If I'm understanding correctly, I think I've actually done something similar with tailscale. I run a VPN on my server and use it as a tailscale exit node (since it's always running, I never have to worry about it turning off) and this allows me to connect to my server remotely while using a VPN, since Android also doesn't allow simultaneously VPN connections
this post was submitted on 25 Jun 2024
28 points (96.7% liked)
Selfhosted
37722 readers
429 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
Interestingly (I just found this out) Android permits 1 VPN connection per user profile.
So I run a VPN in my regular profile, and found my work profile wasn't using it. So I installed Tailscale there, and it works only in the work profile, while my regular VPN only works in my main profile.
If always assumed VPN config was a system-wide thing.
I remember figuring this out when I realized my vpn wasn't connecting while I was inside of my secure folder, which acts like it's own user profile
Yeah I think we’re talking about the same thing. Got any guidance on how you set that up?
tailscale also just has a button to buy/enable mullvad as an exit node. if you're just looking for a commercial vpn for privacy it works well.
You need a VPN that can split tunnel by ip via CLI (although I think it's also possible to set it up in an ovpn file, but I haven't tried it). The only one I've found that can do this natively is proton, specifically the python community version.
I don't know how this next part works if you use something that isn't tailscale, but if you do then just set proton's split tunneling for 100.64.0.0/10
Then, still on this machine, advertise the exit node from tailscale (you also have to allow it from your tailscale admin console). Connect to it from your phone, making sure to use the server as an exit node, and head over to ip.me to see if it's working
I’ve done this with Tailscale and a VPS running WireGuard on one interface and Tailscale on another on Alpine Linux. I just set up routing so that any Internet traffic coming from tailscale0 is masqueraded/NAT over the wg0 interface. It took me months of screwing around to figure it all out, but I can provide all the necessary commands here if anyone wishes.
It should be generic enough to use with any two interfaces given one is your “internal” VPN and another is some other VPN (probably from a commercial offering).
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| IP | Internet Protocol |
| NAT | Network Address Translation |
| VPN | Virtual Private Network |
3 acronyms in this thread; the most compressed thread commented on today has 13 acronyms.
[Thread #829 for this sub, first seen 26th Jun 2024, 02:05] [FAQ] [Full list] [Contact] [Source code]
I would be interested to hear how this goes. I had this setup with tailscale but having it run 24/7 on both our phones drained the battery really quickly. That being said I was running full tunnel and also needed home assistant background location running as well.
Pretty sure that was home assistant. I had the same issue. Phone would even get piping hot. Killed home assistant, problem solved. I'm connected to VPN to home using openvpn 24/7. Too lazy to switch to wireguard :p
Hmm yeah makes sense, I just can't do it since then I would need VPN app and home assistant app running 24/7 lol. I need location for home assistant and both appa are too much for my wife's iPhone. I might tey again but with gpslogger instead of home assistant for location.
You can add multiple peers WireGuard but not multiple interfaces. If the IPs line up well it can work. You can also NAT through a device if the IPs don't line up well.
Seems like a good way to do it, would be fun to try that setup myself.
@brownmustardminion i think it depends on how secure your mobile phone is.
I would say pretty secure. Of course, I would ensure all of the proper firewall, app pins, 2FA are in place in case my phone was ever compromised.
I'm already accessing all of the services now over the web with authentication. This new configuration would shift thos services from being public to only devices on my private mesh network with the proper certificates.