I set up Wireguard on my phone, server, and computer to let my phone access my home network when I’m outside of it.

It works for the most part, but the inconvenient thing is that on Android you can only have 1 VPN running at a time. I want to use Mullvad VPN for the rest of my network connections for privacy.

I could make a single Wireguard config that defines 2 peers to connect to mullvad and my home VPN at the same time, but by doing this, I lock myself to a single server without the benefits of being able to swap servers at the same time.

Locking myself to a single mullvad server results in:

  • less privacy, since my IP is more static
  • inability to switch to bypass a VPN block

On desktop, I can have multiple wireguard VPNs at once, but if I have both running at the same time, then my LAN is accessed over the home VPN which is routed through Mullvad VPN. It goes

Computer -> Mullvad server -> Home VPN -> Home server

which is pretty wasteful.

Additionally, I’d prefer not to not do something like: Phone -> Home VPN -> Mullvad server -> destination, as my upload speed is pretty bad and this would throttle every non-local connection

What options do I have?

  • AtariDump@lemmy.worldEnglish
    12·
    14 hours ago

    I do, and the point still stands. If this is something vital to you, why not let someone else be responsible for security/hosting/issues/etc.

    • acid_falcon@lemmy.worldEnglish
      21·
      13 hours ago

      Alright, I’ll entertain this a little. Besides the one issue that I just brought up, there are no other issues. I host a dozen other things, and the VM I have it on is sandboxed besides the wireguard tunnel, so security isn’t a problem.

      The better question, is why not self host?

      • AtariDump@lemmy.worldEnglish
        11·
        5 hours ago

        Because something that’s critical to my environment (passwords) should be hosted by a company that can provide updates, patching, and remote access more securely than I can.

        Everyone thinks that they can self host critical infrastructure better than a paid service, and that may be true for a while. But life has a way of interrupting the best laid plans. Suddenly, one day, you’re several versions out of date and a different vulnerability is used to get in your network. Now you’re like that LastPass employee that was compromised via an out of date plex server.

        I have the space and the know how to host my on bitwarden/vaultwarden. But I don’t. Because that’s critical infrastructure and I’ll gladly pay for someone else to host it / patch it / etc.

        • acid_falcon@lemmy.worldEnglish
          2·
          3 hours ago

          I kinda get what you’re saying, but it’s not like I’m writing the password manager myself. The updates are automatic, and when it’s not updating the VM it’s hosted on has network restricted to everything but wireguard and for the bitwarden service. For me to get hacked, there would have to be a zero day exploits for my hypervisor, wireguard, and bitwarden all on the same day.

          I understand what you’re getting at, but it’s not a publicly hosted service. It’s literally just for myself.