Avast ye, this be a machine-translated text an’ may contain errors, aye!
VPN, or Virtual Private Network, be a solution that allows us to establish a secure (encrypted) connection to another network and device(s) over the internet, aye.
First, what be a private network? (not a VPN)
A private network be a network that be isolated from other networks, aye. This can be a company network, a home network, or another type o’ network that ain’t open to all. An open network, like for example at an airport, be also technically a private network, but they be usually configured to isolate the devices from each other to increase security.
Tenkt scenario
Aye, picture this: ye have a printer at yer home, and ye wish to use it to print a document. This printer be connected to yer home network, and thus has a private IP address, only reachable by devices connected to yer own network. Ye can use yer machine at home to print without trouble, but yer neighbor be on a different network and can’t reach yer printer without some doin’.
Nor can ye communicate with yer printer from, say, school or other networks, for the printer be not exposed to the internet (and rightly so, for security’s sake!).
Merk: Ingen regler uten unntak…
Some devices, however, offer solutions where they use VPN-related technology to let ye print documents from anywhere in the world, so long as ye have internet access. This can carry a security risk, so be wary o’ what ye connect to yer network, especially with IOT devices or surveillance cameras.
Har ye noticed that each time ye connect to a new network, ye be gettin’ a question o’ whether ye be connectin’ to a “private” or “public” network?
This be so that Windows (or other operatin’ systems) uses this information to determine which firewall rules be used to protect yer device. A private network be usually unsecured (all connected devices trust each other automatically), and be therefore vulnerable to other devices on the same network. In return, ye can more easily share printers, files, and other resources when machines be on the same network.
Commerical Scallywags
There be many a commerical sea dog offerin’ VPN services, claimin’ they can protect yer privacy on the web and let ye sail anonymously. This ain’t necessarily the whole truth, and ‘tis important to be aware o’ what a VPN actually does.
In practice, ye be movin’ yer network connection to another port (often another land), as we use VPN servers as a middleman from our vessel to the internet.
Commercial VPN != security
Many a scoundrel peddles themselves as a service offerin’ increased security, but for most landlubbers, that ain’t the case. When we visit websites usin’ HTTPS (even on public wifi), the connection be already encrypted, and a VPN won’t necessarily offer any extra security. It canna’ neither “hide” yer activity from yer internet provider entirely.
In certain lands or places, however, it might be advantageous, but ‘tis important to be aware that ye be shiftin’ yer trust from yer internet provider to the VPN provider.
Public Networks
We often hear that we shouldn’t connect to unsecured public networks, such as those in cafes, airports, hotels, etc. This isn’t necessarily problematic as long as we use HTTPS (encrypted) to visit websites.
What can be problematic is if someone sets up a “false” network with, for example, a malicious Captive Portal (a webpage that usually requires login or acceptance of terms before we get access to the internet).
Have ye checked if ye have “automatic connection” to open networks on yer mobile or laptop? This can cause yer device to connect to a malicious network without ye bein’ aware o’ it.
What can we use a VPN for?
A VPN can be used to connect devices across networks, as if they were on the same (private) network, in a safer manner than exposing the devices directly to the internet (opening ports in the firewall). Note that we still need a VPN server to connect to, we can either set it up ourselves (requires opening in the firewall), or use a provider that offers a relay (middleman) for us. Popular options be OpenVPN, WireGuard, and IPsec.
Eksempel
Ye be havin’ a gaming PC that ye wish to connect with yer laptop when ye be at school, usin’ Remote Desktop software (RDP). Then ye can set up a VPN solution that lets ye connect to yer home network, and then use RDP to connect to yer gaming PC as if ye were home.
In our case, we’ll be usin’ it to gain access to the resources here at the school from other corners o’ the world, and we’ll be lookin’ at cloud computin’ later on, where we aim to connect to virtual servers in the clouds in a safe manner. Usually, we open a port to our server to set this up, afore lockin’ down the server afterwards (as a rule, a Site-to-site VPN).
The only practical difference be that we get a different IP address over our VPN network (e.g., 100.64.x.x/10 be often used for VPN), but the functionality be as if we were on the same network. This means we can use, fer example, RDP, SSH, FTP (File Transfer Protocol), and the like, without havin’ to open up our services in the firewall.
Task 1 - Installin’ TailScale VPN
Aye, thankfully for us, installin’ a VPN be a simple task, especially if ye be usin’ a service like TailScale. This be a commercial service that offers an easy way to set up a WireGuard VPN, which gives us more than enough functionality for our needs on its free tier (100 devices).
Follow the installation process as described in the documentation: https://tailscale.com/download
Merk
Ye need a VPN on all the devices ye wish to connect to the network with. This includes both servers, PCs, mobiles, and the like.
Task 2 - Set Up an Exit Node
An Exit Node in TailScale be a device within yer network that serves as a gateway for all traffic from other devices on the TailScale network. This directs all traffic through this device, which can be useful for accessin’ resources on a specific network, or gettin’ a new IP address to bypass geographical restrictions.
We be usin’ Nginx Proxy Manager to limit access to certain resources based on IP address (e.g., yer Proxmox server), with an Exit Node at school ye’ll be able to get an IP address that be “at school” no matter where ye be in the world.
Follow the documentation to set up an Exit Node: https://tailscale.com/kb/1103/exit-nodes#configure-an-exit-node
Avast! “Edit Routes” menu
Forget not to be switchin’ on “Use as Exit Node” in the TailScale menu on the device ye’ve set up as an Exit-Node. ‘Tis a common step to be forgettin’.
Exit-Node on a VPS in the clouds, aye!
Should ye be settin’ up a virtual machine in another land via, fer example, Azure (where ye get free credit as a student), then ye can easily set up an Exit-Node to get an IP address in that land - much like a commercial VPN service, with fewer restrictions and more learnin’!