Hello comrades! In light of the fucked up state of the UK govt I’m looking at some VPN options to further harden my homelab.
Right now, I have zero VPN coverage for my seedbox/jellyfin server which of course means a major security hole, even if my ISP hasn’t shit over me for it yet.
I had a few questions about selfhosting a VPN versus a third party service.
-
How does a self hosted VPN actually do anything? I was under the impression that VPNs had to be off-site to give the benefits of, say, location spoofing.
-
Do I need to pay any subscriptions to other services for a self hosted VPN? At least in order to access features such as location spoofing.
-
We use Cloudflare WARP at work to access internal services. Will a LAN-VPN Fuck this up even if I explicitly avoid spoofing my location to ensure my IT guy doesnt shit a brick?
thanks cumrades!
Gotcha. I’ll make some notes on my options. Thank you!
For now it looks like the goal is:
Client (LAN) -> VPN (Router) -> VPS -> VPN -> WAN
Client(s) - > Your Router (hosting Wireguard VPN client -> Encrypted Wireguard Tunnel Over Internet - >VPS (Wireguard Server) -> Internet.
With pihole you mentioned before
Your DNS Queries (only DNS on udp port 53) -> Pihole on homelab (blocks/caches and forwards to encrypted dns, either port 443 or 853) -> Router -> DNS Sever listening on same 443/853 (Eg 1.1.1.1) whichever you set in settings of pihole