School an idiot on VPNs

[qslim]

So I've been meaning to get a VPN just like I've been meaning to do a lot of things in my life. We got ExpressVPN & I wanted some clarification from the smarties on here because my social circle is limited to my wife, kids, & people who like TJs.

So here's the thing, my perception of a VPN (for the house at least) was one that acts like an umbrella for all connections leaving through my router. Looks like ExpressVPN has a little app to install on every device that needs to be turned on when you use it, what I was angling for is something that I can control via my router so the VPN is upstream of every device in my house. So I go to check my router & at some point my old linksys got swapped out for whatever xFinity supplies with their service which is not compatible.

So, to do what I want to do I need to find an express VPN-compatible router & install that software on it right? Is there a better way to do this? I don't really care what VPN I use as long as its something that is reliable and doesn't require a lot of baby sitting to keep it working, & I can return the ExpressVPN here soon if it isn't the best bet.

Thoughts?

 

[LukesfirstJeep]

No idea, but is there a VPN compatible with the Xfinity router? Comcast customer support has been helpful for me for other situation.

 

[Zorba]

VPN isn't router dependent. Its yet another IP (Internet Protocol) that masks your activity between your end point (computer) and where-ever the other end of the VPN is. So your ISP can't track you as all traffic is private - until it comes out the "other end", presumably not within your ISP's purvey. Its great for masking Wi-Fi signals from snooping. It also slows things down a bit.

 

[Irun]

Do some searches for client vs clientless VPN. You may find some useful information there.

 

[DaveF]

VPN isn't router dependent. Its yet another IP (Internet Protocol) that masks your activity between your end point (computer) and where-ever the other end of the VPN is. So your ISP can't track you as all traffic is private - until it comes out the "other end", presumably not within your ISP's purvey. Its great for masking Wi-Fi signals from snooping. It also slows things down a bit.

While it's not router dependant, if he wants to run one VPN to cover all his home devices, he'll have to run it on his router or put up an internal internet gateway server and run it there.

I've no personal experience with running a VPN directly on a home router (we run dozens of em on our corporate router but those are router to router, not router to internet like you want), but if you google it you'll find lots of articles about it. There appear to be home routers you can buy that will run/connect to more than one VPN provider... I'd go that way so you're not locked in. Not all VPN providers work in all situations :/

 

[Chris]

Let me tell you about the nutball who keeps joining this site from a VPN with an IP out of the “Russian Federation”. He then proceeds to make his very first post in the political sub-forum, and it’s always some sort of troll.

Banned him three times already, and he thinks he’s smart using said VPN. Fortunately I’m smarter

 

[Chris]

https://www.expressvpn.com/vpn-software/vpn-router

 

[WallyWest]

You can just install it on individual devices, but the best "set it and forget it" approach is to use a router solution. I'd get a router that supports the ExpressVPN app and just do that. Then all your internet traffic is routed through the VPN.

You can set it up on most any router, but if it doesn't support the app the setup can be kind of a pain.

And IMO ExpressVPN is the best. They have a policy of no logs, and that has been put to the test. Others have stated they don't log, but then caved to law enforcement and ended up providing the logs they supposedly didn't have.

 

[D M]

In short, yes it acts as an umbrella to your internet network. A VPN(virtual private network) is basically a mask of your online I.P. which is what 99% of the VPN software out there do. They display your I.P.(internet protocol address) as something else. Your I.P. address is a number associated with the given computer or network, and when connected to the internet it allows to send and receive information. Think of your computer as a house(hence address), and the front door is the I.P. the only way in and out of the house is through the front door, an I.P. will basically change your front door to appear to be something else. The only thing i dont like about VPN's is that when trying to mask the information coming in and out of the door it must mask it to appear to be somewhere else(where it is set to be) and it will slow down your internet to a decent extent.

