Hi, I have a raspberry pi 4, which I’m using to play around with to start my self hosting journey. So far I have pihole running in docker.
Next, I want to be able to access my pihole dashboard online. I’ve done some research and I’ve found that Wireguard can be used as a VPN to access my pihole via the internet.
That’s great, but it has left me confused. It is my understanding that a VPN is used to encrypt traffic leaving your network, to essentially “hide” or “anonymise” your traffic. It sounds like Wireguard is more focussed on traffic coming into the network than leaving the network.
Is my thinking correct? Is the term VPN conflated or am I misunderstanding?
I would like to also run a VPN (as I understand it) to anonymise traffic leaving my network too, maybe Wireguard can do both?!
Is the term VPN conflated or am I misunderstanding?
God yes.
These stupid “VPN” companies have ruined the word.
Before those companies got involved in the PROXY business, VPN was mostly a business term aimed at professionals configuring tunnels between sites to run business. These companies have muddied the name and made it confusing.
A VPN is literally just a virtual private network. It has nothing to do with anonymity or privacy regarding your browsing habits.
It’s a way to connect multiple networks together and maintain a secure encrypted connection between the networks so that prying eyes can’t see the traffic flowing between them.
So running a VPN at home allows you to connect back to your home network to access your resources there. If you do a full tunnel (all internet goes through that connection) then all your traffic while remote, appears to come from your own home.
If you want to connect to one of those PROXY services, you will need to manage that at the router level and push your outbound traffic through it.
From a single host POV a VPN is a secure link to another network, depending on your goal the topology may be different. Point to point, road warrior, etc.
If your home router has port forwarding you can expose the VPN port and connect from outside, that’s roughly a road warrior topology.
If your ISP doesn’t let you expose the port then you can do another trick, connect from within your network to a server on the internet and use it as a central hub.
There’s also a service called Tailscale, which I believe allows you to get away without that central hub (because they’re the central hub?) but I never tried it TBH.
But yes, the commercial meaning of VPN is just a glorified proxy service like the other comment says.
So, a VPN like Wireguard can sit internally between my router and the rest of the network to pass incoming traffic into my local network.
Yep.
Whereas a proxy sits externally between my router and the Internet. All traffic leaving my router to the Internet goes through the proxy.
Kind of. You’re still going across the internet to get to the proxy. The “VPN” portion of that proxy is connecting you to their servers to funnel all your traffic through the encrypted tunnel and exits the other side and hits the rest of the internet.
Please understand that those “VPNs” are not as private or secret as you think. All you’re doing is shifting your trust from your ISP to the VPN provider. Which do you really trust more?