I’ve had my server up and running, but have not really done anything with it because I have been unable to figure out how to connect through Proton VPN.
I do not have my VPN running through my router, I just connect each device individually. I have been unable to figure out how to connect my server through VPN.
My questions are:
Do I even need to worry about running my server traffic through a VPN?
If the answer is no, could you explain why this isn’t necessary?
If the answer is yes, could you explain how I can accomplish this?
Sorry if this is extremely basic. I’m definitely in over my head, but I did not find anything in the forum that answered these questions. I would like to run my server with a strong focus on privacy and security, and any information or relevant sources you could give me to reference would be greatly appreciated.
You need to be on the same network as your server if you want to be able to connect to it locally. To connect via VPN means by very definition to connect to a different network.
Your server has incoming traffic and outgoing traffic. In StartOS v0351, incoming traffic is via Tor. Outgoing depends on each service and how you configure it but is either Tor or your router. If you want outgoing traffic to pass through a VPN, you’ll need to set up a VPN on your router.
Do I even need to worry about running my server traffic through a VPN?
If the answer is no, could you explain why this isn’t necessary? If the answer is yes, could you explain how I can accomplish this?
This is a question I would ask you. Only you know what you are doing with your server and why.
With StartOS v040 there are more options available to you, including a proxy VPS server connected to via VPN. This is something that people have requested because they want to avoid Tor and be accessible on clearnet, but also not have their home IP address public. Also on v040 is the ability to forward ports from your router to your server for clearnet, which is better in many ways than the VPS proxy but assumes that no strangers will ever need to reach your server.
Thanks for the reply. I am running Start9 v0.3.5-1, which my sever says is the latest version, so I’m not sure I even have the option to run v040.
As for my question #1. I don’t plan to be holding any nuclear codes or matters of national security on this server, but I would like to have excellent privacy for my family’s data. Safe from the prying eyes of whomever might want to snoop.
If I were to run a bitcoin node and chose either Core v30 or Knots, would the encrypted P2P connections be enough to ensure excellent privacy & security, or would it be beneficial to connect my router to the VPN and channel traffic through there?
I hesitate to connect the VPN via router because some websites (like bank accounts for instance) will not allow connection through VPN. Unless there’s an easy work around for this.
My hope would be that your router isn’t currently set up in such as way that random members of the public can freely browse your network and the computers you have on it. That would be bad!
Some might say, that if you have a standard ISP router, this is what you might have as far as access by them is concerned. But adding a VPN in some manner is not going to prevent anything at all, since they are already in your home at that point.
VPNs offer little to no privacy or protection for anything… they are simply you connected to another network. The one caveat is that it makes people think your traffic is coming from Point B instead of Point A. Is this a good thing? It might be if you’d really like people to think you are located in another geographical location – this might make sense if you’re running a server. This is what people mean when they say they don’t want to “expose their IP address”.
If you don’t want to expose your IP address on Bitcoin, you can check the box under Config to make it Tor only, or you can run a VPN on your router and pass your server traffic through that.
You mention privacy several times. Who are you looking for “excellent privacy” from?
If your router is any good, you can route traffic through a VPN on a device by device basis.
No, my router is split into separate logins for guests and residents, each with their own passwords.
If by standard ISP router, you mean the modem/router combo that the ISP typically provides, then the answer is no. I have my own modem, and a separate mesh router that I use.
When you say “Config” here, are you referring to server, node, or router configuration options?
I’m sure you are aware there are many prying eyes; collecting data, and running scams, orchestrating wrench attacks, etc. AI will likely only improve people’s ability to exploit insecure connections. I just want to make sure I’m not doing something stupid that can easily be exploited by somebody and put my family and/or data at risk.
As you said before, my computer needs to be on the same network as my server, so I would have to route my computer and server through the same VPN location, correct? Or would I just have to connect via the “On The Go Access” option through TOR browser?
I appreciate you taking the time to answer these questions. If there’s any source material you could recommend to help improve my understanding of these things, I would welcome the suggestions.
Also I just figured out that my router does not support OpenVPN or Wireguard, so I would apparently either have to buy a new compatible router, flash 3rd party firmware onto it, or use a Raspberry Pi or some other old computing device to act as a VPN compatible device behind my router, based on what I have read.
