This is an automated archive.
The original was posted on /r/wireguard by /u/tomado09 on 2023-12-29 18:35:32+00:00.
Coming up soon, I'll be in a country for which it is recommended (and legal, of course) to use a VPN to encrypt all traffic. My sister just got a fat 1Gbps up/down fiber connection at her place (awesome), and I set up a Raspberry Pi with PiVPN to act as a wireguard endpoint. I also have a wireguard endpoint at home (where I host my NAS and a few internal LAN webservices), but alas, my connection is a paltry 140 mbps down / 40 mbps up (ouch). I'd like to have my traffic encrypted at all times with maximum bandwidth (I won't saturate my sister's gigabit fiber, but I'd likely be bottlenecked by my 40mbps at home), and still be able to access my NAS/etc at home.
So my thought is the following: I'll run a full tunnel to my sister's, and if possible, run a split tunnel over that full tunnel to be able to access my services at home. Then only accessing my home services will be constrained by the 40 mbps bandwidth. A few questions:
- Is this a good way to solve this problem?
- How would I go about doing this? Is this something I need to implement client-side (Macbook Pro / Android phone)? Or is this something that needs to be set up on the raspberry pi?
- Is there a better way? Simply having a split tunnel to home (and therefore not encrypting the rest of my traffic) is something I'd prefer not to have to do. I suppose I could just swap back and forth between sister and home full tunnels when accessing home services vs general internet browsing.... but this allows the possibility of some traffic unencrypted "leakage" while shutting down one tunnel and starting another.
Maybe I'm just overthinking this in general. What do y'all think?