There is some part of me thinking if my providers servers go down my router may fallback to WAN, should I run an additional VPN connection on the device/server itself just in case?

It’s been about a year with this setup however this potential issue has been irking me.

Edit: Kill-switch is disabled on the router’s tunnels as it appears to be bugged in two ways. 1) any manual DNS settings get disregarded network-wide 2) it kills all network connections and not just the devices affected.

top 10 comments

sorted by: hot top controversial new old

[–] WeirdGoesPro@lemmy.dbzer0.com 11 points 1 month ago (1 children)

What are you hiding? /s

I think you could do that, but you will be further bottlenecking your bandwidth, and you will be adding an extra layer of complexity that could lead to unforeseen issues down the road.

Personally, I would just enable the kill switch, or run the VPN client side, but not double it up with 2 VPN’s.

[–] JackAttack@lemmy.dbzer0.com 2 points 1 month ago* (last edited 1 month ago)

Kind of seconding this, I can't speak for VPN routers, but i recently had a leak when I thought my kill switch was on and apparently something failed (probably me).

From now on I run both my PCs VPN as well as bind it directly to the torrent client. Same connection, just extra "kill switch" coverage.

Of course it all depends on how you want to do things/does all traffic need to route through a vpn/etc.

[–] catloaf@lemm.ee 5 points 1 month ago (1 children)

I only run my VPN client-side so that the rest of the traffic isn't affected.

[–] GuardYaGrill@sh.itjust.works 1 points 4 weeks ago (1 children)

Hm, in my current state I’ve configured my router to essentially route all bandwidth to the closest server my VPN provider offers. I utilize other tunnels for bypassing censorship and or torrenting.

So far the year has been solid, I think I’m going to keep chucking away down this path since it does reduce resources on my server.

[–] MalReynolds@slrpnk.net 1 points 4 weeks ago

I run a gluetun docker (actually two, one local and one through Singapore) clientside which is generally regarded as pretty damn bulletproof kill switch wise. The arr stack etc uses this network exclusively. This means I can use foxyproxy to switch my browser up on the fly, bind things to tun0/tun1 etc, and still have direct connections as needed, it's pretty slick.

[–] Coldmoon@sh.itjust.works 2 points 4 weeks ago

I’d just stick with a kill switch.

[–] Geodad@lemm.ee 1 points 3 weeks ago (1 children)

What’s a good VPN service? Is Proton still good?

[–] swizzlestick@lemmy.zip 3 points 3 weeks ago (1 children)

I have settled on Mullvad, for their simplicity and payment methods.

[–] Geodad@lemm.ee 1 points 3 weeks ago

They’re the other one that I hear highly recommended.

[–] swizzlestick@lemmy.zip 0 points 3 weeks ago* (last edited 3 weeks ago)

I run a split environment. Main router is set up 'normally' with what other people in the house and visitors would expect.

Attached to that is a Pi running an OpenVPN client and a hostapd server that broadcasts a separate WiFi network. Iptables on the Pi are set to only ever allow Internet traffic through the VPN as a killswitch (except for OpenVPN, to prevent a chicken-egg situation), and any wifi clients connected via hostapd are routed through it.

A script occasionally changes the VPN endpoint to keep it interesting. This Pi also acts as a qbitorrent client that stores downloads to a local NAS.

It's a best of both setup that has been stable for over 5 years now.