I’m using CloudFlare to hide my home IP and to reduce traffic from clankers. However, I’m using the free tier, so how am I the product? What am I sacrificing? Is there another way to do the above without selling my digital soul?
I’m using CloudFlare to hide my home IP and to reduce traffic from clankers. However, I’m using the free tier, so how am I the product? What am I sacrificing? Is there another way to do the above without selling my digital soul?
I have the same setup but using frp which stands for fast reverse proxy.
The term VPN is pure marketing bs. What is called VPN today used to be called Proxy Server.
I’ve also heard good things about using Pangolin for the same setup.
Good luck I’m behind nine proxies!
VPN and proxy server refer to different things. There’s lots of marketing BS around VPNs but that doesn’t make the term itself BS, they’re different and it’s relevant when you’re talking about networking.
I think thats up to debate.
Wikipedia says:
So my argument is, if it is not used for private communication between multiple clients, it’s not really a VPN.
Lets say, we both connect to the same Proton VPN server - our computers would not see each other and would not be able to connect to each other via that service. It has effectively the same function as a proxy - making your public internet traffic appear to come from the IP of the proxy server instead of your home IP.
Whereas if you set one up yourself with openVPN for example, we could make it so that we both get a VPN internal IP that we could use to directly connect and idk, play minecraft or something. Instead of connecting through the public internet, we would connect through a virtual network that is private for the two of us.
“It has effectively the same function as a proxy” isn’t the same thing as “it’s not actually a VPN”.
One could argue you’re not really using the tech to its fullest advantage, but the underlying tech is still a VPN. It’s just a VPN that’s being used as a proxy. You’re still using the same VPN protocols that could be used in production for conventional site-to-site or host-to-network VPN configurations.
Regardless, you’re the one who brought up commercial VPNs; when using OpenVPN to create a tunnel between a VPS and home server(s), it seems like it’s being used exactly to “create private communication between multiple clients”. Even by your definition that should be a VPN, right?
You’re correct.
Most people only search for “VPN” because thats the term that got marketed for decades.
But the problem can be solved by using a proxy as well.
The intent of my comment was just to point to a second term - “proxy” - that can be used to find more valid, alternative solutions to the problem of making your homelab hosted services publicly available. And I think you agree with me, that proxy is the term closer to the usecase, even though we both correctly state that a VPN can be used as a proxy.
To make a bad analogy (it’s the first thing that came to mind): It’s like people buying a wok, even though they really just need a pan. And so they only search for wok, because every company says wok all the time, even though they will never use the wok as a wok, but just as a normal pan.
… in my case, I have a homelab, a VPS and a user of a service that runs on my homelab. The VPS is just a proxy for the homelab. The user (client) talks to the homelab (server), through the VPS (proxy) so not, not really a VPN, even if I’d set up openVPN between VPS and homelab. They are not two clients.
Fundamentally, a host-to-host VPN is still a VPN. It creates an encapsulated L2/L3 link between two points over another network. The number of hosts on either end doesn’t change that. Each end still has its own own interface address, subnet, etcetera. You could use the exact same VPN config for both a host-to-host and host-to-site VPN simply by making one of the hosts a router.
I see your point about advocating for other methods where appropriate (although personally I prefer VPNs) but I think that gatekeeping the word “VPN” is silly.
If you have one of those cars that can be used as a boat. And you only ever use it in water and never on land, it doesn’t really make sense to me to exclusively call it a car. Even though it factually is one, it acts as a boat. At least call it carboat.
If I have a VPN, but it’s sole purpose is to take all the traffic that knocks on it’s network-adapter and shove it down a dev/tun and vice verca, why can we not say (with the goal of clear communication and precise descriptions) that it effectively acts as a proxy ?
You’re arguing two different points here. “A VPN can act as a proxy” and “A VPN that only acts as a proxy is no longer a VPN”. I agree with the former and disagree with the latter.
A “real” host-to-network VPN could be used as a proxy by just setting your default route through it, just like a simple host-to-host VPN could be NOT a proxy by only allowing internal IPs over the link. Would the latter example stop being a VPN if you add a default route going from one host to the other?
the only poiny I am arguing for is:
if somebody is looking for a solution that is effectively equivalent to a proxy, they can enter into the search engine either “vpn” or “proxy” and they will find more results that will work for their usecase that way.
While you are getting hung up on semantics that I technically agree on, but I find meaningless in the real world usecase of looking for a solution that effectively works like a proxy.
Perhaps if you are only talking about the consumer level stuff advertised on TV. Otherwise I can assure you that “Virtual Private Networks” are a real thing that have absolutely nothing to do with Proxy Servers.
On down the comment chain you mention "…our computers would not see each other and would not be able to connect to each other via that service. " as some kind of test of whether a thing is a VPN or Proxy Service but what you’re missing is that this is a completely common and advisable configuration for companies. In fact Zero Trust essentially demands configurations like this. When Bob from Marketing fires up his VPN to the Corporate Office he doesn’t need access to every server and desktop there nor does his laptop need to be able to access the laptops of other VPN users. They get access to what they need and nothing more.
Hell the ability to access the internet via the tunnel, called Split Tunneling, is also controllable.
It’s that ability to control where the tunnel terminates that allows consumer VPNs, like Proton, to be used the way they are.
So while private individuals absolutely do use VPNs as an ersatz replacement for Proxy Servers they are nowhere near the whole use case for VPNs.
you can do the same split tunneling via proxy servers
I agree. That also means that for certain usecases they are equivalent. It’s sometimes worth checking all options to find the best one for that specific case.
I used to use HAProxy but switched to Nginx so I could add the modsecurity module and run WAF services. I still use HAProxy for some things, though.
Oh I forgot to say: I have crowdsec on the VPS in front of frp and traefik on the server at my home, where I add all the modules I want.
frp just pipes all the packets through transparently.
But yeah, same thing, should work the same and there are dozens of ways to set that all up.
I’ve been looking into crowdsec for ages now and still haven’t gotten around to even a test deployment. One of these days, lol, and I’ll get around to it.
It’s pretty neat and I feel like there is a clear value exchange for both parties in the free tier, so less shady than cloudflare.
Don’t see an issue yet even though they are crowdsourcing their list generation. At least they are giving you something for it or you can take it. But if you do you get smaller lists.