1/3 Dumb question: for VPN, the server has to be outside my LAN, right? If I want to “host my own VPN”, I still need to purchase server space in the cloud somewhere, then access that server from the client within my LAN, right? So, it is not possible to "host my own" by having the server AND the client both within my LAN? Wouldn’t that defeat the purpose? In other words, in order to mask my IP address and secure the data, the data must be encrypted on my end…

2/3 travel through the encrypted tunnel across the public internet to the hosted server outside of my network, which would have a different ip address than my local LAN, right? If I had the client and server BOTH local on my machine, if that is even possible (maybe through vm), then the encrypted tunnel would be from my computer to my computer via the LAN, and then the data when it leaves my local server would still be identified by my local ip address…

Show thread

3/3 which means I haven’t really done anything at all (except complicate things). Is this correct? I want to host all my own stuff. I don't want to pay for outside services, like renting a server to run software for me. But, it looks like for vpn to function, at minimum I am going to need my server software running on a server outside of my LAN. Is my understanding correct? Whew...I hope that makes sense...

@KingWm You have to tunnel out to somewhere else for it to make sense to run a VPN. "Running a local VPN" would protect you from other people on your local network from seeing requests between the VPN server and VPN using PC, just like how it works using a VPN from your network to an outside server. Many people are not concerned about that type of security inside of their local network, but you could be.

@btcFUD I am not concerned about local traffic. I was thinking "host my own" meant I wouldn't need any outside services. After looking into how VPN's work more closely, I can see how that doesn't make sense. Essentially, the traffic takes the ip address assigned to the hosting server. So, you have to have a server in the cloud somewhere... After checking with my webhosting company, I would need a dedicated server to run WireGuard, which is $270 per month!

@KingWm I used to use Stunnel and a self-signed cert to have an encrypted VPN between myself and a machine on my home network. You don't have to buy a single thing. As long as your router will pass encrypted traffic, you're golden.

@TallTim but you were accessing your home network from outside of the network, right?

@KingWm Correct. I established a VPN link using Stunnel to my home machine running the client and port 443 forwarded on my router. Easy-peasy.

@TallTim my problem was, I thought I could host the server at home, AND access the server from my client on the same home network. I don't want to pay for off-site server space, but if I want to use vpn from home, I will have to apparently have the server situated outside of the home network on the internet. I know that should be obvious, but it took me a bit to put 2 and 2 together...

@KingWm So your aim is to encrypt your local traffic? Just making sure what you're trying to do.

@TallTim @Sosthene Before I setup my BTC and LN nodes, I want to setup the vpn so that I can encrypt the traffic and mask the IP address (privacy & security). If the vpn server is on my side of the network, then its outgoing traffic is still identifiable by my ip address. So, the server must reside outside my network, in the digital ocean, so that I can tunnel out of my local network to the outside world & use an IP address not physically tied to my town. Make sense?

@KingWm @TallTim I think what you need is to run bitcoin and lightning with Tor enabled. If you want to use a VPN, I think you should not use a server that belongs to you, as I think anonymisation with a VPN rely on the same server being used by many people. If you're the only one using the server, an attacker just need to listen to its clear trafic and the encrypted tunnel becomes just pointless. At least that's how I understand this, but I'm now expert

@Sosthene @TallTim I am going to create a website tonight to explain it I think. When I am done, you will understand what I am wanting to do, and I suspect you will have other input as well. Thanks for your time. I LOVE BITCOINHACKERS!

@KingWm @TallTim A website? Have we been so far off the mark all along 😂 ?

@Sosthene @TallTim ROFLMAO! You will see. I have had a plan for a while, taking my time implementing it. It is simple, but I hope it is very useful to other noobs... I may not have it tomorrow, but it is coming...You don't know this, but I am obsessive-compulsive. Each step is painfully agonizing. The first step is the hardware. My refurbished computer just arrived, but I am already thinking about splurging for what I really want raptorcs.com/content/base/prod $$$ and giving this refurb to momma.

@KingWm @Sosthene use this free tool to make a diagram of what you want -- yworks.com/products/yed

They have different template sets including stuff for networking.

@TallTim ty for that. I suspect that tool will be useful in the future. Always wondered how peeps did those diagrams...

@KingWm @TallTim The point of a VPN is to create an encrypted local network between machines that are not on the same local network. So yeah, accessing the VPN in your home from your home doesn't make a lot of sense.
I think you need to take a step back and try to explain what you're trying to do, maybe it's not a VPN that you need

Sign in to participate in the conversation
Bitcoin Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!