On 12/7/23 21:08, Doug Mildram via WLUG wrote:
cara> I'd also be interested in how people are self-hosting their VPNs (and john stoffel's view may be similar, I can't say, but hi anyways!)
me/doug> I'm struggling with what's the benefit/motivation?
For me, it lets me access my home network when I'm away from my apartment.
My take which started long ago: 20-30 yrs ago as a sysadmin supporting remote access/workers, my (very not-genius-level) brain learned that a VPN... a box/product I'd install on "my"/work network, handing out INside-access to outside-workers for a session.... adds (pops up during session) a virtual interface on home-computer network stack, so while in a VPN session the home worker can magically "have an ipaddr on the inside of workplace network" thus allowed into not-public work servers (or drive their work desktop) BUT! on server setup, I+bosses must decide if yes/no allowing split-tunnel (policy set on VPN server which the VPN clients suffer with usually? if "no split") If yes/split-tunnel allowed, client gets a 2nd! default gateway = route to 0.0.0.0 giving best home-computer network performance (mixing work and play works well)
My split-tunnel VPN doesn't set a default gateway, just a route to 10.x.x.x/x. I'm thinking of shenanigans to let my roommates VPN into the normal resident network and letting myself VPN into the management network via jump box, but that's not implemented yet. Shenanigans with Packetfence are planned for the break...
BUT smart?/paranoid-workplace setups choose NO split tunnel, and force home-user's (ISP-given) default route to either disappear? or become unused via route metric/preference adjustment? so that, either way "don't let the home worker's unsafe world anywhere to tunnel near/into work network".
I'm neither smart nor paranoid :p so I use split-tunnel.
So (now retired) I see endless TV ads for VPN's preaching the benefits of their secure VPN, and I don't get it, .... assume buyers/sheep are fooled. Real value = ? I may be blind, but lacking a VPN, my outside/web traffic is still https / encrypted, are they selling some enhanced default-gw world featuring bad-guys-blocked-from-hacking-you? I trust my home router, though I'm open minded to how "wide open" that might be, relative to some ideal.
Most commercial VPNs I've found have low quality. The one that I use when I want the benefits (different geolocation results, etc) is Mullvad, for a variety of reasons. Interested in other people's thoughts! -- cara