VPN Security

[flubbernugget]

With the whole ISP controversy I'm interested in getting a raspberry pi to set up as a VPN server, but all the tutorials end up saying "you can look at all of your private files anywhere." I know that's one of the uses for VPN but it's not what I'm interested in. My understanding is that they have something set up for network access like this.

 

VPN (in my house) -> ISP Router -> ISP - > Personal device

 

So if I access the Internet outside my house, I should be encrypted and secure. However, if I'm inside my house the connection would look like this,

 

Personal Device - > ISP Router -> VPN (in my house) -> ISP Router -> ISP

 

And I am no longer secure, because the encryption is between my personal device and the VPN, and my ISP isn't between those two.

 

Are my assumptions correct? And if they are, how can I secure myself from inside my house?

[DudeLove]

I don't get it

1 hour ago, flubbernugget said:

With the whole ISP controversy I'm interested in getting a raspberry pi to set up as a VPN server, but all the tutorials end up saying "you can look at all of your private files anywhere." I know that's one of the uses for VPN but it's not what I'm interested in. My understanding is that they have something set up for network access like this.

 

VPN (in my house) -> ISP Router -> ISP - > Personal device

 

So if I access the Internet outside my house, I should be encrypted and secure. However, if I'm inside my house the connection would look like this,

 

Personal Device - > ISP Router -> VPN (in my house) -> ISP Router -> ISP

 

And I am no longer secure, because the encryption is between my personal device and the VPN, and my ISP isn't between those two.

 

Are my assumptions correct? And if they are, how can I secure myself from inside my house?

i don't get it. i think settling for and downloading conventional options like slick, ivacy or ibvpn would do the job. you'll be saving yourself a lot of time. :/

 

Also, adding a second router in-between and configuring vpn over it may help too, if i get it right.

[flubbernugget]

There's a couple of reasons I want to do this on my own:

• The "home network encapsulation" feature is appealing for when I'm not home (unless you're saying those other services can do that)
• Having a physical device for my parents to see and recognize as an "encryptor" would probably help them in understanding how to use it
• I would rather pay a flat fee for the service than a monthly fee, and 5 minutes of Google says most free VPN servers aren't in my country.
• I Like doing this kind of stuff and it's a a good learning experience

[Linguica]

If you browse sites over HTTPS (like this one cough cough) that's halfway there. HTTPS prevents your ISP from seeing anything about your web traffic except the domain. So it will know you're on pornhub but not know if you're watching a clip from Gigantic Asses 2 or Gigantic Asses 3.

[Jon]

I think the first thing to figure out is, what are you actually trying to achieve. Then you can explore solutions. But it sounds like a local Pi/server in your house is a red herring. You probably want a VPS on a provider in a foreign country and some DIY VPN server software running on it.

[fraggle]

On 4/1/2017 at 10:05 AM, flubbernugget said:

And if they are, how can I secure myself from inside my house?

I've re-read your post several times and it's hard to understand what you're trying to achieve and what you're trying to defend against. It sounds like you want to hide your network activity from your ISP - is that what you're trying to do?

 

If so then there are several ways you can do this. One is to set up something like Tor. Another way is to set up a VPN server outside your home and tunnel all your traffic through that. Then your ISP can't see anything except an encrypted tunnel. There are several options for how to do this: you can rent a Raspberry Pi in a data center for example. You can also rent a virtual server (VPS or VM) and run a VPN server on it - there are many providers who will do this for a monthly fee and it's now quite cheap. Finally, there are dedicated VPN services that you can just pay for.

 

It sounds like you read some tutorials about how to set up a VPN at home so that you can access your home network when you're away. That won't do much to hide things from your ISP, since any Internet access still goes through them. The state of Internet privacy has at least improved in recent years since many sites have switched to https: though (like Linguica explained).