I use a VPN for privacy reason (Proton).
But I need another one (Tailscale) in order to acces my local network from everywhere outside my house.
Each time I need to access my local network, I have to switch from Proton to Tailscale.
Is there a solution to avoid this manipulation ? As far as I know, I can’t have 2 VPN in Android as there is only one VPN slot.
If I root my phone, will I be able to force the access of one app to Tailscale and all the other traffic through Proton ?
Or does anybody have a solution for that ?
I would probably set up Proton on your router, so your entire home network would be protected, and then just be on tailscale from the phone consistently
Could do but there are things to consider.
Proton VPN over OpenVPN on a router will do max 40MB/s
Unless you have a wireshark option on your router it’s slow.
Why have constant vpn to home lan? You need file access?
There are ways around that.
I didn’t think about that solution. I have to buy a router (my ISP box is not really “set-able”).
So what you mean is to set Proton on the router, access my LAN from everywhere with tailscale and using the router as exit node to allow browsing ? That may work indeed.
Proton uses Wireguard protocol, as well as Tailscale. Do you think going through a first tunnel from the phone to my home network, and using another one from my router to internet will slow the trafic ? It’s 2 VPN one after the other, not at the same time.
I need a VPN to my LAN because I have a domotic app that works perfectly well locally but sometimes crashes with remote access (because of an open source cloud solution with quite poor reliability).
tailscale is great, but doesn’t allow yet to define an exit-node that has no tailscale installed (but wireguard). Really only destination, port and public key is necessary to do this and ProtonVPN as vpn provider publishes those 3 items in the config panel.
If you manually configure wireguard nodes (without tailscale) you can do this, as the default route is set on the wireguard nodes you own. Would allow you do to it selectively too per node.
Why not write the tailscale peeps and let them know you want this? I really think there is a chance they’d implement it
What you can do is set up a wireguard tunnell going out from your router to protect the LAN and then on same router set up vpn server for external ->in to LAN
All depends what router options you have.
Regarding slowness, most routers have OpenVPN protocol but not wireguard.
OpenVPN is CPU intensive and with small router CPUs they can only do about 40MB/s using OpenVPN protocol.
Thank you all for your ideas.
Now, I have to learn/figure out how to do that. As I’m not a network expert.
But the idea of centralize all my connections (locally or not) to my home, to a router in which Proton is installed looks great and make me feel like I gain a little bit more control.
a tailscale developer catalogued the need to use an external / “upstream” wireguard exit-node already. You can track the related tickets to know when they implemented something (Mullvad here would be synonymous with ProtonVPN - both make it easy to retrieve wg pubkey, ip+port)
though what you want can be done manually (“split tunnel config” or just different routing with multiple wireguard peers), tailscale makes all of this much more accessible so it would be quite comfortable to import that exit peer
