To VPN or to PVN?
That is the question.
So to explain and translate these two as one of them is one I in particular made up based on what's actually going on. VPN has been around for ages, and is generally used to bridge two private networks together, or at the very least bridge one private device into a private network, and do so securely with encryption.
Public services like NordVPN, ExpressVPN, ProtonVPN, etc. These are not actually bridging two private networks together nor are they bridging a private device to a private network. Instead what's happening is you're setting up an encrypted tunnel from wherever you are, be it home, a hotel or some random public WiFi, to an endpoint that then just funnels you out to the public internet again. So What is PVN? Public Virtual Network. It's not really private like people think, because it's consolidating a lot of people to one server to access the internet, much like your ISP does already.
When and why to PVN
A PVN can be useful in situations where you are on less secured private networks, such as a hotel or wifi hotspot, just to prevent local snooping of your internet access, but otherwise, a PVN is pretty much a general waste of money for more than needed.
To use it as an everyday purpose just to hide your personal traffic, from… Who? Your ISP? Your roommate? That's not really worth paying $10/mo for or almost $100 up front for 2 years worth of limited speed access, just for this? Not to me it's not. Not to mention, on that particular PVN you might also be dealing with a number of bad actors as well. Afterall, you're all being funneled through the same outlet.
In short? Only when you absolutely absolu… No, simply put never, and you'll learn why later on.
Running my own VPN
So, I don't share a public network, but I do actually also use a VPN for it's intended purposes, with the added benefit of also using it for other reasons I shall describe later.
I've primarily been running at any given point in time, an OpenVPN network for bridging my home directly to 2 or 3 VPS hosting providers, such as AWS, DigitalOcean, Vultr, and now Linode. This allows me to tie in my own personal servers from my home through their own private IP addresses of my server instances within these providers, safe and securely. This also helps in the simple fact that I don't necessarily have to leave OpenSSH open to the world as well, because so long as I have a VPN connection open, I can use that tunnel to ssh in accordingly.
As for OpenVPN itself, I've used it quite a long time, it's been familiar to me for so long. It has username/password support, it can do 2FA with some additional work, and so on. I even upgraded, finally, to Eliptic Curve profiles so I wasn't using the heavy burdening RSA-2048 or even bulkier RSA-4096, and so throughput was definitely much faster.
Something New, Something Different
I made a new change just recently though that had initially proven difficult, mostly due to lack of knowledge of this new thing, but also because it required more manual setup than I was used to having to do. That change was trying out Wireguard, the new simpler to set VPN solution everyone seems to talk about. And let me say this. Once setup and configured and templated properly, this solution is actually quite good these days. With NetworkManager supporting it, now also in GUI, and macOS, iOS, iPadOS, and yes also Windows (which I don't use, hence last listed) all supported, and their clients are actually not bad either, this makes this leap a little interesting.
But How much does it cost to run your own?
So, how much does it cost to run your own VPN? Well, that depends, but in general respects, for something simple and primarily personal use, you can either get away with doing this on a dedicated instance within a VPS you already have if you have one, for roughly about US$5.00/mo, with services like Linode, Vultr, DigitalOcean, that's the recommended way to do it, but you could also potentially add it on to your webserver instance if you have one, and likely if you have a VPS you do. This is not as recommended, but it'll do in a pinch if needed.
If you use this VPN heavily for literally every bit of your personal traffic, you might run into overages due to bandwidth… Just to keep that in mind.
VPN Solutions that Matter
So, I've been using OpenVPN for quite literally decades now, personally setup every time. From RSA 2048 to even RSA 4096, to more recently EC 384 which was an improvement to speed for sure. One factor of what I liked about OpenVPN was it's versatility and ability to push IP's, DNS, and Routes to the client all on its own. These are features you just don't find in many VPN solutions.
I'm currently also running as of late a secondary VPN using WireGuard. This is a bit more manual, but the setup, once understood, is very simple. It's just a step of setting up a key pair per client and IP per client, and such. It can actually be faster than OpenVPN, but I have not yet fully tested this, or other factors such as how well it works on mobile when traveling. So, details of all these will be handled in another blog entry.
For now though, that's my story, and hope that the difference in VPN vs PVN (which is being mistakenly marketed as VPN), makes a difference in people's understanding.
-- Psi-Jack