Is there any way to set up home-made VPN with encryption so ISP cannot see data?

More specifically, I would like to host VPN server on my own hardware, without relying on third party providers. There are plenty of guides how to realize it on internet, but they all assume that this solution focus on security, not anonymity, because at the end of the day all traffic goes unencrypted to ISP, which makes whole idea pointless for my needs (security without privacy sounds pretty dumb, doesn't it?)

Is there any possibility to encrypt own server it so ISP would only see IP and metadata related with?

Please correct me if I am wrong (I have done some research at this topic before asking).

Best Regards,

That Curious Guy


TL;DR: The answer to your question is no, but you're asking the wrong question.

I think you might be a little confused about how Internet servers (including VPN servers) operate. Your ISP can read any traffic leaving your local network, and it can understand that traffic if the traffic is not encrypted. Whether the traffic is encrypted primarily depends on who you're communicating with. If you're communicating with a TLS server (such as an HTTPS web site), it's encrypted. If you're communicating with an SSH server, it's encrypted. If you're communicating with a VPN server, it's encrypted.

However, if the server then makes a further request (i.e. now acts as a client, or proxy) out to the Internet (for example, a VPN server going to fetch a page that you requested via the VPN connection), that server's ISP will see the connection (and be able to understand it, if it isn't encrypted). If your VPN server's ISP and your ISP are the same thing, then that doesn't achieve much. If they're on the same local network (i.e. they access that same ISP through the same connection) then it doesn't achieve anything at all!

If you want your communications to be private, you need to only communicate with third-parties (usually servers, since you're usually acting as a client and initiating the requests) that support encryption. You can also use end-to-end encryption between two clients (for example, secure messaging apps like Signal or email encrypted with PGP or S/MIME). If you want to communicate with a third party that doesn't support encryption, then your communication will need to be in-encrypted at least part of the way!

Now, if you're only concerned about your ISP, and not about anything else, then you only need the connection to be encrypted between your local network (realistically, it'll start at your PC) and some other computer. This is where @Dodekeract's suggestion to use a third-party VPN provider, or to use TOR, comes in. With a VPN provider, your communications between your PC and the VPN provider are encrypted - your ISP can't read them, even to know where the traffic is supposed to eventually end up - though the communications between the VPN provider and the end target may still not be encrypted (depends whether the end target supports encryption). With TOR, your communications basically get bounced around a lot, all encrypted, so your ISP not only can't tell what you're saying, they can't even tell where the message will be routed from after it leaves the encrypted channel.

Hope that clears things up.

Category: encryption Time: 2016-07-29 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.223 (s). 12 q(s)