 

[D M]

In my experience, hotspot shield is the best free VPN software you can use, yeah youll get ads(as they will all give you) unless you upgrade to the "premium unlimited data" version, but I personally like HS due to the miniscule loss of bandwidth when browsing the internet. Streaming on the other hand, I wouldn't recommend

 

[jeepins]

I used ExpressVPN for all my trips to China for work. If a network I was on didn't allow it to enable (and there were a few here and there) I just didn't get on the internet at all if I could help it. One of my friends over there was even using it. When I asked why she replied, you know why

 

[DaveF]

In short, yes it acts as an umbrella to your internet network. A VPN(virtual private network) is basically a mask of your online I.P. which is what 99% of the VPN software out there do. They display your I.P.(internet protocol address) as something else. Your I.P. address is a number associated with the given computer or network, and when connected to the internet it allows to send and receive information. Think of your computer as a house(hence address), and the front door is the I.P. the only way in and out of the house is through the front door, an I.P. will basically change your front door to appear to be something else. The only thing i dont like about VPN's is that when trying to mask the information coming in and out of the door it must mask it to appear to be somewhere else(where it is set to be) and it will slow down your internet to a decent extent.

Yes, any VPN will slow down your traffic and increase latency. This is because, per your analogy, your traffic is encrypted by the software/device then leaves your front door, via your IP, and is sent to a device/software at the other end, a hosted site by the VPN provider where it is decrypted then sent to the internet. Every hop along the way increases latency, for example rerouting your traffic from Seattle through a VPN in say Detroit, will add anywhere from 60-80ms in latency. The farther the other side of the VPN, the more the latency. Also the process of encryption, rerouting, decryption both directions slows traffic as well so you'll never realize the full bandwidth of your local line.

As to displaying your IP as something else... sort of. It is possible to see your IP still, and see where your traffic goes. But that traffic will all terminate at that one remote IP address of the VPN provider. From there, the government can try to (and sometimes is successful at) requesting that data from the provider. From a website your IP looks like the IP of the providers internet connection and will be lumped in with all other traffic from that IP. So the Feds can see your IP, see you send data to the vpn provider... and they can see bad things going on from the VPN provider's IP addresses... but unless they can convince a court and/or the VPN provider, they can't directly link which traffic is yours. I don't care what they say, as a career IT guy I know for a fact the data is there to link you and your activities, just hopefully kept private and not for long (discarded quickly and securely erased).

Don't ever believe your traffic is 100% secure just because you use a VPN though. Don't believe any claims by the shady VPN providers that it protects you from malware or virus's in any way either. You can still easily get that from any website you visit or email you open that you shouldn't. The traffic from the malware will then go out to the bad guys through your VPN tunnel nice and safe. VPN's protect you from the 'good guys / Government' (start debate elsewhere ) not the bad guys.


What the VPN does do, is make it much harder for anyone to see your browsing history from the internet/ISP side, meaning your direct ISP won't have the details, just that one VPN endpoint and big brother will have to work a lot harder to get to it, usually meaning they won't even bother to try.

 

[rasband]

What are you trying to accomplish? The wrong VPN can just sell what you’re trying to hide to another party instead of your ISP (who probably sells it).

 

[Zorba]

What am I missing here? Windows, Linux, and Mac all have VPN built in - all you have to do is configure it. Used it for years to VPN to my employer. Do these 3rd party VPN solutions not work with the native VPNs built into the OSes? I've never used a 3rd party VPN, so I don't know.

I do know you can use TOR, which VPNs to a random server on the other side of the planet. Which is so slow as to be un-usable to my experience.

 

[DaveF]

What am I missing here? Windows, Linux, and Mac all have VPN built in - all you have to do is configure it. Used it for years to VPN to my employer. Do these 3rd party VPN solutions not work with the native VPNs built into the OSes? I've never used a 3rd party VPN, so I don't know.

I do know you can use TOR, which VPNs to a random server on the other side of the planet. Which is so slow as to be un-usable to my experience.

built in VPN doesn't provide that remote / anonymized connection that people are looking for in a home VPN. They are looking to obfuscate who they are and what they are doing, not just secure traffic from one point to another. The built in VPN cannot do this. What you are paying for with an ExpressVPN for example is the infrastructure on the other end of the tunnel, the internet gateway and remote IP address and in theory, the privacy.

