Earlier today I was helping a user who was trying to setup a VPN. This user was trying to setup a VPN for geo-IP reasons. They did not realize that the VPN requires 2 endpoints -- one local to them, and one remote (such as a commercial VPN provider). When the user looked at various guides including the OpenWrt wiki articles, it wasn't immediately apparent to them that there is another 'side' to the connection.
This theme has come up from time to time. I'm wondering if anyone has any links to good explainers that emphasize the fact that the tunnel needs 2 endpoints. Or, if not, maybe I'll try to write something for the OpenWrt wiki.
I was that close to say that this user is a spammer/bot/etc
I am not sure if there is a point to explain everything to such a degree, as this is the forum for OpenWrt. Following this pattern we should also explain subneting so users can calculate the subnet mask correctly and not overlap networks.
Of course your time is yours and you decide how to spend it.
At first, I was thinking the same (spammer/bot). But I think that the user was legit and just not aware of how VPNs actually work. And we've had this issue show up from time to time. I figured I'd first ask for any good articles/resources that I could link for those users. If no good ones surface on this thread, I might just try to write up something for the wiki.
And yeah, I know you were saying it somewhat sarcastically, but a subnetting article could be useful, too. I do see your point about how this could cascade into a paradigm of this community being 'responsible' for teaching all things networking, not just OpenWrt specific stuff. That's why I am hoping there might be some good links we can just share when the issue comes up again.
How and what VPN actually is must exist somewhere on Wikipedia!?
The problem is that all the commercial VPN companies sell their product as “anonymous online experience” which in most cases are bull shit but it sells fine and the customers believe the commercials.
Then they arrive here and want the anonymity experience but without the cost.
But no one say what VPN really is. It is only a secured (from eavesdropping) connection from point A to point B. To be secure you must own and controll both those points.
The issue I was raising initially was the fact that some users don't know that there must be 2 sides to a VPN and that the traffic traverses the tunnel and emerges at those end points. Sometimes people think they only need to setup an endpoint on their router and magically everything is private/secure, not understanding that the traffic needs to be encrypted between 2 points -- where they are and some remote point -- and then it goes out to the broader internet. Other people think that if they have both end points on their own network it secures everything, but obviously that is not the case. But again, not everybody understands how a VPN works in terms of the broad strokes, they just believe that they need one.
There are several main uses cases for VPNs -- one of them is security/privacy as you pointed out, but this is not the only reason to use a VPN.
But touching on privacy/security -- I am (and I think OpenWrt as a larger project/community is) not in the business of auditing/evaluating/recommending any specific VPN providers regarding their claims of anonymity. We also don't make guides/tutorials for connecting to any specific VPNs, but rather provide the framework (and individual assistance within the threads) to help users connect to the VPNs they want to use.
The bottom line is that this equipment is actually heavy weight security equipment if used correctly so the usual RTFM applies. But generally people don’t read the manual.
OVPN (the community open source version) manual is huge! But if the user reads and understands the manual the VPN system works very well.