I’ve made a few posts in the past about my experimentation with connecting various devices and servers over a VPN (hub and spoke configuration) as well as my struggles adapting my setup towards a mesh network.
I recently decided to give a mesh setup another go. My service of choice is Nebula. Very easy to grasp the system and get it up and running.
My newest hurdle is now enabling access to the nebula network at the same time as being connected to my VPN service. At least on iOS, you cannot utilize a mesh network and a VPN simultaneously.
TLDR: Is it a bad or a brilliant idea to connect my iOS device to a nebula mesh network to access for example my security camera server, as well as route all traffic/web requests through another nebula host that has a VPN such as mullvad on it so I can use my phone over a VPN connection while still having access to my mesh network servers?
If I’m understanding correctly, I think I’ve actually done something similar with tailscale. I run a VPN on my server and use it as a tailscale exit node (since it’s always running, I never have to worry about it turning off) and this allows me to connect to my server remotely while using a VPN, since Android also doesn’t allow simultaneously VPN connections
Yeah I think we’re talking about the same thing. Got any guidance on how you set that up?
You need a VPN that can split tunnel by ip via CLI (although I think it’s also possible to set it up in an ovpn file, but I haven’t tried it). The only one I’ve found that can do this natively is proton, specifically the python community version.
I don’t know how this next part works if you use something that isn’t tailscale, but if you do then just set proton’s split tunneling for 100.64.0.0/10
Then, still on this machine, advertise the exit node from tailscale (you also have to allow it from your tailscale admin console). Connect to it from your phone, making sure to use the server as an exit node, and head over to ip.me to see if it’s working
tailscale also just has a button to buy/enable mullvad as an exit node. if you’re just looking for a commercial vpn for privacy it works well.
@DesolateMood @brownmustardminion if you root it, you can run multiple VPNs simultaneously. I’m always connected to my VPS for some services and to my home for Home Assistant (all with Wireguard).