Hi I posted this on /r vpn but this might be a better place since it’s there is more hardware discussion.
I am totally new so will likely say something dumb.
I would like to have 2 levels of IP masking for a ‘belt and suspenders’ approach so for example if my regular desktop vpn app crashes my IP doesn’t get exposed.
What I have is a router that’s not owned by me with a lan cable running to my pc.
A computer store worker recommended putting a layer 2 switch between the router and my pc and installing a vpn on that. He showed me one for 350$ acknowledging it’s overkill since it’s meant for an business set up and said I can find one cheaper online.
Does this make sense to do? Can someone recommend a switch with a few ports that will allow me to do this?
Thank you.
I’m going to say none since that is not what a switch does. Also, what that employee likely showed you was a router that has VPN functionality.
Who ever told you this is an idiot. All switches are layer 2.
Switching does not handle VPN connections.
Sounds like they just wanted to sell you an expensive switch.
If you really want to go this route you would need a router that supports VPN connections in addition to your desktop VPN.
example if my regular desktop vpn app crashes my IP doesn’t get exposed.
Do realize, all good VPN clients have a kill switch, so if they loose connection nothing is exposed.
I’m going to say the unpopular part…
VPNs do not prevent your ISP provided public IP address from being exposed. The VPN provider sees you ISP provided public IP address and may even record it along with authentication information, date, and time. Just because you use a VPN to “mask” your ISP provided public IP address from websites you are visiting doesn’t mean it’s hidden from everyone.
Also, your ISP more than likely logs your MAC address and public IP address that was used to connect to a given VPN provider.
These logs can be subpoenaed via warrants in some jurisdictions.
Does this make sense to do? Can someone recommend a switch with a few ports that will allow me to do this?
You need a router…
What VPN service are you using? How are you at troubleshooting (especially when shit breaks).
Without knowing more about you, and the way your question is worded, I strongly suggest you just get a VPN appliance/router supported by your chosen VPN company and just use that.
I run with a Vilfo router at home.
You can have several different VPN connections and have different devices on different VPN connections. Its a bit pricey but definately worth it IMO.
I can max out my 250/250 MBit internet connection with OpenVPN connection on the network. (Vilfo is getting Wireguard support in the next update).
https://www.vilfo.com/en
Who ever told you this is an idiot. All switches are layer 2.
Laughs in L3
@OP
Although, that is correct that switches don’t support VPNs.
This is in reference to a switch acting as a client/server, they of course transfer the VPN data from your PC/router/firewall to the server side.
The guy is a most probably idiot who wanted to upsell you something that he doesn’t know anything about. Or, you didn’t pay attention when he was explaining:)
Got thanks. Would buying a hardware firewall be a good alternative? I don’t have access to my current router since it’s handled by the landlord.
All good VPNs * (designed for consumer ‘privacy’)
VPNs were not originally designed to protect you from Comcast seeing your DNS traffic .
That’s fair I am not doing anything illegal that would involve that level of enforcement. I remind me of a great little article I read by a security prof that basically boiled down to ‘if mossad wants to get you they will.’
Going by VPN’s reputation (whatever that means in actuality) is the best we can do and hope for in terms of regular use.
Although, that is correct that switches don’t support VPNs.
Laughs in Fedora and kvm virtualization support on Arista EOS.
But yeah even though it’s possible missing cpu extensions, poor cpu net throughput, and poor cpu performance make it pointless.
This would be the way to go.
If I were you I’d
- take the landlord’s connection and plug it into the WAN of the firewall
- enable whichever VPN service you want to use
- plug LAN devices into the LAN ports (or use a switch for this purpose)
- profit
This double VPNing might give you more headache than you actually want to/can handle
Going by VPN’s reputation (whatever that means in actuality) is the best we can do and hope for in terms of regular use.
Why? What’s the end goal? The VPN providers you are referring to are selling security snake oil and allow for spoofing of geo location info. How is this “the best we can do”?
VPNs were originally used to create secure communications across the Internet for remote access to a company’s network. Prior to VPNs, one had to pay for private leased lines or use dial-up.
Thank you. Would you have a firewall recommendation?
The end goal is to quickly hide your ip. I don’t know what about this is snake oil. Especially since most of them are very cheap and some even allow you to subscribe anonymously.
What is your alternative?
Well, this being a r/homelab I’d have to say Pfsense, otherwise there will be rage of gods of FOSS
Did you read the parts where I explained how your IP addresses are still logged along with dates and times? Learn a few things about how networking and VPNs work from a technical standpoint and ignore the marketing wank.
Alternative to what? You really can’t hide your activity online. Start with that understanding and ask yourself why you even want to try. Hackers (both “script kiddies” and “professionals”) get caught eventually because their IP addresses are always traced back to a certain place and a certain time. It takes time to unravel the path, but it’s almost always possible.
Nah man. Switch to OPNsense. Pfsense isn’t very friendly to wireguard.
I am not trying to argue with you. ISPs have access to your information. I get that. If the government wants to track you down they will. There are a lot of other situations where private parties that don’t have access (and will not have access to ISP records) to you if you use a VPN. They will if you don’t. I am choosing a 5/10 privacy here understanding it’s limitations.