I am somewhat noob to networking. Does the open vpn server on your pfsense router hide traffic. I understand that I get a different IP with a commercial vpn. But other than creating a secure tunnel to my home network when I am outside, does the open vpn provide anything additional if I am home and using it to connect my pcs running torrent?
No, VPN server on Pfsense allows you to connect via vpn back to your Pfsense and your home network and its internet connection. You would connect via Nord for example to a remote server, popping out on the net on a different IP address
OK, let’s start at the beginning.
The purpose of a VPN is to create an encrypted network connection between two devices. There are several scenarios when this can be useful. To wit:
- Site-to-site VPN. You have two or more locations (for example, headquarters and one or more satellite offices). The satellite locations are tied into the headquarters’ network, so users at all locations can use the services available locally at the headquarters (file server, corporate intranet, internal applications, etc.; or, in case of you sharing your movie collection with your buddy, your Plex / Jellyfin / whatever).
- Road warrior(s). You have a central location and one or more remote / mobile users who need access to local services. Similar to site-to-site, except the remote user may be connecting from anywhere, rather than from a known location. So the VPN client has to be installed on the end users’ devices rather than on a router that services a satellite location.
- Exit node. All (or some) Internet-bound traffic from VPN clients goes to the VPN server, which acts as a gateway to the Internet. So whoever receives those requests perceives them as coming from the location of the VPN server. This, I believe, is what you refer to as “hiding traffic”, although “redirecting”, in my opinion, is a better term to use.
In all cases, the VPN server must have a fixed public IP address (or a workaround for one, which I’ll be sure to mention later). This is not always practicable or convenient (for example, you may have an ISP who can’t give you a public IP address, or can give you one only as a part of an expensive service package), so sometimes, people use third-party VPN providers such as NordVPN. The provider allows the customer to use a VPN server hosted in a data center. This server functions as the VPN’s central location; customer’s devices connect to it as clients.
With that in mind, let’s rephrase your question in a way that makes sense: when would you use a VPN provider such as NordVPN as opposed to your own OpenVPN-enabled router? The answer is, in order to use your own device as an OpenVPN server, you need this device to have a public IP address. Otherwise, an OpenVPN connection can’t function. So in situations when you can’t have a public IP address, you must resort to getting VPN service from a third party. Alternatively (the workaround I promised I’d mention), if you can’t have a public IP address but still want to use your hardware rather than a third-party service, you need to configure something called “dynamic DNS”. It’s also a third-party service, but you can get it for free or very inexpensively compared to the VPN service.
Hope this helps…
In all cases, the server must have a fixed public IP address
Not 100% true, PFsense has Dynamic DNS services you can integrate with and get a URL and just use that and it monitors for IP changes.
Thank you. I think I am understanding part of it. I use Dynamic DNS in Pfsense to update cloudflare with my public IP. I totally understood the Site-to-site and Road worries, which I use to connect to my home network from outside. And yes, Exit node is what I am asking for. Because, I have a VM on my server that I used SlickVPN, which is extremely unreliable, to connect to an external vpn server before running any torrent. I was thinking about getting PIA VPN instead but wanted to check if I could connect to my OpenVPN Server from this VM to serve similar function, or redirecting traffic as you put it.
True, but that’s a complication we can skip at the first exposure, until the OP grasps the basics. Nevertheless, I’ll go back to my first reply and add a sentence about that…