So…I’m not an IT expert…I dabble but enjoy learning. I’m wanting more security at home and on the go. I’ve got a SFF PC from work to use an an opnsense router. I also want to host a VPN service from the house(opnsense). I understand the obvious nature of using openVPN from outside the house and how that makes a secure, hopefully obfuscated, connection to home for anonymous interneting. This is where I lose it. How does hosting that VPN service help when interneting from home? Am I missing an extra piece? Or just a fundamental of what a VPN is?
How does hosting that VPN service help when interneting from home
It doesn’t
Hosting a VPN server is for you to access your internal network when you are elsewhere but need access to your LAN.
If you want to use a VPN when you are home (for whatever reason) then you either need to be hosting the VPN server elsewhere (in a region that allows whatever it is that your home connection does not) or pay for a service like windscribe which will allow you to appear to be in whatever region you desire
For a homelab setup you probably don’t want a home VPN at all. If someone breaks into your VPN they acces the entire network. Yikes!
A much better way to consistently access homelab services is by purchasing a domain name and using Cloudflare tunnels. Here’s how this works. You are outside of home and want to access your nextcloud. Your device, say your mobile phone, can’t find your homelab. Why? First, because your router assigns an internal IP address to your homelab, and that internal address can’t be used to find your device on the open Internet. Second, your router does have an external IP address, but it’s likely you haven’t purchased a static IP from your Internet service provider. This means that even if you setup Port forwarding, you won’t be able to consistently tell your mobile phone where your homelab is.
So first thing you do is go to namecheap and buy a domain name. Anything you like. Now you’ll be able to put in that domain name into your mobile phone and always go to a specific location. Great. You’re not done yet, because that domain name doesn’t yet point to your homelab.
Second, you want Cloudflare to manage the domain. They have easy instructions on how to set that up. This is a prerequisite for step 3.
Third, you then install Cloudflare tunnels on your device. The package is the cloudflared package which you’ll run on the server. Cloudflare tunnels allows you to setup a subdomain like “photos.yourdomain.net” and point it straight at your homelab service without needing to worry about VPNs or certificates. Please note that in addition to the server software, you will need to go to the application section of Cloudflare Zero Trust to setup the subdomain.
Fourth, you need to go into Cloudflare ZeroTrust Access section and configure who can access the homelab service and how. Cloudflare will put up a login page every time you attempt to access photos.yourdomain.com. That login could be a Code sent to your email or it could be your Google id.
So let’s recap. With a domain name and Cloudflare tunnels we can securely tell remote devices where to find our homelab. This is enterprise grade security and what’s great is that It is relatively easy and low code. Finally, once you’ve mastered your first homelab service, you’ll be able to easily setup additional subdomains.
secure,
yes
obfuscated
no
How does hosting that VPN service help when interneting from home?
it doesnt.
what a VPN is?
a VPN is just a tunnel between two places across an untrusted network.
What you put through that tunnel is up to you.
Thus, its purpose may vary, depending on where you are, versus where the tunnel is, versus what you’re putting through it.
How does hosting that VPN service help when interneting from home?
Traditional VPNs are, as the acronym suggests, a way to access your home or corporate network remotely. Eg Tailscale is a convenient way to achieve this.
Your confusion is because there are many companies selling a completely different product which is ‘forward all your internet traffic through our proxy server’. These services are usually called VPN because they use the VPN support features built into operating systems to support the first type of VPN. These services are useful if you live in a police state or are doing something illegal (eg if your ISP sends rude letters to people torrenting) but are a waste of money for most people. Unfortunately running such a service is extremely lucrative so they pay for misleading ads on practically every YouTube video.
I use VPN to access my home network resources, and take advantage of pi-hole DNS filtering on the move…
Have 2 Pi-holes at home (for redundancy), each running openVPN, I can connect to either one…
My mobile devices (mobile, tablet, laptop) run the OpenVPN client to connect to my VPN.
