Should I host my own VPN?
It depends on why you're using a VPN. First, let's go over some options you have. Don't worry, if you don't know what a VPN is, you're still in the right place.
There are pros and cons to all of these options, and your specific situation and reason for using a VPN will determine which is the best for you. Before we go over the pros and cons, let's go over what the data transport looks like for each.
We're going to focus on consumer-level VPN's today. VPN's have a wide range of utility, but most people are just looking to hide their traffic on the internet.
If you've ever looked up "what is a VPN?", you've probably already seen various explanations and diagrams referring to your Internet Service Provider (ISP) and the internet. What they don't really explain is that your VPN server also has an ISP, and their ISP can see your unencrypted traffic. Here's a diagram of you connecting to your VPN service's server:
(for all diagrams below, black arrows = encrypted, blue arrows = unencrypted)
As you can see, your traffic leaves your computer encrypted and passes through your ISP and the VPN server's ISP before it reaches the VPN server. Here's what it looks like when you browse the internet on a VPN:
When you browse the internet, only the connection between your client and the VPN server is encrypted. When it reaches the VPN server, the VPN server decrypts the data and sends it out to its destination unencrypted. This means the VPN server's ISP can see your unencrypted data before it forwards it to its final destination.
However, the benefit here is that the VPN server's ISP can only see that the traffic is coming from the VPN server; your IP is not tied to the traffic when the VPN forwards it out. Furthermore, because there are likely many clients connected to this VPN server, it will be unable to correlate the encrypted traffic incoming to the VPN server with the unencrypted traffic outgoing from the VPN server (not that they typically try to). The only party that can correlate this is the VPN server itself, which is why many VPN services advertise "no-logging" policies to ensure privacy.
But that still means you need to trust a third party VPN service to maintain it's "no-logging" policy and keep their servers secure. What if you want to do it yourself? Or what if you don't want to pay them $10 a month?
Many people setup VPN servers at home not understanding that this will not hide your traffic in the way that is typically understood. Here's what it looks like to connect:
In this scenario, you will connect to your VPN server at public IP 66.00.00.66. Your traffic will be encrypted locally by your client and sent to your ISP, which will then realize it owns this IP and send it to 66.00.00.66 (which is effectively just sending it back to you).
Here's what it looks like when you browse the internet:
You can see here that your VPN server will receive your traffic, unencrypt it, and forward it on to your ISP then out into the world. Same thing as the VPN service, but in this scenario, your VPN server's ISP is your own ISP, so you won't be able to conceal your traffic from your ISP. So then what's the point?
The point is that VPN's are useful for many things, even outside of watching French Netflix or circumventing the Great Firewall of China. This configuration is the best configuration to securely remote into your home network from elsewhere. Look at it this way:
In this scenario, you're at your Mom's house a few states over and you want to access some files from your home network. You can connect to your VPN over a secure tunnel and login to your home network. This way, no malicious hackers can intercept your data or try to hijack your connection while you're logging in remotely.
Still don't like the idea of trusting a third party with your internet traffic? Maybe a Virtual Private Server (VPS) is the right option for you. Here's what it looks like:
Does this look familiar? The traffic flow is exactly like the VPN service. The only difference is that you, the owner of the VPS, will be directly tied to the traffic that your VPN server forwards out. Still, YouTube.com will only see that the traffic came from 88.00.00.88, which they will see belongs to the cloud hosting provider in whatever location you chose to setup your server in. Here's an example:
Your Location: New York City, New York, USA
VPS Location: Seoul, South Korea
VPS Hosting Provider: Vultr
If you are watching YouTube videos from NYC through your VPN server hosted in Seoul, YouTube will only see that the traffic is coming from an IP assigned to Vultr in Seoul (and your ads will probably be in Korean). How hard is it to associate your VPN server's IP to you? That's easy for Vultr, but nearly impossible for anyone else. Now, Vultr probably won't be giving out your information to everyone that asks-- that's just bad business-- but if you're actually up to something the government is taking interest in, they might comply.
Ok, so now you understand how the VPN server's ISP comes into play, but there's one more thing. The last node that the diagrams above are missing is the DNS server. This is something you should be cognizant of when you host your own VPN server (either at home or on a VPS). DNS is innately unsecured and unencrypted, and this is the "last mile" if your VPN.
Many VPN services host their own DNS servers, either locally or within their encrypted network, so unencrypted DNS traffic is not a concern. This is an option for you as well, but you could also simply encrypt your VPN server's DNS traffic. Check out my tutorial for DNSCrypt-Proxy2 for a light-weight option.
Here's a summary of the pros and cons:
As you can see, the VPN service is probably going to be the best fit for most people. However, if you still want to host your own VPN server, check out my tutorial here! Personally, I have a few VPN servers run on VPS's just for fun.
This is not an exhaustive list of the ways you can use a VPN. VPN's are versatile and fantastic for many things, and VPN's are the foundation of all my secure IoT projects. Check back soon for a DIY tutorial of a SECURE home security camera system!