VPN Explanation and Privacy Concerns
Computer networking is a vast and complex area of study. While a VPN itself is simple to explain, that assumes you already have a fundamental understanding of several computer networking concepts. This page assumes you do not have these fundamental understandings. With this in mind, this page is purposefully incorrect and over-simplistic with its explanations in the interest of easier understanding. Do not use this page as a factual/educational resource. For further reading, visit Wikipedia's article on VPNs.
Understanding a virtual private network is actually fairly simple, but by better understanding the technology you may begin to ask questions about privacy and security implications.
ZeroTier
ZeroTier is a company that produces peer-to-peer VPN software which we use for connecting to our services. While I will often refer to the software as ZeroTier, the software itself is technically called ZeroTier One. ZeroTier provides a web-based control panel for my VPN network where I can configure access to the network and customize firewall rules.
ZeroTier One
The VPN client itself is what you will interact with and it comes in two parts: a user-interface (UI) program and the actual VPN connection service. Whenever you interact with ZeroTier, you are actually interacting with that UI program and not the VPN itself. The VPN is run by a background program (service in Windows). From the UI program, you can connect/disconnect from the network which essentially enables/disables the background program, but it is important to understand that these are two separate things.
Firewall
My VPN has a fairly strict firewall configuration. The actual, raw firewall configuration can be found on the wiki, but a summarized version is provided below. For any given piece of data sent on the VPN, its details are matched with the rules below in order from top to bottom. The moment a successful match is made, the rule is processed and no further rules are considered. For example, if a piece of data is web traffic and its headed to my wiki then it will be allowed. If it's web traffic but its trying to go to another client on the network then it will be dropped.
| Rule |
Protocol |
From |
To |
| Allow |
ARP |
Everyone |
Everyone |
| Allow |
Anything |
My Servers |
Everyone |
| Allow |
ICMP |
Everyone |
My Server |
| Allow |
DNS |
Everyone |
DNS Server |
| Allow |
HTTPS |
Everyone |
Wiki |
| Allow |
Various Ports |
Everyone |
My Various Servers |
| Drop |
Anything |
Everyone |
Everyone |