also if I run a VPN as a container/VM on my server, will it route all network activities through VPN? like from my PC? will it be something I can select whether to use on my PC? I need the basics for info here. all the sites out there are great at explaining the more complicated stuff. but these simple questions, not so much.
Number one question…. What are you looking to accomplish by using a VPN?
My own use-case is the ability to “phone home” to access network resources while I’m out and about. The most dummy proof (self tested!) VPN setup I’ve used is called PiVPN. It’s originally designed for the Raspberry Pi but works on many other Linux systems as well. You could also run a VPN in a container but I think starting with the simplest solution to get your feet wet would be best.
Think of a VPN/proxy like a pipe, it can send traffic from one location to another location. Normal traffic won’t go over the pipe, it needs to be pushed through. Either an application can support the protocol directly (like a SOCKS5 proxy), or the computer can be setup to route traffic through a virtual network interface over the VPN (most modern VPNs do this).
You can also talk about a network level VPN (commonly called site-to-site VPN). This allows your router to route certain IP ranges over a VPN transparently to the clients. Normally host-based VPNs can be far smarter than this, but it works well for businesses with multiple sites.
But a VPN being a pipe you need another end to send traffic to. If you use one of those online “privacy” VPNs you’re just sending internet traffic to another place on the internet, to get sent back to the internet - useless for most internet traffic. You want to be very clear what you want to achieve and why.
TECHNICALLY yes but no not really because I doubt you’ll want to be changing IP routing tables across your network and definitely not worth the hassle. Plus if the server is on the same network as your desktop then it would just be adding useless overhead. Unless by “run a VPN as a container/VM” you meant “run a VPN client that connects to some random vpn company somewhere” in which case it goes back to my first answer still.
The sane way to do what you want is configure a VPN client that you can toggle on/off as-needed on your various devices (or set up a split tunnel VPN so only the traffic you want goes through the VPN).
The reason no one talked about it is because depending on how you take what you just asked it either serves no purpose, is obvious it won’t work that way, or requires so much effort to make work that way that it makes no sense.
also if I run a VPN as a container/VM on my server, will it route all network activities through VPN? like from my PC?
On the VPN router you setup Iptables to NAT the traffic it receives on the LAN to it’s VPN interface. By forcing NAT through the VPN, if the VPN is down, your client traffic won’t go anywhere, it’ll just be down. No leaks.
will it be something I can select whether to use on my PC?
In order for your PC to use the VPN server, you need to set it’s Default Gateway to the LAN IP address of the VPN server. Additionally you should change the DNS servers to ones provided by the VPN provider.
Well, they don’t explain them, because they are obvious. Yes, you can use it. Try a simpler solution to start with, if it’s hard to figure out the basics, install Vpnhouse and that’s it)
Look into Tailscale, it probably would work for what it sounds like you want to do. Its pretty user friendly to get set up too, although you need to make an account. Free tier is probably plenty for home use however.
You can turn it on and off on each system with the applications you install it on.
If you want to have all your traffic routed through your home network, check out exit nodes: https://tailscale.com/kb/1103/exit-nodes/
Basically if you enable an exit node on a system on your home network, then connect to the exit node on any other device - all traffic go through that exit node system. I.e. if you use the mobile app on your phone select the exit node of a server at home, your basically have a wireguard vpn and all internet traffic will appear as though it is on your home network.
Another thing to look at is the subnet router which lets you access other LAN devices on your home network (one subnet on the free tier). https://tailscale.com/kb/1019/subnets/. E.g. I can access my home router and an older NAS which doesnt support tailscale app.
I’ve got a bit of a screwy home internet connection (CGNAT) which means I cant do anything that requires a dedicated external IP address or requires port forwarding - but Tailscale handles that which is awesome.
An alternative if you want to look at one is Zerotier. I havent used it but hear equally good things.
That’s basically what I’m looking to do. But if I have a vpn up and running for that could I use it for other stuff too?
Om that makes more sense. So yes the important part is reaching my server from outside my LAN. Now that you explain it. The kind of VPN on a server like this vs the kind u use to “torrent” stuff is completely different lol. Thanks
You’d want a separate server/container running a network wide (your LAN). This would be to connect clients through the local VPN server to the VPN provider.
You can try tailscale VPN for reaching to your server from outside home network.
Sort of. They’re the same, just one is a server, and one is a client.