I’m doing a crude version of this with a Flint 2 router and Mullvad. Don’t enjoy fiddling with my network (and upstream is unreliable for now, making troubleshooting an irritating game of crossing off doubts each time I have issues, rather than learning things better).
At the moment I just have a guest Wifi that doesn’t get VPN’ed for things like Roku devices and such (slowly migrating the home away from stuff like this).
I appreciate the always-on “blanket” traffic tunneling, a lot. But I’d like a more flexible setup - things like allowing access to Jellyfin from guest Wifi (or similar), site-specific exclusions or other workarounds for when I need to reach a banking site that has predictable VPN complaints, etc.
Not a fan of just playing house-wide VPN exit whack-a-mole each time myself or someone else experiences an issue, but maybe that’s part of the game.
Know of any good starting points for the flexibility I’m describing? Probably just need to learn LuCI and firewall and VLAN principles?
I also have an SSID that doesn’t get VPN’d, though my DNS is always VPN’d.
As for accessing JellyFin, etc., I think we have somewhat different setups. My self hosted services are by default accessible without a VPN (SSID is on a VLAN with e.g. 192.168.0.0/24, servers are on 192.168.1.0/24, router routes between them). For the blanket VPN’d SSID I have a routing rule that routes over the main, not VPN, table, so local services can be accessed.
So: local traffic has a rule to route without VPN, reddit routes with a specific VPN, and general traffic routes with a different VPN.
There are lots of VLANs involved in my setup, and I’m sure it’s overly complicated and has gaping security issues, but it’s just a home network and it’s kinda fun :(
I’m doing a crude version of this with a Flint 2 router and Mullvad. Don’t enjoy fiddling with my network (and upstream is unreliable for now, making troubleshooting an irritating game of crossing off doubts each time I have issues, rather than learning things better).
At the moment I just have a guest Wifi that doesn’t get VPN’ed for things like Roku devices and such (slowly migrating the home away from stuff like this).
I appreciate the always-on “blanket” traffic tunneling, a lot. But I’d like a more flexible setup - things like allowing access to Jellyfin from guest Wifi (or similar), site-specific exclusions or other workarounds for when I need to reach a banking site that has predictable VPN complaints, etc.
Not a fan of just playing house-wide VPN exit whack-a-mole each time myself or someone else experiences an issue, but maybe that’s part of the game.
Know of any good starting points for the flexibility I’m describing? Probably just need to learn LuCI and firewall and VLAN principles?
I also have an SSID that doesn’t get VPN’d, though my DNS is always VPN’d.
As for accessing JellyFin, etc., I think we have somewhat different setups. My self hosted services are by default accessible without a VPN (SSID is on a VLAN with e.g.
192.168.0.0/24, servers are on192.168.1.0/24, router routes between them). For the blanket VPN’d SSID I have a routing rule that routes over the main, not VPN, table, so local services can be accessed.So: local traffic has a rule to route without VPN, reddit routes with a specific VPN, and general traffic routes with a different VPN.
There are lots of VLANs involved in my setup, and I’m sure it’s overly complicated and has gaping security issues, but it’s just a home network and it’s kinda fun :(
Haha don’t sweat it, I certainly won’t be poking holes in your config. Thanks for the rundown!