2023-11-21, 03:20 PM
(This post was last modified: 2023-11-21, 03:22 PM by tmsrxzar. Edited 1 time in total.)
that's quite a question which does not have a single simple answer, i will try to provide some context but i prefer not to get extensively in detail
2 ways to tunnel, 2 ways to connect, 2 ways to encrypt, 1 way to not encrypt
tunnel 1 routes ALL traffic from your PC to a remote server; your traffic is not visible to any in between points and not even a connection status stating you are accessing any certain IP, typically setup as a "default gateway" on your device
tunnel 2 routes ONLY traffic destined to a remote LAN; when you access any resource on the remote network 192.168.99.x it is routed to your VPN typically setup as a single entry route with "route add"
connection 1 is TCP which your ISP will certainly see that you are connected to a remote machine
connection 2 is UDP your ISP may know you are broadcasting to a remote IP but is typically not logged (afaik) and is stateless (no constant connection), OpenVPN uses this
encryption applies to tunnel 1 and all the traffic from your machine to anywhere is encrypted
encryption applies to tunnel 2 and only the traffic to your remote LAN is encrypted
i am not aware of any VPN that does not use encryption so anything you are accessing on your jellyfin server on the remote LAN would be encrypted to you in either tunnel 1 or 2
if you use a public VPN then subseqently access your jellyfin server via HTTP (not HTTPS) on another network it will be visible in the VPN traffic on the server but encrypted to you
UDP or TCP would come down to anonymity and speed, other than those factors i am not sure one is better than the other
and finally there are DNS lookups which are not encrypted at all so even people being clever don't realize their ISP is logging every site that is looked up (just an aside, has no bearing on your question)
in short if you are using a VPN to access jellyfin then it is always encrypted to you no matter what network (coffee shop w/e) you are connected to
2 ways to tunnel, 2 ways to connect, 2 ways to encrypt, 1 way to not encrypt
tunnel 1 routes ALL traffic from your PC to a remote server; your traffic is not visible to any in between points and not even a connection status stating you are accessing any certain IP, typically setup as a "default gateway" on your device
tunnel 2 routes ONLY traffic destined to a remote LAN; when you access any resource on the remote network 192.168.99.x it is routed to your VPN typically setup as a single entry route with "route add"
connection 1 is TCP which your ISP will certainly see that you are connected to a remote machine
connection 2 is UDP your ISP may know you are broadcasting to a remote IP but is typically not logged (afaik) and is stateless (no constant connection), OpenVPN uses this
encryption applies to tunnel 1 and all the traffic from your machine to anywhere is encrypted
encryption applies to tunnel 2 and only the traffic to your remote LAN is encrypted
i am not aware of any VPN that does not use encryption so anything you are accessing on your jellyfin server on the remote LAN would be encrypted to you in either tunnel 1 or 2
if you use a public VPN then subseqently access your jellyfin server via HTTP (not HTTPS) on another network it will be visible in the VPN traffic on the server but encrypted to you
UDP or TCP would come down to anonymity and speed, other than those factors i am not sure one is better than the other
and finally there are DNS lookups which are not encrypted at all so even people being clever don't realize their ISP is logging every site that is looked up (just an aside, has no bearing on your question)
in short if you are using a VPN to access jellyfin then it is always encrypted to you no matter what network (coffee shop w/e) you are connected to