Jellyfin Forum
Unraid, Jellyfin, VPN Networking Question - Printable Version

+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: General Questions (https://forum.jellyfin.org/f-general-questions)
+--- Thread: Unraid, Jellyfin, VPN Networking Question (/t-unraid-jellyfin-vpn-networking-question)



Unraid, Jellyfin, VPN Networking Question - Nobar8 - 2023-11-21

I want to preface this by saying this is a newb level networking question I'm encountering as I try and figure out unRAID. I've looked more than I care to admit and think I know the answer, but want to verify.

I have a basic understanding of commercial VPNs. I connect which creates a VPN tunnel to their server. It treats me as if I'm on that network. The data that is transmitted between and their server and me is encrypted/secure. My ISP will see I'm connected to that server but not the contents of the data. Anything I do while connected to the VPN, I guess past that endpoint, works like normal and isn't necessarily secure.

I'm comparing that to the built-in wireguard for unRAID and get a little confused because I'm on both sides. When I set it up and connect to my server for remote access, I'm creating a VPN tunnel between the device I'm on and my server. That connection is secure and it treats me as if I'm on my network. The traffic between my device and the server is encrypted/secure, so whatever public wi-fi I'm on will see what I'm connected to, but not what is being transmitted.

If I were to then open a browser and start surfing the web, all of that traffic between my server and whatever sites I'm visiting works like normal. Where I'm a little confused is what happens when the data is stored on my server that I access remotely.

For instance, say I have a folder of home videos that I would normally access through Jellyfin while at home. If I'm on my home network, I can disconnect the modem and view them like normal. There's nothing going out externally. However, if I'm accessing it remotely the data has to go out externally. Does that traffic simply go through the VPN tunnel? Meaning the public wi-fi I'm on will see I'm connected but not the contents of the data being transmitted, and my server's ISP will see a device is connected and data is being transmitted - but not the contents? I think yes, but would appreciate confirmation or feedback.


RE: Unraid, Jellyfin, VPN Networking Question - tmsrxzar - 2023-11-21

that's quite a question which does not have a single simple answer, i will try to provide some context but i prefer not to get extensively in detail

2 ways to tunnel, 2 ways to connect, 2 ways to encrypt, 1 way to not encrypt


tunnel 1 routes ALL traffic from your PC to a remote server; your traffic is not visible to any in between points and not even a connection status stating you are accessing any certain IP, typically setup as a "default gateway" on your device

tunnel 2 routes ONLY traffic destined to a remote LAN; when you access any resource on the remote network 192.168.99.x it is routed to your VPN typically setup as a single entry route with "route add"


connection 1 is TCP which your ISP will certainly see that you are connected to a remote machine

connection 2 is UDP your ISP may know you are broadcasting to a remote IP but is typically not logged (afaik) and is stateless (no constant connection), OpenVPN uses this


encryption applies to tunnel 1 and all the traffic from your machine to anywhere is encrypted

encryption applies to tunnel 2 and only the traffic to your remote LAN is encrypted


i am not aware of any VPN that does not use encryption so anything you are accessing on your jellyfin server on the remote LAN would be encrypted to you in either tunnel 1 or 2

if you use a public VPN then subseqently access your jellyfin server via HTTP (not HTTPS) on another network it will be visible in the VPN traffic on the server but encrypted to you


UDP or TCP would come down to anonymity and speed, other than those factors i am not sure one is better than the other

and finally there are DNS lookups which are not encrypted at all so even people being clever don't realize their ISP is logging every site that is looked up (just an aside, has no bearing on your question)



in short if you are using a VPN to access jellyfin then it is always encrypted to you no matter what network (coffee shop w/e) you are connected to