So i know i could use tailscale here, but im trying to avoid continuing to use external services like that, plus the performance isnt great over tailscale for me, even on a 1G line.
So i have a self hosted wireguard which works and it connects to my pihole, however id like it to essentially work like the following.
Phone > wireguard / home lab > mullvad when leaving home.
Now since mullvad closed port forwarding this makes it a bit harder.
I believe you can do this with Tailscale + Mullvad purchased through Tailscale.
You’d use Tailscale to connect to create an “overlay” network that connects your devices securely whether they are within or outside your LAN, and set it up to route traffic through Mullvad. IIRC tailscale uses Wireguard under the hood.
You could consider creating a Mullvad connection from your home lab server and route all of your remote traffic out through the Mullvad connection while routing any local traffic to your homelab. Essentially you’d be:
Phone → HomeServer → Mullvad
Wireguard from Phone to Home Server
Home Server to Mullvad
You’d need to allow your home lab server to forward traffic, essentially acting as a router.
I’m very interested in this set-up. I have set-up Wireguard, and Tailscale / Mullvad is an option for me as well. Right now, I’m using Umbrel to self-host, so I’m not sure how to connect my home server to Mullvad. Maybe this is something I have to do on a NAS once I get one.
Tailscale is user-friendly and simple to set up. Personally, I prefer minimizing third-party dependencies for basic tunnel setups and enjoy a deeper understanding of the configuration process. Configuring a WireGuard client on a Linux server is straightforward. While the Mullvad GUI client might work well, you can generate a WireGuard configuration from Mullvad and manually configure it on your server:
On OpenWRT, you can use Policy Based Routing to accomplish this. It’s not as flexible as using the Mullvad app directly, but it does allow you to connect to your home server will still having outbound traffic in Mullvad. Expect performance penalties for doing so.
Yes, this logic makes great sense in your router, as long as the router is well suited to handle multiple VPN cryptography operations with ease.
I’ve used this set up for quite some time with little latency impact for general web browsing, streaming, and even real-time video. If you have enough resources to handle multiple crypto tunnels and do not typically travel far from your home lab, I’ve found the latency overhead to be completely acceptable and usually unnoticeable. I imagine if you’re far from your home lab, you’ll see noticeably more latency.