School an idiot on VPNs

OK, you use your built in vpn client... to connect to what? For work, you connect there, but that's because your employer pays to keep up and maintain a device that is the other end of the tunnel. If you don't use it for work, who is providing you the connection point on the other end? That is where express VPN steps in. And they create their own client to give a user friendly interface to it.

In simplest terms, a VPN is a tunnel, with two distinct endpoints. You have one on your device, someone has to have the other end. With a VPN provider, you are paying them to maintain that other end for you. You are also, hypothetically, paying them to maintain good firewall and data hygiene on their end, as well as ensuring your privacy.
I get that - what I'm failing to see is the need for anything on my end other than the VPN capability already built into the OS.
 
I get that - what I'm failing to see is the need for anything on my end other than the VPN capability already built into the OS.
The few I have seen (paid service) had proprietary client-side software. I guess easier than making sure a standard user had set it up correctly? Control? Dunno.

Also I'm not sure I would trust MS or Apple if I wanted privacy anyway. I've heard Bill Gates had a micro-virus installed in all of their VPN. Just sayin
 
  • Like
Reactions: qslim
So this conversation is exactly how I understand the whole VPN thing - you're essentially paying a company to maintain the integrity of the private connection & not sell your data.

The thing I didn't get was the whole having it on your router vs on the device - part of the reason that I wanted to go the router direction is because I know for a fact my wife & kids aren't going to start an application to run a VPN every time they open a laptop or hop on a tablet so they'll rarely use it if that's the case.
 
So this conversation is exactly how I understand the whole VPN thing - you're essentially paying a company to maintain the integrity of the private connection & not sell your data.

The thing I didn't get was the whole having it on your router vs on the device - part of the reason that I wanted to go the router direction is because I know for a fact my wife & kids aren't going to start an application to run a VPN every time they open a laptop or hop on a tablet so they'll rarely use it if that's the case.
you are correct in all of that... if you want to redirect all traffic automatically you need to run on the router. Just be aware that that can break 'local' functionality — as in, local tv station filters by area for example, and will increase latency etc. depending on how many hops and how far away your new 'IP' is located. Any gamers in your house won't appreciate it :)
 
  • Like
Reactions: qslim
I get that - what I'm failing to see is the need for anything on my end other than the VPN capability already built into the OS.

VPN is just a tool. An encrypted tunnel between two points.

The paid services scrub all your identifying data from the connection, making you as close to invisible as you can get on the internet.

The free VPNs, not so much. They might hide your traffic from your ISP, maybe, but that's about it.
 
you are correct in all of that... if you want to redirect all traffic automatically you need to run on the router. Just be aware that that can break 'local' functionality — as in, local tv station filters by area for example, and will increase latency etc. depending on how many hops and how far away your new 'IP' is located. Any gamers in your house won't appreciate it :)
Copy that. Our gaming is limited to Mario Party & Minecraft, I didn't consider the streaming services though.. I'll fiddle with this ExpressVPN thing then for the meantime & see what's the best fit.

In thinking about it I'd suppose that since the fundamental point of a VPN is to have your personal info & habits shielded from the prying eyes of 3rd party companies, the devices that we use for browsing should be the priority? Watching Youtube TV or Amazon prime programming doesn't seem to be too high threat right?
 
Could you set up a tunnel to direct the streaming/gamers away from the VPN? MAC filter maybe? Send the phones and PCs to the VPN?
As a function of the router? Like install the VPN software on the router & then apply it only to certain devices?
 
Could you set up a tunnel to direct the streaming/gamers away from the VPN? MAC filter maybe? Send the phones and PCs to the VPN?
I don't have any experience with this type of router running a VPN service... however any filtering by MAC would route all traffic from that device... On a normal firewall you'd need to set up rules that say not only match traffic from a certain MAC or IP, but also by protocol or more likely, destination. And for that you'd have to know all the possible IP's used by these services, many of which change regularly. It would be a lot of work.


Streaming by the way, unless limited by IP localization (meaning you need to be inside their geographic area) isn't quite as effected, you'll see latency starting the stream, but after that it's all a continuous stream... you may see more disconnects and lower quality however due to throughput issues. That largely depends on what service you use, what location you route through, and the quality of your own connection.
 
  • Like
Reactions: qslim and JMT
Depends on the router, but most any can create a DMZ that any devices can be routed through. That will bypass the VPN.

It's easy to do it for a device, more annoying to do it for specific types of traffic.
 
At best they are an easy way to mask your ip to get around regional blocks, other than that, they give people a false sense of security.
 
  • Like
Reactions: Zorba
Fkin Xfinity... I used to be able to use Express VPN to pick up local (college) sports when i'm traveling but not anymore. As soon as I enable VPN in any US city I get the message basically saying we know you're outside the US trying to watch this. Pisses me off but I get it. Prevents people from streaming it in a bar or someplace. nazis.
 
Fkin Xfinity... I used to be able to use Express VPN to pick up local (college) sports when i'm traveling but not anymore. As soon as I enable VPN in any US city I get the message basically saying we know you're outside the US trying to watch this. Pisses me off but I get it. Prevents people from streaming it in a bar or someplace. nazis.
More likely has to do with broadcast rights (only licensed in a specific geographic area) and/or cost... don't want to pay for bandwidth to stream to someone outside their advertisers affective area. Seattle based companies don't want to pay to advertise to people in Australia who will never purchase their products for example :)
 
When I lived in Japan I had both VPN apps configured on most of my devices that I could turn on and off at will, but I also have a separate wifi router configured with aVPN plugged in to my main router. That way the devices I wanted to make it look like were in 'murica or Canada were (like roku boxes or things I was torrenting on or whatever) and I still had my normal gigabit fiber speeds with no VPN for normal stuff. Best of both worlds.
 
I also work in IT and am familiar with VPN.

In general, I would say you don't want to use it all the time on every device. You can, but that would require a VPN capable router which is usually a business level device. I used to work for an MSP (managed service partner) which translates to outsourced IT support for small to medium sized businesses. For the most part, the only time we would run a VPN 100% of the time is when a business had multiple locations. They would setup a site to site VPN so they could run one server at the main location and not have to have a server at every location.

Other than that, you should run a VPN client on devices that want/need it. If you're just browsing Jeep sites or playing games online, you do not want a VPN eating up some of your bandwidth.

If you're doing private things like downloading illegal files, maybe for banking or sensitive info, then turn it on when you need it. If you use your laptop in a public place and use their wifi (Starbucks, airport, hotel etc), you should ALWAYS have VPN turned on.

The built in operating system VPN works similar to a VPN client. In fact, if you have a decent VPN service, you don't need their VPN client. Usually you can just configure your OS to do the same thing. Since I use Linux on some PC's, they don't always support the VPN service client. You just configure the settings in a generic VPN client. It's all essentially the same.

The VPN service I use is 'Private Internet Access': https://www.privateinternetaccess.com/
They have a client for most devices including most popular versions of Linux.