I need some direction with VPN

[CJC]

Hey,

 

I’ve been running an Unraid server for about 6 months now and I’m loving it. It’s just want I wanted and gives me loads of flexibility to be creative with all my home entertainment needs. I’m running a whole bunch of things from Home Assistant, Hyperion, Plex etc. the one thing I’ve been reading about lately is VPN. I have little interest is gaining access to my LAN remotely by VPN via Unraid (I have other solutions for that). My interest is linking my LAN to a remote VPN such as IPVanish or Express VPN. most info I’ve found on the internet points towards remote access to LAN. My question is could someone help me point me towards the right app to use and what keyword I’m obviously missing in my internet searches. I assume I can run an app that acts as a gateway to the remote VPN Server. For example, I want to run my Xbox from my LAN to the remote VPN server. I assume after I have an app correctly configured I can point the Xbox Gateway to the App IP to then use the configured VPN. I would also like to run certain Dockers via the same VPN server. 
 

Could anyone lend a helping hand, please?

 

Thanks in advance.

[CJC]

....for anyone else searching it looks like you need to host a VPN client such as Wireguard or Open VPN. Either VPN client has it's own protocol and that needs to be supported by the remote hosting VPN such at ExpressPVN or IPVanish. 

 

 

[TimTheSettler]

I'm definitely not an expert in this but a VPN is an encrypted tunnel that you set up between two machines.  Usually it's from one network to another network (LAN over WAN, like the internet, connecting to another LAN).  Typical uses back in the day were to connect your home computer to your work's network or for a work site to connect to another work site.  The benefit, if the routing is set up properly, is that each device appears to be connected directly to each other even though there might be a vast distance between the devices.  The secondary benefit (although it's become the primary now) is the encrypted communication between the devices.

 

Nowadays people use a VPN like IPVanish to hide their IP or to encrypt all traffic across the internet.  I personally don't bother with this for the following reasons:

• Encrypted connections are slower than normal connections and require extra processing on either end to encrypt and decrypt the the data.  A long time ago the processing needed to encrypt/decrypt was a problem but nowadays it's a moot point because processors are more powerful or encryption logic is added to the processor (https://en.wikipedia.org/wiki/AES_instruction_set).  But the connection is still technically slower because encrypted data is usually larger than the data you're intending to send and encrypted data does not compress well or at all (https://docs.actian.com/vectorhadoop/5.1/index.html#page/Security/How_to_Compute_the_Width_of_Encrypted_Data.htm) although this also tends to be a moot point nowadays.
• If I truly need an encrypted connection then I ensure that I'm using an SSL connection (HTTPS).  If you're connected to a web site using SSL and you're using VPN then you're double-encrypting your data (which is ok but unnecessary).
• The end-point of your VPN tunnel (IPVanish) decrypts your data and therefore knows what you're doing.  You need to ensure that they respect your privacy.  Some VPN companies will log your activity while others won't on purpose.  Note here too that your data is still going to the destination website as cleartext (unless using SSL) but it now appears that you're a member of the VPN's local network.  In other words your IP has changed.
• There's an extra hop to the VPN for all connections.  Instead of being connected directly to your destination you first go through the VPN provider's servers.

So what's the point of the Wireguard VPN that's integrated into unRAID?  The idea here is twofold, you can access your home network but also your home server becomes like the IPVanish server.  In other words, you connect to your home machine and all data sent there is encrypted and you appear to be a member of that local network.  Usually it ends here and the goal is to simply access your home LAN from a remote location (like the coffee shop) but with the added benefit that the connection is encrypted and secure.  The other benefit is that you can access your home devices, media, and data remotely so it appears that you're at home even though you're somewhere else (in another country perhaps).  Now your home VPN connection appears like the IPVanish connection.  The biggest drawback to using it this way is that all data traffic is going to your home network first and then out into the world.  This means that your home bandwidth is used a lot (lots of data being routed into and out of your home internet connection).

 

On 4/7/2023 at 3:41 AM, CJC said:

My interest is linking my LAN to a remote VPN such as IPVanish or Express VPN.

 

If you're trying to set up a VPN connection from the unRAID server to IPVanish (which is what you're trying to do) then you need to search for "IPVanish Linux client" (https://www.ipvanish.com/vpn-setup/linux/) and install the client on the server and then you need to set up the routing so that all connections go through there.  If it's done right then all data sent out from the unRAID server goes through IPVanish.  In this case the end server that you're connecting to will see you as a device on the IPVanish network.  So if the IPVanish server is in the US then it appears that you are also in the US.  Keep in mind that all connections will now go through this IPVanish server which means that you have an added hop to this server.

 

[TimTheSettler]

On 4/7/2023 at 3:41 AM, CJC said:

I want to run my Xbox from my LAN to the remote VPN server.

 

I'm assuming that the xbox is using DHCP to get an IP address from your internal network.  In this case the DHCP server is going to send back a gateway IP address which is usually the IP address of your router.  The xbox then sends all external traffic (outside of the local network) to the gateway.  In this case you need to set up the VPN connection on your gateway device (the router).  If the router supports the VPN service then you're laughing and you just need to set it up.  If the router does not support this then you can go through the unRAID server but now you need to tell the xbox that unRAID is your gateway and you need to set up the unRAID server to talk to the VPN service.

 

No one can really tell you the exact steps because no one is privy to the exact setup that someone might have at home.  The best you can do is to understand the basics here and then use the many, many guides that exist out on the internet to figure out how to make it all work for you.

Edited April 26, 2023 by TimTheSettler
Spelling mistake.

[CJC]

Thanks TimTheSettler for all this info.

 

You have done a great job explaining it. I’ll be working on creating a VPN Gateway via the server for any device on my network, I’ll configure the appropriate static IP address/settings for those specific devices. I’ll also work on routing specific docker containers on the Unraid server to the VPN client on the same server. I have a good basic understanding of networks so that bit isn’t too daunting to me. It’s putting my knowledge to practical use that can be a bit tricky.

 

Thanks again.

Edited April 23, 2023 by CJC