Setting up OpenVPN on a Pi, but who's watching my server logs?

[Beacon]

so i finally got OpenVPN running on my raspberry pi (took way longer than it should have). privacy was the whole point, right? but now im just staring at the logs. i control the server, so i control the logs. but my ISP can still see the traffic going to the VPS i guess? and the VPS host sees the traffic too. feels like i just moved the problem, not solved it. is the privacy gain from self-hosting even real, or am i just being sus of every company except the one i pay $5/month to? genuinely confused here, the guides never talk about this part.

 

[Boulder]

More than half the traffic info is visible to the VPS host if it's not encrypted end-to-end, so yeah, kinda just moves the privacy problem not solves it.

 

[Tap]

just my 2 cents, if u want true privacy, u gotta use end-to-end encryption, not just vpn. even then, u still gotta worry about endpoint security, not just the tunnel. vpn just hides it from ISPs, not the world.

 

[Blitz]

Start by setting up a VPN that supports double encryption or even layered VPNs, so even if one layer gets exposed, your real data stays hidden. Also, consider routing thru multiple hops if possible, makes it harder for anyone to correlate traffic back to you. ymmv but that kinda adds more privacy for your logs and traffic.

 

[Haste]

Been doing this 2 years and honestly, if you really wanna lock down privacy, look into running a Tor relay or using a service like Mullvad that doesn't keep logs and supports multi-hop routing. It's not perfect but adds layers that ISPs or VPS hosts can't see through easily.

 

[Enclave]

man disagree, I think the privacy gains are kinda limited unless you use multiple layers or a no-logs VPN in front of your Pi. Just self-hosting a VPN mainly hides it from your ISP, but the VPS host still sees the traffic. If you really want privacy, look into adding Tor or using a VPN service that doesn't log at all.

 

[Graft]

so I finally got OpenVPN running on my raspberry pi (took way longer than it should have)? Ever consider just routing all your traffic thru a no-logs VPN before it hits your Pi? That way even if logs get stored, they ain't yours.

 

[Instant]

are you sure about that? if you use a good VPN before your VPS, the host won't see your actual traffic, only the encrypted tunnel from VPN to VPS. but if you just run openvpn on the Pi without extra layers, yeah, the VPS still logs what comes in and out.

 

[Driftwood]

spot on. I ran into this myself when I tried self-hosting. I found that if you route your traffic through a reputable no-logs VPN before it hits the Pi, it's way better. Still, if you want true privacy, you gotta layer it up - like using a VPN + Tor + something like a VPN chaining service. Otherwise, you're just moving the logs around instead of killing them.

 

[Vector]

yo yep exactly, I went down this rabbit hole myself, ended up just using a no-logs VPN like Mullvad before the VPS and honestly felt a lot better, but even then ymmv. That way the VPS only sees encrypted traffic from Mullvad to it, not what's inside. Still not perfect but kinda lowkey peace of mind.

 

[Fade]

yo careful with assuming the VPS host can't see encrypted traffic, they probably can't decrypt it but they still see the data flow. a good tip? run a local DNS resolver on your Pi so they don't see your DNS queries going out,

 

[Scarcity]

saving this for later

 

[Phantom]

bruh, that's kinda the point of encryption tho, vps still sees traffic but can't decrypt it, so it's more about limiting what they can log or snoop on. a no-logs vpn like Mullvad makes it way safer since even they don't keep records.