Use the friend’s network as a VPN/proxy/whatever to obscure my home IP address

And then your friend is responsible for your actions on the internet. The end goal you described is so vague that at least I wouldn’t let your raspberry connect on my network.

There’s a ton of VPN services which give you the end result you want without potential liability or other issues for your friend. If you just want to tinker, this thread has quite a bit of information to get you started.

So, you want the traffic to go other way around. Traffic from the HomeNet should go to the internet via FriendNet, right? In that case, if you want the raspberry box to act as a proxy (or vpn) server, you need to forward relevant ports on the FriendNet to your raspberry pi so that your HomeComputer can connect to the raspberry box.

Or you can set up a VPN and route traffic trough that to the other way. Tunnels work both ways, so it’s possible to set up a route/http proxy/whatever trough the VPN tunnel to the internet, even if the raspberry box is the client from VPN server point of view.

I don’t immediately see the benefit of tunneling your traffic trough the FriendNet to the internet, unless you’re trying to bypass some IP block of something other potentially malicious or at least something being on the gray area. But anyways, you need a method for your proxy client to connect to the proxy server. And in generic consumer space, that needs firewall rules and/or port forwarding (altough both are firewall rules, strictly speaking) so that your proxy server on raspberry box is visible to the internet in the first place.

Once your proxy server is visible to the internet it’s just a matter of writing up few scripts for the server box to send a message to the client end that my public IP is <a.b.c.d> and change proxy client configuration accordingly, but you still need some kind of setup for the HomeNet to receive that, likely a dynds-service and maybe some port forwarding.

Again, I personally would set up something like that with a VPN tunnel from raspberry box to the HomeServer, but as I don’t really undestand what you’re going after with setup like this it’s impossible to suggest anything else.

So, you want a box which you can connect to any network around and then use some other device to connect to your raspberry box which redirects your traffic trough your home connection to the internet?

The easiest (at least for me) would be to create VPN server on your home network. Have a dyndns setup on your home network to reach it in the first place, open/redirect a port for openvpn (or whatever you like) and have a client on raspberry running on it. After that you can connect your other device to the raspberry box (via wifi or ethernet) and create ip-forwarding/NAT rules for your traffic so that everything goes to the raspberry box, then to your home server via VPN tunnel and from there to the internet.

You can use any HTTP proxy with this, or just let the network do it’s thing and tunnel everything via your home connection, but in either case the internet would only see your encrypted VPN traffic to your home network and everything else is originated from your home connection.

You can replace VPN with just HTTP proxy, but both are pretty close the same on the terms of ‘cost’, so your network latency, bandwidth and other stuff doesn’t really change regardless of the approach. But if you just want the HTTP proxy you can forward a port on your home network for the proxy and just use that on your devices without raspberry box and achieve the very same end result without extra hardware.

And obviously, if you go with VPN tunneling for everything, you don’t need raspberry for that either, just a VPN client which connects to your home network and that’s it. The case where you have devices which can’t use VPN directly would benefit from the raspbery box, but if you already can set up a HTTP proxy for the thing you’re actually using, I don’t see the benefit of running a separate hardware for anything.

Some port forwarding or opening ports from firewall is needed on any scenario. But there’s a ton of options to limit access from anyone accessing your stuff. However, this goes way beyond the scope of your question and more details are necessary on what you’re actually trying to achieve with setup like this.

I really like the project and have been happily running it on my home lab for quite a while. But for enterprise their pricing for enterprise use is not really cheap either. 510€/socket/year is way more than the previous vmware deal we’re running. Apparently broadcom has changed their pricing to per core which is just lunatic (it would practically add up to millions per month on our environment), so it’s interesting to see what’s going to happen when our licenses expire.