 

[Zorba]

built in VPN doesn't provide that remote / anonymized connection that people are looking for in a home VPN. They are looking to obfuscate who they are and what they are doing, not just secure traffic from one point to another. The built in VPN cannot do this. What you are paying for with an ExpressVPN for example is the infrastructure on the other end of the tunnel, the internet gateway and remote IP address and in theory, the privacy.

I don't mean to be obtuse - if your traffic is secure to "elsewhere", then you're "elsewhere" in virtual reality. Your traffic comes out of a server/gateway someplace else along with everybody else's that's VPNed into it - no way for that to be traced back to the origin (from outside, previous mentions of "no logging" certainly applies!). When I used VPN to my employer, my traffic came out into the wild in California, regardless of where I actually was.

 

[Rec_Rider]

I actually prefer to not use it from a router but from the devices themselves. VPNs don't always need to be used to hide yourself but to seem as though you are coming from a different location. Regional streaming services in the EU require IP addressing in the local region so VPNs give you the ability to stream those services while 1000's of miles away. The problem is once you VPN outside of your area you can add a lot of latency. CDNs are designed to give you the best and fastest access but VPNs will cause those to be slower due to the added latency, encryption overhead, and bandwidth that the VPN service offers.

Running the VPN from the router reduces your flexibility to change VPN endpoints on the fly which is why I prefer to put them on my end devices.

On a side note, I was on a federal grand jury not too long ago where we saw an indictment related to child pornography where users to a known distribution website were masked due to a VPN. The feds were unable to get the IP addresses of the perpetrators until they were able to get the perps to click on a link (federal folks posted to the distribution site). Basically, the VPN was very effective until they hit a site that was controlled by the government.

 

[DaveF]

I don't mean to be obtuse - if your traffic is secure to "elsewhere", then you're "elsewhere" in virtual reality. Your traffic comes out of a server/gateway someplace else along with everybody else's that's VPNed into it - no way for that to be traced back to the origin (from outside, previous mentions of "no logging" certainly applies!). When I used VPN to my employer, my traffic came out into the wild in California, regardless of where I actually was.

but your internet activity can be tracked back to your employer, who would then be requested to provide firewall and other logs showing who was responsible for what traffic. If they provide that data, then it is directly tracked back to you. Whoever is looking for that data can also just see where your VPN ends, then attack that end directly.

On a side note, I was on a federal grand jury not too long ago where we saw an indictment related to child pornography where users to a known distribution website were masked due to a VPN. The feds were unable to get the IP addresses of the perpetrators until they were able to get the perps to click on a link (federal folks posted to the distribution site). Basically, the VPN was very effective until they hit a site that was controlled by the government.

This... never assume you can get away with something illegal on the internet just because you use a VPN. Yes it makes it much, much harder, but there are ways that creative agencies can still get to you.

 

[Zorba]

but your internet activity can be tracked back to your employer, who would then be requested to provide firewall and other logs showing who was responsible for what traffic. If they provide that data, then it is directly tracked back to you. Whoever is looking for that data can also just see where your VPN ends, then attack that end directly.

I get that - but what does that have to do with built-in vs otherwise VPN? It all looks the same on the output end! What am I missing?

 

[DaveF]

I get that - but what does that have to do with built-in vs otherwise VPN? It all looks the same on the output end! What am I missing?

OK, you use your built in vpn client... to connect to what? For work, you connect there, but that's because your employer pays to keep up and maintain a device that is the other end of the tunnel. If you don't use it for work, who is providing you the connection point on the other end? That is where express VPN steps in. And they create their own client to give a user friendly interface to it.

In simplest terms, a VPN is a tunnel, with two distinct endpoints. You have one on your device, someone has to have the other end. With a VPN provider, you are paying them to maintain that other end for you. You are also, hypothetically, paying them to maintain good firewall and data hygiene on their end, as well as ensuring your privacy.