This here’s a machine-translated text that might contain some errors!
VPN, or Virtual Private Network, is a way to set up a secure (encrypted) connection to another network and device(s) over the internet.
First, What is a Private Network? (Not a VPN)
A private network is a network that’s isolated from other networks. This can be a corporate network, a home network, or another type of network that ain’t open to just anybody. An open network, like ya might find at an airport, is also technically a private network, but they’re usually set up to keep devices separate from each other to boost security.
Tenkt scenario
Just imagine ya got a printer at home ya wanna use to print out a document. This here printer is hitched to your home network, so it’s got a private IP address that’s only reachable by devices connected to your own network. You can use your machine at home to print without no trouble, but your neighbor is on a different network and can’t get to your printer just plain as that.
You also can’t talk to your printer from, say, school or other networks, ‘cause that printer ain’t exposed to the internet (and it shouldn’t be anyway for security reasons).
Merk: Ingen regler uten unntak…
Some devices do offer solutions where they use some VPN-related technology to let ya print documents from anywhere in the world, as long as ya got internet access. This can bring a security risk, so keep a sharp eye on what ya be connectin’ to your network, especially with IOT devices or surveillance cameras.
Have ya noticed that ever’ time ya connect to a new network, ya get asked if yer connectin’ to a “private” or “public” network?
This here’s ‘cause Windows (or other operatin’ systems) uses this information to decide which firewall rules to use to protect yer device. A private network is usually unsecured (all connected devices trust each other automatically), and is therefore vulnerable to other devices on the same network. In return, ya can more easily share printers, files, and other resources when machines are on the same network.
Commercial Operators
There’s a heap of commercial operators offerin’ VPN services, claimin’ they can protect yer privacy on the internet and let ya browse anonymous-like. That ain’t necessarily the whole truth, and it’s important to be aware of what a VPN actually does.
In practice, ya move yer network connection to another place (often another country), seein’ as we use VPN servers as a middleman from our client to the internet.
Kommersiell VPN != sikkerhet
Many folks market themselves as a service offerin’ extra security, but for most users, that just ain’t the case. When we’re visitin’ websites usin’ HTTPS (even on public wifi), that connection’s already encrypted, so a VPN won’t necessarily provide no extra security. It can’t “hide” your activity from your internet provider all the way, neither.
In certain lands or places, though, it might be plumb useful, but it’s mighty important to realize you’re movin’ your trust from your internet provider over to that VPN provider.
Offentlige nettverk
We often hear tell that we ain’t supposed to be connectin’ to unsecured public networks, like them cafes, airports, hotels, and so on. This ain’t necessarily a problem so long as we’re usin’ HTTPS (encrypted) to visit websites.
What might be a real trouble is if someone sets up a “fake” network with, say, a malicious Captive Portal (a website that usually asks for a login or for ya to accept terms ‘fore we can get onto the internet).
Have ya checked if ya got “automatic connection” turned on for open networks on your mobile or your laptop? This can make your device hitch up to a malicious network without ya even knowin’ it.
What can we use a VPN for?
A VPN can be used to hitch devices together across networks, just like they were on the same (private) network, in a way that’s safer than leavin’ them out in the open to the internet (openin’ ports in the firewall). Now, keep in mind we still gotta have ourselves a VPN server to connect to; we can either set it up ourselves (which means openin’ up the firewall), or use a provider that acts as a relay (a middleman) for us. Some popular choices are OpenVPN, WireGuard, and IPsec.
Eksempel
You got a gaming rig you wanna hook up with your laptop when you’re at school usin’ Remote Desktop software (RDP). You can then set up a VPN solution that lets you connect to your home network, and then use RDP to connect to your gaming PC like you was home.
Now, in our case, we aim to use this here to get access to the resources here at school from other parts of the world, and later on we’ll be lookin’ at cloud computin’ where we wanna connect to virtual servers in the cloud in a safe manner. Usually, we open up a port to our server to get this set up, then we lock down the server afterwards (generally a Site-to-site VPN).
The only practical difference is that we get a different IP address over our VPN network (like 100.64.x.x/10 is often used for VPN), but the functionality is as if we were on the same network. This means we can use things like RDP, SSH, FTP (File Transfer Protocol), and the like without havin’ to open up our services in the firewall.
Task 1 - Installin’ TailScale VPN
Luckily for us, installin’ a VPN is simple, specially if ya use a service like TailScale. This here’s a commercial service that offers an easy way to set up a WireGuard VPN, which gives us more’n enough functionality for our needs on its free tier (100 devices).
Follow the installation process as described in the documentation: https://tailscale.com/download
Merk
You’re gonna need a VPN on every single gadget you’re fixin’ to connect to the network. That includes servers, PCs, mobiles, and all that.
Task 2 - Set Up an Exit Node
An Exit Node in TailScale is a device on yer network that acts as a gateway for all traffic from other devices on the TailScale network. This routes all traffic through this here device, which can be mighty useful for gettin’ access to resources on a specific network, or gettin’ a new IP address to bypass geographical restrictions.
We’re usin’ Nginx Proxy Manager to limit access to certain resources based on IP address (like yer Proxmox server), with an Exit Node at school, you’ll be able to get an IP address that’s “at school” no matter where you are in the world.
Follow the documentation to set up an Exit Node: https://tailscale.com/kb/1103/exit-nodes#configure-an-exit-node
Watch out! “Edit Routes” menu
Don’t go forgettin’ the step bout turnin’ on “Use as Exit Node” in the TailScale menu on the device ya set up as an Exit-Node. This be a common step to forget.
Exit-Node on a VPS in the cloud!
If you set up a virtual machine in another country via e.g. Azure (where you get free credit as a student), you can easily set up an Exit-Node to get an IP address in that country - just like a commercial VPN service, with fewer restrictions and more learnin’!