PiVPN Server question?

[harveylong26]

I had an old Pi 2 laying around so I turned it into a personal VPN server for me and a couple friends to use. I know it works on a basis where traffic is encrypted however it's only encrypted outside of your local network. I was just wondering if anyones found a way to encrypt your local traffic as well as unblocking certain sites like P2P sharing sites or just sites which arent allowed in my country.

 

I setup the server using this tool. Pretty handy really + easy setup. 

[KuJoe]

7 minutes ago, harveylong26 said:

I was just wondering if anyones found a way to encrypt your local traffic

As in the traffic between your PC and your router? It's possible but why would you want to do that exactly? You'd be better off setting up a VLAN at that point if you want better security since a VPN isn't bulletproof and will just add latency even over just one hop (not to mention your connection would be limited to 100Mbps on the LAN since the RPi only has a 100Mbps port).

[harveylong26]

2 minutes ago, KuJoe said:

As in the traffic between your PC and your router? It's possible but why would you want to do that exactly? You'd be better off setting up a VLAN at that point if you want better security since a VPN isn't bulletproof and will just add latency even over just one hop (not to mention your connection would be limited to 100Mbps on the LAN since the RPi only has a 100Mbps port).

I wouldn't mind about being limited to 100mbps because that is my current internet speed.

How would I go about setting up a VLAN? 

[KuJoe]

Just now, harveylong26 said:

I wouldn't mind about being limited to 100mbps because that is my current internet speed.

How would I go about setting up a VLAN? 

You'd need a managed switch that supports VLANs. If you can explain why you need to encrypt the traffic on the LAN I might be able to offer a better suggestion though. As it stands right now there's no real reason to use a VPN internally unless you have multiple networks on different VLANs already.

[harveylong26]

1 minute ago, KuJoe said:

You'd need a managed switch that supports VLANs. If you can explain why you need to encrypt the traffic on the LAN I might be able to offer a better suggestion though. As it stands right now there's no real reason to use a VPN internally unless you have multiple networks on different VLANs already.

Well, the only real reason would be to hide my traffic from my ISP. Sorry, from the way I've explained is a bit stupid.

 

Like if I'm just connected to my router, on the internet I want my traffic to be hidden/encrypted so that my ISP can't see what I'm doing.

I setup a VPN using the Pi thinking it would mask/change my IP from my computer but it doesn't, its the same public IP as if I was just connected normally. So, I'd like to be able to have a different public IP when connected to the internet from within my home.  

From my understanding, this VPN server I have setup doesn't encrypt traffic when I'm connected to it on my local network, so when I am online my traffic is still visible but however when I am out and about and I log in to a Free WiFi Hotspot and connect to my VPN my traffic becomes encrypted.

[KuJoe]

You can't do that with an internal device. You will need a VPN outside of your ISP's network and connect to that so all traffic between your device and the VPN server is encrypted. Now if you setup the RPi at your house and connect to it from outside of your house (like at a public hotspot) then your traffic will be encrypted between the public hotspot and your RPi but it won't be encrypted once you go over your ISP if that makes sense.

 

Say you connect to your Raspberry Pi from a public hotspot and then visit Google.com, here's how the traffic will look:

 

Public Hotspot -----ENCRYPTED----> Your Router -----ENCRYPTED----> Raspberry Pi -----UNENCRYPTED----> Your Router -----UNENCRYPTED----> Google.com

 

So the traffic will only be encrypted between your device and the VPN server (RPi), so your ISP would be able to see your traffic on one side of your connection technically. You will need an external VPN server not hosted within your ISP to completely encrypt any traffic that passes through your ISP.

[harveylong26]

6 minutes ago, KuJoe said:

You can't do that with an internal device. You will need a VPN outside of your ISP's network and connect to that so all traffic between your device and the VPN server is encrypted. Now if you setup the RPi at your house and connect to it from outside of your house (like at a public hotspot) then your traffic will be encrypted between the public hotspot and your RPi but it won't be encrypted once you go over your ISP if that makes sense.

 

Say you connect to your Raspberry Pi from a public hotspot and then visit Google.com, here's how the traffic will look:

 

Public Hotspot -----ENCRYPTED----> Your Router -----ENCRYPTED----> Raspberry Pi -----UNENCRYPTED----> Your Router -----UNENCRYPTED----> Google.com

 

So the traffic will only be encrypted between your device and the VPN server (RPi), so your ISP would be able to see your traffic on one side of your connection technically. You will need an external VPN server not hosted within your ISP to completely encrypt any traffic that passes through your ISP.

Yeah that makes sense, glad you sussed that out for me 

So would it be worth getting a cheap and cheerful VPN service? I used to use IntroVPN because they were pretty cheap, and if that's my only option then I don't mind paying for it again.

[lieder1987]

5 minutes ago, harveylong26 said:

Yeah that makes sense, glad you sussed that out for me 

So would it be worth getting a cheap and cheerful VPN service? I used to use IntroVPN because they were pretty cheap, and if that's my only option then I don't mind paying for it again.

Cheap is not always good. Remember that the cheaper the VPN is the more likely they could be doing something you dont want. You want a VPN that has ZERO logging and multiple servers spread out around the world. I highly recommend Private Internet Access and I know a good amount of people

[harveylong26]

Just now, lieder1987 said:

Cheap is not always good. Remember that the cheaper the VPN is the more likely they could be doing something you dont want. You want a VPN that has ZERO logging and multiple servers spread out around the world. I highly recommend Private Internet Access and I know a good amount of people

I've used PIA before, they kept limiting my bandwidth and I'd only get 10mbps tops on any server. It sucks because I would've stayed with them otherwise.