If you use your own VPN to home then you can access everything on your home network without setting up port forwarding, if you have stuff like that. I used to but not these days.

You could also have the PI run a VPN client and connect to a privacy-promising VPN service, effectively ‘bouncing’ off home.

Not sure if that is even technically possible without pain, or why you wouldn’t connect directly to the privacy-promising VPN.

This has some possible use for using streaming devices when traveling abroad.

On a recent trip I tried using IPvanish with a FireTV stick and Amazon detected the VPN, most likely from a blacklisted set of IP addresses.

Using your own home IP should hopefully prevent that from happening.

Some streaming devices. My IP TV service doesn't work through a VPN back to my home. It acquires location information from GPS (or other location sources), not the IP address. I had wanted to watch something from my home town broadcast channel while visiting family in another state. Turns out that wasn't possible.

Wait, someone bothered to put GPS checking? Awful, that's absolutely not required to license a channel, AFAIK only regular IP-based checks are enforced by channel networks to the distributing ISPs.

Was this on a smart phone / tablet or TV/STB? I used a similar thing to let my parents watch TV from my account -- https://news.ycombinator.com/item?id=22052333

I'm not sure why an ISP would limit the physical location, and also how would that work if they have users in another state?

I've heard about WISPs putting GPS locks on their CPE devices, but that's pretty useless too, they're setup to connect to one tower only, if you move it, it won't see the tower and won't connect to anything, so ... ??

This was using my phone and (I think) my laptop.

The specific about it are that I was trying to watch content on a broadcast channel. It was probably a local sports game. But, I was in a different city with a different affiliate. So, the geographic region does actually play into the licensing for these channels. I could otherwise watch whatever (and the local affiliate for the city I was in), but regardless of what my IP address was, I couldn’t watch the affiliate for my city.

It makes sense, but I’m not sure I was expecting the TV provider to be that detailed.

In the U.K. this is done by BT for users of their sport app, so the channels can only be streamed in the U.K. I think this was a requirement of the rights holder (the sports bodies).

Yes, sports are a different thing altogether, the rights holders have draconian rules because piracy is so widespread.

Ironically, a TV show that my ISP's content division made, which is free for it's users, was the most downloaded torrent (in Serbia) in the second half of 2019. I did an analysis of the IPs of everyone who downloaded it, a significant percentage (~20%) were from that ISP.

Basically, people risk fines and warning letters by pirating a TV show that is free for them (cable ISP that doesn't sell Internet without TV, any and all TV packages come with a smart phone app and website where you can watch your channels + a free VOD catalog) because the restrictions on device type, bootloader integrity, IP address are so draconian.

The ISP, of course, looses in the end, because it's users were also uploading the TV show to other torrent clients of non-users, which is lost potential revenue.

If it is android then in developer options there's option to spoof location system wide without root user.

How does the TV get a GPS signal indoors?

I set up a VPN after installing pihole on my rpi, so that I could get the benefits away from home as well.

For port forwarding, I just SSH into my Raspberry Pi and then tunnel through that. Are there any benefits to using a VPN instead, other than not having to configure individual ports to forward? The only one I ever find myself using is VNC.

The only meaningful difference is probably ease. You setup a VPN once but you have to handle SSH every time you want to connect.

Phones all have VPN settings these days, whereas the SSH tunnel would be harder to accomplish.

Remote troubleshooting machines on your home network.. esp if you have parents/family who aren't tech savvy...

I did this for my parents. I got a RasPi 3 and a 3G modem, and setup remote management so I can check modem parameters remotely, even if the Internet is completely dead (using the 3G modem as an out of band connection).

I setup a VPN client on the 3G interface since there's no public IP address, and I connect to it from my own home network as a local IP address (which can't actually access my network due to explicit firewall rules I setup).

This way I can reboot the modem remotely even if the Internet is dead, and I also setup the Pi to reboot itself every night at 3am, in case something goes wrong and the VPN client crashes.

Hi Milan, would you be able to share more about how you setup the VPN client on the 3G interface?

Yes, since it's a "modern" modem, it appears as a RNDIS ethernet interface. My VPN server's IP is constant, so I just set a default route to my VPN server's IP over 192.168.8.1 which is default Huawei mobile broadband gateway IP.

If you trust your home network / ISP / Government more than you trust the Starbucks (or any public) network, you get to at least transfer your risk.

But you also don't get much more than that for using a paid-VPN, you just transfer the risk of being snooped on to their network/ISP as opposed to your own. Same with running a node on AWS/Digital Ocean.

