0
I'm running openVPN on a linux box at home which is the connected to my router via ethernet. My public IP changes when I'm outside of my home, however when I'm on the same local network as my linux box my public ip does not change.
Pretty sure my setup is okay, just need some help with the networking.
Thanks in advance, sorry if this seems like a silly question. Not really much of a network engineer!
Daniel
Posted 2016-11-19T20:45:36.277
Reputation: 3
0
Typically when you connect to a router which has a connection to the internet via modem, your external IP will be equivalent to the WAN IP address of the router. All of the hosts connected to the router will have different internal (LAN) IP addresses assigned either statically or dynamically. When outbound packets requiring routing reach the router, they are subject to NAT, which translates the unique LAN IP addresses to your router's external (WAN) IP. Ultimately, you should expect the external WAN IP given to your home router by your ISP to be different when you connect to another access point or router outside like at a coffee shop. You should confirm you are properly using either DHCP or static IP configuration, based on the routers' respective configurations (home or away).
diametralpitch
Posted 2016-11-19T20:45:36.277
Reputation: 588
I just wanted to point out that using an OpenVPN server directly on your LAN possibly defeats the purpose if your intent is to keep external traffic private. If you think about it, traffic is only encrypted between VPN connected hosts and the VPN server. Once packets are in transit from the VPN server to the router, they will no longer be encrypted. As a side effect, if your router does not have switching capability, your post-VPN (unencrypted) traffic may also be sniffed by other LAN members. – diametralpitch – 2016-11-19T22:32:42.277
So from what I understand, because my linux box, running my VPN is setup behind my router (as in on the local network). It completes defeats the point of it; because the only encrypted traffic will be from my VPN to the router itself (A physical distance of quite literally 2 metres)? If this is correct, am I just better of paying for a service rather than trying to do it myself? – Daniel – 2016-11-21T12:08:58.250
There are 2 scenarios depending on where the traffic is destined for. Between the OpenVPN server and the router, traffic destined for other VPN peers will stay encrypted, but traffic destined for the internet will be unencrypted. In the latter case, this will make sense if you consider as an example, the notion that any given web server on the internet will not be able to decrypt your packets. – diametralpitch – 2016-11-21T19:19:22.263
I assume your use case is this scenario, keeping your outbound internet traffic private from peers on your LAN also and your ISP. If you want to achieve this, you will need to move the OpenVPN server outside of your home network onto the internet. – diametralpitch – 2016-11-21T19:19:49.260
As is the case for any OpenVPN setup, outbound internet traffic leaving the VPN server will be unencrypted. Assuming you're not using a switch, LAN traffic is visible to all hosts on the LAN, so in your existing setup any internet traffic exiting the VPN server will be visible to the entire LAN. It would be simple for another host on the LAN to sniff the packets you were possibly hoping to remain private. And this would be the case regardless of any physical Ethernet cable length. – diametralpitch – 2016-11-21T19:20:36.790
I see, thanks for the clear explanation. Probably not willing to put my linux box on the internet. I'll do some research and invest in a decent VPN provider. – Daniel – 2016-11-21T22:02:18.343