume you felt secure when using a public WIFI? Did you activate the OpenVPN client app before logging into a WIFI, or after. Or does it make any difference?

Lol! I have Android and used the app called Tasker to automate all of that. I started with OpenVPN and just got wireGuard running before I tore it all down and sold it.

General rule of thumb is to connect to the VPN server before navigating anywhere. I actually had mine on all the time, cell or WiFi.

[roegs01]

For many situations I'm not sure how much a VPN buys a person anymore. Many of the sites I connect to (and do business with) are HTTPS which is already secured.

[MoonShadow_1911]

For many situations I'm not sure how much a VPN buys a person anymore. Many of the sites I connect to (and do business with) are HTTPS which is already secured.

It all depends on how you grow "security". Without a VPN, I can geolocate your approximate location based on your IP address when you hit my website. From there, I can target ads based on that location. (That's a "good" use for it.) For nefarious threat actors, I can use that to track your website visits and put together a timeline of where you were and observe possible patterns to track you physically.

With a commercial VPN solution, threat actors get the location data from many people since the endpoint IP address is the outlet for hundreds of subscribers, effectively anonymizing your individual traffic.

Having a VPN at your sticks and bricks gives you an option to store data locally and access other Network Services at your house.

For instance I had a personal cloud server behind my firewall that allowed me to store all of my pictures and videos and personal information securely. I would access it via my VPN, remotely. It was really handing not to have all of that data cluttering up my phone or my other personal devices.

[dryfly]

For many situations I'm not sure how much a VPN buys a person anymore. Many of the sites I connect to (and do business with) are HTTPS which is already secured.

If you are going through a public WIFI I think you are vulnerable before the security of the website i.e. HTTPS comes into play. With a tunnel VPN I'm encrypting data starting at my computer/iPhone.

When I'm connected to the VPN I'm actually working through my home network so at that point I feel safe accessing a secure website.

[roegs01]

If you are going through a public WIFI I think you are vulnerable before the security of the website i.e. HTTPS comes into play. With a tunnel VPN I'm encrypting data starting at my computer/iPhone.

When I'm connected to the VPN I'm actually working through my home network so at that point I feel safe accessing a secure website.

HTTPS is going to work at the application layer. VPN will work at the lower layers. Its a matter of your own comfort and if you feel better doing both you should do so. But, if you're traveling and you do everything through a VPN via your home network you may be adding considerable latency to your traffic. I live in the Minneapolis area and currently am in Florida. If I want to talk to another server in Florida, I don't want my traffic to go back to Mpls and then back to Florida again...

[Riverbug]

HTTPS is going to work at the application layer. VPN will work at the lower layers. Its a matter of your own comfort and if you feel better doing both you should do so. But, if you're traveling and you do everything through a VPN via your home network you may be adding considerable latency to your traffic. I live in the Minneapolis area and currently am in Florida. If I want to talk to another server in Florida, I don't want my traffic to go back to Mpls and then back to Florida again...

But aren't you doing the same thing with VPN since everything is routed through a server wherever that might be located? I also tried VPN (just a free version for testing it out) and found that if I tried to access my bank account for example, it wouldn't let me. Shut off VPN and it was fine. Also found it annoying that I would get those "are you a person" quizzes much more often when I had VPN turned on. Maybe it's because I was trying out the free version, not sure, but it was a pain. In addition, it often seemed slower but my guess is that was due to the free account and saturation of the server which mostly showed 90%+ usage.

[MoonShadow_1911]

But aren't you doing the same thing with VPN since everything is routed through a server wherever that might be located? I also tried VPN (just a free version for testing it out) and found that if I tried to access my bank account for example, it wouldn't let me. Shut off VPN and it was fine. Also found it annoying that I would get those "are you a person" quizzes much more often when I had VPN turned on. Maybe it's because I was trying out the free version, not sure, but it was a pain. In addition, it often seemed slower but my guess is that was due to the free account and saturation of the server which mostly showed 90%+ usage.

To an extent. I liked it too this: out in public, you wear clothes because you don't want everyone to see you nekkid. This is WITH a VPN. Without a VPN, you are the emperor in the story book tail The Emperor's Clothes. A threat actor sees everything.

As for your free VPN, it will depend on the endpoint of the VPN. It might have been in a different country, or is a known avenue for threat actors, based on the endpoint's IP address or address range.

I can setup a WireGuard VPN server in a cloud space in the US and have no problems accessing my bank and other financially sensitive institutions.

If I use a commercial VPN service, I do get more blocks.

As to the Captchas that you see more of, is because of the IP address of the endpoint.

Internet public IP address are "leased" from the ICANN, so, for instance, mygrandrv.com IP address is 172.67.216.158. If it was a VPN, all traffic coming through would be from that IP address. Let's say mygrandrv.com is a VPN provider, they might have a range of public IP adresses, let's say 172.67.216.*. The * indicates 1-254. So there are 254 IP addresses that they lease. And the endpoint could be any of them.

It then becomes easy for websites to then block traffic from that IP address range, or enforce a stronger level of authentication on requests coming from the IP range.

So, something like Xfinity, will have a range of 107.*.*.* (among others). So hundreds of thousands of IP addresses. Plus, because they are registered with ICANN, websites have a higher degree of certainty that the traffic coming from one of the IP addresses are an individual, not a VPN.

Hope this makes sense, at a high level.