Hi /r/HomeNetworking,
I sort of understand a VPN server: usually I have a router, it talks to my ISP (which is sort of a big super-router) and my packets get sent outward to their ISP addresses; when they arrive the destination knows they came from my ISP. For a VPN, those packets go to a specific destination location first (the VPN server), and from there they go to their actual intended destination. So that when they arrive at their destination, the destination thinks they came from the VPN server, and not actually me. (Right?)
I understand that I can set up a home VPN server.
If I am at Starbucks, the Starbucks router can see me do banking on my iPad. But if I have a VPN server at home, my packets go to my home internet connection, then to the bank; Starbucks just sees me talking to my home VPN, and then I have a measure of safety.
What I don’t get is how this is set up. How can my home internet connection become a server. Don’t I need a static IP address or a website URL for someone outside my home connection, to see it? How does my IP traffic at Starbucks go back to my home router, unless I set up my home connection as a server with its own IP address or web URL? (or is this how it’s done?)
I’m confused… because I am aware whenever I connect to my ISP, in general the IP address I am assigned, is not static, so how can I find my VPN? (edit for clarity)
thanks much
First off you’ll need a router that supports acting as a VPN server. (or your own home server)
Secondly you’ll need a public facing IP-address, if you’re behind carrier grade NAT it won’t work (aka. CGNAT). A static IP is preferable but not necessary since you can bypass it with DDNS.
How to setup openvpn https://openvpn.net/community-resources/how-to/
What is DDNS https://www.lifewire.com/definition-of-dynamic-dns-816294
What is CGNAT https://en.wikipedia.org/wiki/Carrier-grade_NAT
Finally, even if Starbucks can see your banking it doesn’t really matter since it’s encrypted.
They can only see that you connect too the bank not get any information. It’d be if you were browsing things that are more personal you’d really want a VPN service. It also does give an extra layer of protection for other malicious things like MITM (man in the middle) attacks so I’m hardly discouraging it but the reason you’d want it is not to hide your banking or other encrypted traffic from Starbucks.
What is HTTPS and why does it matter to your question https://www.cloudflare.com/learning/ssl/what-is-https/
You can use a dynamic DNS service like NoIP. What this does is allow you to use yourdomain.com and will change DNS records if your IP ever changes. So you don’t need a static IP.
Please understand I genuinely want to help… So…
Think of a normal connection to net over a public access point as a rope. Let a knot in the rope be the access point/router.
Ants traveling across the rope a can be seen by all very easily.
Now imagine a straw, and traveling through the straw can’t be seen by anything else.
In this analogy the ants are network packets, the straw is a VPN.
It’s this kind of idea that the term Tunnell comes from.
Your home does have an IP address. How else could it be connected to anything else? Hopefully it’s an addressable address.
You can also use a domain name (not a URL, but that’s what you meant). You don’t have to be special to own a domain. They’re like $10 a year and once you own the domain, you can make as many sub domains as you want. Technically every host on my network has a fully qualified domain name, but few are accessible from the outside (by design, I don’t need to expose my entire network to the rest of the world). I access my VPN via its name.
I’m confused… because I am aware whenever I connect to my ISP, in general the IP address I am assigned, is not static, so how can I find my VPN? (edit for clarity)
Either you request (and generally pay for) a static IP address, or you use a DNS service like noip.com.
With CGNAT you can connect your router (acting as VPN client) to a VPS (acting as VPN server) and route incoming traffic on VPS to your router. It’s a little bit ugly but for my exemple i’ve only 4G at home and it’s my only option.
Or simply use IPv6 which your provider hopefully provides when doing CGNAT.