Hey fellow selfhosters! Hope you're doing well, today I would like to have some help to know how I could make this project a reality. So I would like to give to friends and family a VPN access to my homelab (probably with Wireguard).
I also have a VPS in the cloud and I can VPN to it to anonimize outgoing connections.
So basically in the case that a friend ask a local service I want the request to come to my home with his VPN connection and then comeback directly from my home.
In the case that a friend request google[dot]com I want the request to come to my house and then go trough the VPS to make the request from it and not from my home. Then comeback from google to the VPS to my home to the client.
The principal issue I have is how can I route my services directly trough my home without going into the regular WWW, but make all other requests to go trough the VPS and to the WWW
If you need some more explanations or infos, feel free to ask.
PS : I also self host PiHole so all the DNS requests should go trough it (and maybe I could use it to route requests where I want by tweaking my domain request to local IPs?)
Nah it's not what I want to do.
The request from client for local services goes trough the first VPN and are resolved in my home and then comeback.
The request from client to outside services goes trought my home with the first VPN, are resolved here and then go to the internet trough the second VPN and then comeback to the client
What you’re describing is overly complex routing, and split DNS.
Join all clients to a single network.
I want to protect my home services, so when accessing my domain it goes trough the vps and you only knows its IP (a datacenter IP) but for my friends and family I don't need this protection so they are accessing my home with a VPN connection and btw they are using the vps to make requests and so protect their privacy.
The simple solution (since my services are publicly available), would be to route all traffic coming from my friends trough my home and then through the vps. But I don't like this idea since it would add a lot of latency and useless traffic since the client is already going trough my home...
So my question is how could I route directly to the client the local services and let go through the vps the rest of the traffic?
The answer here is still a single vpn, and Tailscale makes this even easier.
Don't think so, but I will try to check it