I set up Wireguard on my phone, server, and computer to let my phone access my home network when I’m outside of it.
It works for the most part, but the inconvenient thing is that on Android you can only have 1 VPN running at a time. I want to use Mullvad VPN for the rest of my network connections for privacy.
I could make a single Wireguard config that defines 2 peers to connect to mullvad and my home VPN at the same time, but by doing this, I lock myself to a single server without the benefits of being able to swap servers at the same time.
Locking myself to a single mullvad server results in:
- less privacy, since my IP is more static
- inability to switch to bypass a VPN block
On desktop, I can have multiple wireguard VPNs at once, but if I have both running at the same time, then my LAN is accessed over the home VPN which is routed through Mullvad VPN. It goes
Computer -> Mullvad server -> Home VPN -> Home server
which is pretty wasteful.
Additionally, I’d prefer not to not do something like: Phone -> Home VPN -> Mullvad server -> destination, as my upload speed is pretty bad and this would throttle every non-local connection
What options do I have?
Why don’t you just use Shelter to create a work profile on your phone? The work profile can have a second vpn connection. I do this with my homeserver. The apps that connect to the home server are installed in the work profile so they have permanent access to the homeseraer while the normal profile is on my external vpn.
This is so close to what I need. Unfortunately I have a self hosted bitwarden, and when the app is installed it doesn’t auto fill passwords in apps to the other account
Okay so… what about using tailscale? You set as exit node your server, which is configured with gluetun to connect to a VPN (or ideally, it’s online through a router that has itself a VPN for all the connections). Then you connect through tailscale to your homeserver and exit the internet through it (which is already under a VPN).
Why not just pay for Bitwarden.
Uh. You know you’re responding in a self hosting community right? Should I explain why we’re all here?
I do, and the point still stands. If this is something vital to you, why not let someone else be responsible for security/hosting/issues/etc.
Alright, I’ll entertain this a little. Besides the one issue that I just brought up, there are no other issues. I host a dozen other things, and the VM I have it on is sandboxed besides the wireguard tunnel, so security isn’t a problem.
The better question, is why not self host?
Because something that’s critical to my environment (passwords) should be hosted by a company that can provide updates, patching, and remote access more securely than I can.
Everyone thinks that they can self host critical infrastructure better than a paid service, and that may be true for a while. But life has a way of interrupting the best laid plans. Suddenly, one day, you’re several versions out of date and a different vulnerability is used to get in your network. Now you’re like that LastPass employee that was compromised via an out of date plex server.
I have the space and the know how to host my on bitwarden/vaultwarden. But I don’t. Because that’s critical infrastructure and I’ll gladly pay for someone else to host it / patch it / etc.
I kinda get what you’re saying, but it’s not like I’m writing the password manager myself. The updates are automatic, and when it’s not updating the VM it’s hosted on has network restricted to everything but wireguard and for the bitwarden service. For me to get hacked, there would have to be a zero day exploits for my hypervisor, wireguard, and bitwarden all on the same day.
I understand what you’re getting at, but it’s not a publicly hosted service. It’s literally just for myself.
Even if using their servers, it still can’t access apps inside a work profile