I'm not sure that making 'security' easy in this style helps people. Say you set this up, and you get yourself that nice cosy feeling of security, how does that compare to reality? People used to buy anti-virus software to buy 'security' and it turned out to not really help against actual problems like zero-day malware. Now, we get VPNs and people that don't actually know what they are or how they work or what they're for install and 'use' them (for lack of a better term) and get that sense of security with no backing. How is it secure for them? Is it still secure after one month? Was it secure to begin with?
Security isn't a thing that you 'buy' or 'add', it's something that you 'do' and 'know'.
Using a VPN server and a VPN client doesn't do anything other than getting traffic from A to B over a presumed hostile network. Ideally using asymmetrical encryption to make sure the keys don't have to travel the network. Then, you sure probably use that tunnel to send all traffic, not just your p2p or http traffic. Using DNS over the normal network and your 'secret' stuff over the tunnel still exposes what you are doing and actually makes you more suspicious since you now look like you are trying to hide things (and doing a bad job at it). And what about firewalls, WebRTC hacks, routing tables etc. that now expose your network setup to any software you execute (be it an application or a webpage), or applications that don't honor your VPN setup and route packets wherever they want to. What about your OS routing stuff elsewhere? What about that Pi not being setup correctly and you happily using it but still leaking a ton of traffic over the visible network? A user of an easy VPN setup will not know and be covered by a false sense of security.
Even if you have perfect instructions and set it up perfectly initially, you would still be vulnerable down the road as new problems arise and mitigations might be available but unknown due to a user not actually knowing what it is or what they are doing.
As a single hop proxy, VPNs are pretty limited in terms of the OPSEC they provide. Personally I only ever use them to route traffic over hostile networks, and spoof my geolocation to access geo-blocked content. That's all they should be used for[1]
They for obvious reasons should not be used for anonymity[2] although for some this is the sole reason they use a VPN. I think, since they are a single hop proxy, that chaining VPNs together and buying subscriptions anonymously with tumbled Bitcoins/Monero is the only way you might get anonymity, but the overhead and potential for things to go wrong is massive. Things like Tor already solves many of these obstacles and provides reasonable OPSEC, providing you use it correctly.
Yet even tor is fairly compromised in that the evidence presents that it has already been tapped by the NSA, and even using it puts you on a watchlist irregardless of your actions.
Yet again, the charming HN audience shows their true colors by downvoting people who have no proof of what they claim, while conveniently forgetting that if anyone had a proof of what you said they'd be in a secret court, and then prison -- for a long time.
While this is true in an ideal world, I think there is also something to be said against an honest attempt to 'do it yourself', and then getting it wrong. Like many things that seem relatively straightforward at first glance, VPNs are a rabbit hole of networking theory that are quite likely to cause anyone who's not an enthusiast to lose interest.
Well, I guess it depends on your use case. If you want to be able to access the Nextcloud instance you are running on a little home server, for example, it's certainly a much better solution to have a proper VPN for accessing your home network than to forward any traffic to all the ports that you have to use for the various protocols Nextcloud supports.
Security isn't a thing that you 'buy' or 'add', it's something that you 'do' and 'know'.
Using a VPN server and a VPN client doesn't do anything other than getting traffic from A to B over a presumed hostile network. Ideally using asymmetrical encryption to make sure the keys don't have to travel the network. Then, you sure probably use that tunnel to send all traffic, not just your p2p or http traffic. Using DNS over the normal network and your 'secret' stuff over the tunnel still exposes what you are doing and actually makes you more suspicious since you now look like you are trying to hide things (and doing a bad job at it). And what about firewalls, WebRTC hacks, routing tables etc. that now expose your network setup to any software you execute (be it an application or a webpage), or applications that don't honor your VPN setup and route packets wherever they want to. What about your OS routing stuff elsewhere? What about that Pi not being setup correctly and you happily using it but still leaking a ton of traffic over the visible network? A user of an easy VPN setup will not know and be covered by a false sense of security.
Even if you have perfect instructions and set it up perfectly initially, you would still be vulnerable down the road as new problems arise and mitigations might be available but unknown due to a user not actually knowing what it is or what they are doing.