PiVPN and Encryption ?

[Tum']

Hi,
I am very new to VPNs and would like to just confirm a few things.
I have setup my Raspberry Pi as a home VPN
I have got it all working fine, and can connect to it using my iPad, iPhone and Firestick.
It is certainly working as when i was away from home on my phone, and connected to it, my ip changed to my home ip.

But my question is, with the Raspberry Pi connecting to my own router and ISP, If i am connected to it, whether from home or away, i know that my IP does not change as the location of the server is my home, but does the VPN Server encrypt everything before my ISP can see what am doing.

So when connected, would the ISP still know what websites i view etc, Or does the server encrypt that before if goes to the ISP ?
Is there any extra privacy with this method, whilst using it at home ?

If my ISP can still see the websites i view, or whatever, Would adding a proxy to my profile work ?

Or do i really need to purchase a VPN and use a server located away from my home to hide my websites, and usage from my ISP ?

[openvpn_inc]

Hello Tum',

The path between your iPhone and your own VPN server at home is encrypted and protected by the VPN tunnel.

The path from your own VPN server at home to whatever sites you try to visit on your iPhone through that VPN tunnel, is not protected or encrypted by the VPN tunnel.

To your ISP it may look like your iPhone is at home and browsing the Internet.
Your ISP may see an encrypted tunnel but doesn't know that that's your iPhone's connection to your home VPN server.

VPN service providers help a little in this regard by mixing in all the traffic and sending it out through their Internet end-points, so that requests of all kinds from all of their customers are going through their public IPs. But other than that, there is not much more going on.

Note though that most connections these days are already by themselves encrypted with HTTPS. So a visit to this forum for example would be visible to your ISP only in the sense that they know which server IP you connected to, so they might have some idea which website you're opening. But they won't know what forum post you were looking at on that website for example.

One thing your current situation does help to protect against is that if your iPhone is on a public wifi, the traffic you send through the VPN tunnel over that public wifi, cannot be intercepted and decoded by some local bad actor in that public wifi network.

Kind regards,
Johan

[openvpn_inc]

I am very new to VPNs and would like to just confirm a few things.
I have setup my Raspberry Pi as a home VPN
I have got it all working fine, and can connect to it using my iPad, iPhone and Firestick.
It is certainly working as when i was away from home on my phone, and connected to it, my ip changed to my home ip.

But my question is, with the Raspberry Pi connecting to my own router and ISP, If i am connected to it, whether from home or away, i know that my IP does not change as the location of the server is my home, but does the VPN Server encrypt everything before my ISP can see what am doing.

Hi Tum,

The VPN encrypts everything from the client to the server. If you have redirected clients' Internet traffic through the VPN, the server sends packets out through your ISP on behalf of the clients.

So when connected, would the ISP still know what websites i view etc, Or does the server encrypt that before if goes to the ISP ?

Most web traffic is HTTPS, which means the ISP can know what IP addresses VPN clients have gone to, but they can't see inside HTTPS packets. They cannot even see the "/pathname" part of your URL. If they're not your DNS provider (such as if you use 8.8.8.8 or other open resolver) they can't even know the hostname you looked up. They can only know the IP address and port.

Is there any extra privacy with this method, whilst using it at home ?

If my ISP can still see the websites i view, or whatever, Would adding a proxy to my profile work ?

Or do i really need to purchase a VPN and use a server located away from my home to hide my websites, and usage from my ISP ?

No, and no, and yes, if your ISP is the threat model you are worried about.

Be sure to disable any proxy settings your ISP may be pushing to local DHCP clients. I don't know if Access Server would be affected by that; probably not, I think, because the VPN process is not a web browser.

Personally, I suggest that if your ISP is the enemy, you need to complain and possibly find a better ISP. If you don't trust one business which is getting your money, why do you think paying another business to monitor your traffic is wise? How/why do you think they are any more honorable and honest than your ISP?

regards, rob0