• RiQuY
    link
    fedilink
    English
    782 months ago

    I don’t understand why everyone assumes using a VPN means paying for a third party. I have Wireguard deployed in my NAS and I always have that VPN connection active on my phone to be able to access my LAN deployed services remotely, Jellyfin for example.

    • @[email protected]
      link
      fedilink
      English
      252 months ago

      Most VPNs sell themselves on encrypting your traffic to an endpoint that either is in a different locale to get around region locks or to put it out of the grasp of the RIAA so they can’t send your ISP copyright notices.

      While remote access to a local network is a good use case for a self-hosted VPN it’s totally unrelated to the use case for commercial VPNs

      • @[email protected]
        link
        fedilink
        English
        132 months ago

        For the use case of encrypting your traffic while using a public WiFi, both commercial VPNs and self-hosted ones provide the same functionality.

        • @[email protected]
          link
          fedilink
          English
          122 months ago

          I think the point they’re getting at Is that you can’t use a self-hosted vpn to hide your piracy activity because the link is registered to yourself.

          • @[email protected]
            link
            fedilink
            English
            52 months ago

            Yes, but this thread is about security while using public Wi-Fi, which the original comment was saying doesn’t require commercial VPNs.

            • @[email protected]
              link
              fedilink
              English
              22 months ago

              And I highly doubt people are pirating while on public wi-fi, the bandwidth just isn’t good enough, and even if it was, it would be a dick move to other public wi-fi users.

        • @[email protected]
          link
          fedilink
          English
          72 months ago

          Yes that’s true. But also that’s the wink and nudge marketing claim that VPN marketers make while everyone knows the real reason you are using a VPN.

          With HTTPS, DNS-over-HTTPS, and most endpoint firewalls dropping non-gateway traffic, the risk is a lot less than the VPN ad reads want you to believe

          • @[email protected]
            link
            fedilink
            English
            12 months ago

            DNS-over-HTTPS sounds like it’ll be the least used by general public since most people I know are still using default DNS settings which would point towards their ISP’s. I’m not sure how many ISPs have moved towards DNS-over-HTTPS or if they are even activated by default.

            • exu
              link
              fedilink
              English
              12 months ago

              Firefox has DoT enabled by default, maybe Chrome does the same. That would cover the use-case of most people on public wifi.

                • exu
                  link
                  fedilink
                  English
                  12 months ago

                  Both, the browsers (and any other application) can choose to ignore your DNS settings and use whatever other mechanisms they like.

      • @[email protected]
        link
        fedilink
        English
        102 months ago

        Since Wireguard uses UDP and peers only reply to a received packet if it’s expected and valid, it won’t show up in port scans and barely increases your attack surface. Tailscale and Zerotier are quite nice, but personally I dislike NAT-punching protocols.

      • @[email protected]
        link
        fedilink
        English
        42 months ago

        I am technical, I decided to just not open up any port that’s not needed for Plex and Jellyfin, sometimes it would be nice to access radarr and sonarr remotely, but fuck I just don’t want to deal with the setup

      • @[email protected]
        link
        fedilink
        English
        3
        edit-2
        2 months ago

        I use tailscale for hosting gameservers for friends and the occasional watch together on jellyfin. Kinda scuffed setup with one burner github account for login. And ~10 devices connected to that network. So I need to authenticate every device myself (at the beginning and sporadically) but I don’t need to pay Tailscale for adding multiple accounts to the network.

        At the beginning I tried to do set up everything with my own wireguard server. I only have a public v6 IP, so some of my friends connected without problems and for some it would not work. After I think 3h helping them in their router settings I just gave up. I looked up if I could rent a service somewhere that gives me a public Ipv4 relay, found Tailscale instead and stopped looking for something else haha. Sometimes it’s not worth the effort.

    • arthurpizza
      link
      fedilink
      English
      132 months ago

      It’s also worth mentioning that the VPN in question, Proton, offers one of the best free tiers of any VPN company.

      • @[email protected]
        link
        fedilink
        English
        32 months ago

        Agreed. I’ve used it, and it’s perfectly fine for normal web browsing. In fact, I added it to my router a while ago to test it out, and I’m considering leaving it on as a “secure” SSID so we can use it for things that my state requires ID for (e.g. porn and social media).

    • @[email protected]
      link
      fedilink
      English
      102 months ago

      I don’t understand why everyone assumes using a VPN means paying for a third party.

      It’s because that is what is advertised to them.

    • @[email protected]
      link
      fedilink
      English
      92 months ago

      My setup as well (plus encrypted DNS for good measure)

      I still have to somehow trust my ISP but I go down from having to trust my mobile ISP, my employer WiFi, random shops WiFi to just one ISP (that,fwiw, has shown to be transparent, customers friendly etc)

    • @[email protected]
      link
      fedilink
      English
      42 months ago

      I tried setting this up, and I can connect to my honeserver, but I’ve no idea how to access its LAN services. How does it work?

      • @[email protected]
        link
        fedilink
        English
        32 months ago

        Do you have internal DNS set up? I have my wire guard deployed on both of my pihole servers, which have local DNS entries for my internal services, which point back to my internal Traefik container for NAT translations. I know that sounds a bit complicated, but that’s how it works for my environment.

        • @[email protected]
          link
          fedilink
          English
          12 months ago

          Wow yeah, that’s way more than what I have haha. So I guess I need to look into DNS…

    • @[email protected]
      link
      fedilink
      English
      22 months ago

      I do the same, but it’s very clear that when people talk about “a VPN” they’re referring to a commercial cloud hosted product.

    • @[email protected]
      link
      fedilink
      English
      22 months ago

      Yup, I have the same, but not to access services on my devices, but to tunnel services so they can become public services. Basically, Jellyfin is accessible at mydomain.com, which tunnels traffic over WireGuard to my internal Jellyfin instance. I’ll connect to the VPN occasionally if I need to access something else on my network though.

      That said, I’ve considered paying for a VPN service so I can get around my state’s stupid ID laws around porn and social media, which I consider to be a massive privacy violation. But it hasn’t bothered me enough to actually spend the $5/month or whatever.

    • @[email protected]
      link
      fedilink
      English
      12 months ago

      IMO, the post is centered around proton VPN, and since that’s a public VPN service, it’s the focus of the discussion.

      Private VPNs are a very different story.