Holy crap thank you so much. I was literally thinking of figuring out how to do exactly this EARLIER TODAY!
Thank you again for this write up. I have almost all of what you wrote already done (cloudflare, NPM and tailscale setup) but haven't hooked Tailscale and NPM together yet.
I have gluetun+socks5 containea running, then in an app, I put in localip:port into a proxy field. Then that app will use that connection for internet.
Browsers on desktop also support proxies. So if you want a specific browser to always use the VPN, this is a very simple way to do that.
Its not bad using the official wireguard app. Its definitely noticable. On the android battery screen it'll show around 5% after a full day of use and it on always
For an external VPN like mullvad, I run my own proxy. Again it's only available from my VPN or inside my network.
It uses socks5 and gluetun docket containers and in apps that support proxies, I can add my proxy to it and it'll route that traffic through the paid VPN.
Or, a work profile (see shelter) or androids new private spaces.
If you have private spaces, it uses a seperate network. So if you have a VPN installed outside the private space, it won't work on apps inside the space.
So, what you could do is have a paid VPN inside private spaces, and use it and a web browser or whatever there, and use your server's VPN outside the private space.
awesome! i got the same one. still waiting to buy drives, as 2x 16tb drives is a tad expensive. soon ill swap my old $40 to my fancy new one.
im using plain ol debian with docker. barebones but simple and secure.
youll have to update us on using OMV
I have setup the same thing as a temp measure, but i believe that something like Authelia or Keycloak should replace and be better than Cloudflare's email OTP.
running mount prints a lot, but at the bottom it has: shady@192.168.50.16:/home/shady/skynet on /home/skynet type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
Oh fascinating. I'll have to look into that