Ask HN: Why isn't using your home network as a VPN more common?

[hjconstas]

Most VPNs focus on making it look like you’re somewhere else (switching countries, etc).

But for most of my actual use cases, I don’t want the internet to change, I just want it to be secure and behave like I’m at home.

I’ve been experimenting with routing traffic through my home network instead, and it seems to avoid a lot of the usual VPN friction (captchas, website blocking, etc) while still getting the benefits.

The surprising part is that it works well, but it still feels like something only technical people end up doing.

Curious how others here think about it: -Is this actually niche, or just under-adopted? -Do you use something like this? -What keeps it from being more common?

[fuzzfactor]

Wanna party like it's 1999?

Back when most entry-level Linksys routers were regular ordinary VPN routers?

And they included built-in DynDNS functionality right in the router configuration routine if you wanted to use that too. In case you had a registered domain that you wanted to use for consistent remote access in the face of numerical IP addresses that were subject to change dynamically by your ISP.

Plus of course DynDNS was free as originally intended with no end in sight.

The main obstacle was configuring your remote Windows 98 laptop to make use of the VPN that the router handled on its own. About like configuring bare Wireguard before there was Tailscale.

Eventually Cisco bought Linksys and it was all downhill from there.

[hjconstas]

I didn't know the history there, that's cool! The functionality has kind of always been there, but it never felt like something you’d recommend to a normal person.

I've been thinking about a project to make setting up a Tailscale-like setup dummy easy. Ik it's easy now, but trying to make it nord vpn easy. Considering you know what you're talking about, do you think this is a bad idea? It's niche enough that convincing people it's something they want will be a pain, and techies who know they want it, could just do it themselves. Am I being stupid here?

[fuzzfactor]

>it never felt like something you’d recommend to a normal person.

Thanks for the recommendation, and the compliment ;)

Well, I'm no expert and way out-of-date but I just looked at today's "VPN routers" and on first glance they don't look like quite the same animal. It's been about 30 years after all.

These modern versions look like they are for millions of people who have censorship problems on their home ISP, so they are intended so any traffic from their local network gets encrypted before exposure to their ISP, and everything that reaches the internet is all through a paid external relay service like NordVPN. Also to the rest of the world your actual home/office IP address and location are not revealed, a provider like Nord uses its own selected address and location as a substitute to interface you to the world instead.

Kind of like a solitary laptop user would install NordVPN on the laptop then have the same encryption/protection and substitute address/location. And actually appear to the world to always be coming from that same substitute Nord location regardless of what hotel room you are in when you fire up the laptop.

The antique VPN routers were more like office machines where censorship was not the issue, but still concerned with confidentiality and security. Mainly you just wanted authorized remote PC's to autologin to the home office and act like you were back there in the office. The home/office public IP address was not concealed from the internet, and "normal" traffic from the local office network through the router to the ISP was not encrypted. When the VPN function in the router was enabled, it then laid in wait for you to log in remotely from your preconfigured authorized laptop(s), and all traffic between the router and the remote PC is encrypted through its own private tunnel. Remotely like this it's like being right there in the office so you have access to the same local resources, and you can be actually accessing the general internet through the home office router using the ISP and services you are already paying for. With no other restrictions or additional payments needed. And the remote hotel ISP sees nothing but encrypted traffic this way too.

Maybe the modern VPN routers are actually capable of doing the same old thing but it's not nearly as popular as paid services any more?

If so, maybe it would be worthwhile to have a turnkey routine like a dashboard that's foolproof to configure a remote device, so it properly interfaces with the modern type home/office router over the internet, IPv4 and/or IPV6. The hard part is that this may still depend on manually configuring the VPN router to act like the old kind as much as possible, since you need your router to act as as the VPN server in place of a Nord server for instance. Rather than act like a commercial-VPN client that these newer routers seem to default to (and might only be capable of?).

Otherwise you would need more than just the dashboard app for the remote PCs.

You've got to have a local solution for the home location too.

Alternatively there are Wireguard-capable routers that can be made to behave the old way. Setting them up could still be the hard part and could require some tech effort, but you only need to do it once. And once that's accomplished according to some reliable guidelines, then it should be a quick and simple breeze to authorize a remote device having Wireguard installed, when needed by manual entry of approved credentials beforehand (or on the spot), without need for Tailscale.

If everything fell into place, the same bone-simple dashboard app would work to reach various VPN server scenarios.

[JohnFen]

I've been doing this for many years, and I don't know why it's not more common. The most common thing I hear when I explain to people, though, is they don't see the point if the VPN isn't shielding your traffic from your home's ISP.

I think that just speaks to people thinking that's the only use case for a VPN, probably because of all the marketing from VPN service providers.

I originally set it up in order to be able to funnel all of my smartphone traffic through my home network so my firewall rules apply to my phone as well. Since then, though, I've discovered numerous other advantages.

[hjconstas]

Yeah I see that. But for me it’s more about everything just working. What kind of firewall rules do you have? Maybe that's not the best question to ask on the open internet haha.

I'm coming at it from a more basic NPC angle after ChatGPT started blocking VPN IP traffic. So I'd love to hear a more nuanced angle.

[JohnFen]

The part of my firewall setup I most wanted to extend to my smartphone was my policy of whitelisting outgoing communications. I don't want applications to be able to talk to the outside world without me explicitly allowing it, so I block all outgoing communications by default and whitelist specific things as needed.

[fragmede]

Tailscale makes it easy, including an Apple tv app to run an exit node from!