I’m able to access all my home shares, servers, etc and browse the internet ads free wherever I am…
https://cloudtechtips.com/network/installing-pi-hole-on-ubuntu-22-04/13/
https://cloudtechtips.com/network/changing-the-dns-servers-on-the-wireless-router/461/
https://cloudtechtips.com/linux/ubuntu/installing-openvpn-with-pivpn-on-ubuntu-running-pi-hole/394/
https://cloudtechtips.com/linux/opening-the-openvpn-port-on-your-router/884/
https://cloudtechtips.com/linux/how-to-manage-users-in-pivpn/1109/
https://cloudtechtips.com/security/pivpn-connecting-to-your-device-to-your-openvpn/1098/
I rent a small vps that hosts a wireguard node, my torrent server is it’s only peer. This allows me to download my Linux isos without my ISP flipping their stuff.
I also host a local wireguard server so all of my devices can take advantage of my pihole+unbound DNS server. It’s nice to have ad block on my phone on the go, plus I can access all my servers since my phone is on a local network no matter where I am.
A virtual private network basically has two parts: virtual and private.
The virtual allows you to connect multiple separated networks (geolocation, access, etc). Good case would be if you have multiple offices, branches, locations, houses, etc. You can share resources from and “be” in any of these places.
Private means that it’s a secured network that allows access by security key / encryption. That means that if you have systems you need to expose securely over the internet, or you need access to network resources from outside of any of the internal networks, you can make a safe connection from virtually anywhere.
You can get crafty with this by doing things like creating a VPN server/host on a cloud server with a public static IP address if your ISP doesn’t allow for port forwarding or can’t provide a static IP. The VPN “tunnel” can allow you to create an access point and dynamically connect network services to that stable and static point for access. Opening an external port, pointing it to a reverse proxy, and forwarding requests to internal services can be a secure way to offer public access to internal services while segmenting traffic.
There are plenty of varied use cases, but security and access are key features.
Alright, imagine your internet connection is like a special tunnel. Normally, when you use the internet, you’re walking in the open where everyone can see you. A VPN (Virtual Private Network) is like a secret tunnel that hides you while you’re using the internet.
When you host a VPN at home, you’re creating this secret tunnel from wherever you are (even outside your house) to your home network. This keeps your online activities private and secure. At home, using a VPN can still help by keeping your internet use private from anyone snooping on your network.
I’ve been using TurisVPN for a while, and it works the same way by creating a secure tunnel, making sure my internet journey is hidden whether I’m at home or on the go. Hope that helps! 
Your title is a perfect prompt for ChatGPT
Watch this video
YouTube. Always YouTube.
Call your dad. Sorry
But you pretend that you are an IT expert to your employer… so no matter what sooner or later you are fucked.
I’m going to give the best advice I can give, if you truly want to understand what you’re doing and understand what makes the connection secure, how the routing takes place, how the data is encapsulated, and knowing how to route said data back to your home privately, you really should take some online networking and cybersecurity courses and understand what data is going where.
In my honest opinion, trying to keep completely clear of the five eyes is a futile attempt that you will obsess yourself into the ground with. Instead, understand the routing, what information is being exposed, and how you can shape that traffic to obscure and encrypt the data. It’s the best feeling in the world to see it all working, if you’re into that kind of thing. Otherwise, others in here have said valid points that will absolutely work, but if you really want privacy, you need to first understand what that word really means.
If you need fast and non diy vpn just use cloudflare warp, if you want vpn into your pc or home network from else where, us can use tailscale. Both is easy to setup and use
I prefer to do this by using chatgpt, and it will explain more better. Anyways, a VPN (Virtual Private Server), it basicly means a computer communicating with other computer privately and secure. In other words when your connected through VPN server, your traffic is encrypted (how you browse and internet give you result), and your internet provider can’t see this result your browsing or accessing because your data (stuff you), is private or have lock, that only you and the provider of the VPN server has that key.
For business, they host this in their company and run by their IT, which means the employees can access data outside their building via network using VPN, and this is very convenient because you can work your stuff like data and upload it to your work server. The only const using this VPN in business is that the IT in your department can see everything your doing while connected through VPN.
Ok, so this is where a paid service like NordVPN would be useful. Makes perfect sense, thank you.
This is about what I concluded from another’s assistance. He suggested using reverse proxy to do the same end result of yourservice.yourpaidDomain.com being routed to your specific service allowing only one “hole” in the firewall. Where do those two interact? Is the cloudflare tunnel the same as a reverse proxy? Are they doing the same thing just in different ways?
HA! No further research necessary.