VPNs do not make you anonymous. A shared VPN might give you some plausible deniability but it's hard to trust that your specific traffic isn't being logged.

> VPNs do not make you anonymous. A shared VPN might give you some plausible deniability but it's hard to trust that your specific traffic isn't being logged.

That's true. But unfortunately, a lot of product placements on YouTube suggest exactly that. The claims of companies like NordVPN are highly misleading if not simply wrong. But especially on non-tech related channels, the audience is unlikely to know how VPNs work and what they do.

> the audience is unlikely to know how VPNs work and what they do.

How many people really understand the difference between a VPN and a proxy server? Even among the tech literate.

> A shared VPN might give you some plausible deniability

It might, but it's very feasible to correlate encrypted VPN traffic to outgoing traffic with netflow logs, which the underlying network operator is almost certainly storing.

Prevents snooping by your mobile provider and on public networks. If you self-host other services, access to those services without opening them up to the wider internet. Access to "personal cloud" storage.

Possibly, depending on your use-case.

I have a VPN, which is there to tie everything onto one network, regardless of what "real" network its attached to.

This means that if I'm out and about I can still push and pull to my local gitserver, or access the home control systems.

I have it on my phone as well, so I can control localnetwork things even if I'm on 4G

But unless you have machines running on different networks, or you want to access internal things from outside your home, running a VPN may be mostly pointless(save for the fun learning).

Can you elaborate on how to access your home VPN network from phone and laptop?

I imagine connecting to your home network when on public wifi might be a valid use case, but I haven't investigated how to achieve this effectively.

I did this with an RPI. Setup openVPN server on pi, forward port 1194 to your pi. Run client on phone/laptop to $homeip:1194.

My hope IP almost never changes, fortunately. Otherwise you would have to do some sort of dynamic DNS.

This is a very good starting point.

Digitalocean's DNS is free, so you can, at a push create a script to do dynamic DNS, should other systems fail you.

For me, I have a dedicated VPN node, Which depending on what I'm doing is either hosted on a VPS, or a physical box. (depending if I can find somewhere with decent network) that is called something like vpn.mydomain.com

All other nodes are connected to that. I then use Anisble to manage the keys, DNS and installing of packages. This makes things nice and dynamic, and simple to re-create/backup/redeploy.

However, I should add, I'm an SRE by profession, so this is 85% more work than most people would want or need.

Well, for one, if you have any intranet services that you want to access from outside of the network, but aren't sure in their bulletproof security, it's better to firewall everything other than one port on one device for the VPN, and connect via the VPN to access intranet services.

Second, some ISPs offer TV service on mobile devices and even set top boxes, but only inside your LAN on your assigned IP address. My ISP offers up to 3 TV STB devices (that run Android TV) per contract for free (mandated by law, because I can't buy my own STB and get a smart card!), but they only work on my LAN.

Since I live away from my parents, I wanted to have TV in their house without paying twice (that same ISP is not available at my parents' house at all, anyway)

My solution was to install OpenVPN Connect on the set top box, set it to auto start on boot, and to auto connect to my VPN.

From the TV app's point of view, I'm in my LAN, and it can talk to my modem on it's fake "virtual" IP address, and also reach the ISP's servers with proper authorization (they authorize users based on the IP address that was assigned to that user, which is stupid if you share your WiFi without having VPN on the guest SSID, but whatever).

My cable provider lets you watch all the channels over the internet... but only on your home network. This would allow that to work remotely.

Also, services like NBA League pass black out the games for your local teams, based on your IP address. One time I was visiting the in-laws, who happened to be in the market for the game I wanted to watch. VPN to home let me stream the game.

I have a rp2 as a home server and VPN.

I connect to it from work to access files.

Mainly, my family all use the VPN on our mobiles with openVPN. From my mobiles we can stream and/or download our music and movies from the rp2 server using Kodi+Yatse with trivial set up. It's like having your own Netflix+spotify for your own digital collection.

You can access your own files when you're away. But, personally, that's the only reason I run a VPN on my own network. I use a VPN service when I want a foreign IP or when I'm sitting in a coffee shop.

I don't have a use for a "virtual private network" that just connects me to the public internet. My primary use case is to connect to stuff on my home network (or my work network).

I use my VPN to access devices in my home whose manufacturers want me to pay a monthly fee for remote (or commonly, delayed cloud) access.

A VPN to connect to when using untrusted Wi-Fi networks, without having to pay for it