Hi! I would love advice on adding a network-wide VPN to my home setup.
Details:
Coming into the house I have fiber terminated at the ISP modem. That is directly connected to a Google Wifi (I know) which then distributes the wifi but also connects to my managed TrendNet Switch that is connected to my entire house via Cat6. I backhaul the Google Mesh APs and connect my and my partner’s work laptops via ethernet. All my IOT devices are connected to the switch as well.
I’d like to add VPN as far upstream as possible to cover my entire connection. Google Wifi won’t do it natively so I’m thinking that some sort of appliance between Fiber modem and Google Wifi Router may be best. There seem to be a TON of options. Easiest could be getting a second travel router (Beryl AX) and plug it in between the modem and router connected to the VPN service. Honestly, that seems too easy, like I’m missing something.
I’d prefer to balance ease of use (no commercial equipment requiring a 6 week class to operate please) with cost of purchase.
Any suggestions?
A travel router, or any router that runs a VPN client and routes all traffic through it, should work. Consider disabling the WiFi radios on the VPN router.
If you are forwarding any services, you will need to configure the forwarding rules on both the VPN router and the Google router.
The Beryl AX seems to work better with WG, but looks to be limited to 300 Mbps. Something to keep in mind.
I would use wire guard on a travel router and box at home.
Here’s good guide
Travel router
I have recently done something similar.
I have 3x Eeros for wifi but I wanted ‘whole home’ VPN - which Eero does not support.
[Actually, Eero *may* support it, if you pay extra for their own VPN service]
My inital solution work-around was to buy a travel router (GL.iNet GL-SFT1200 Opal) - and I put between the Fiber Modem and the Eeros. That worked well.
Coincidentally, I was later staring at an older TP-Link AC1750 router I had gathering dust, and bemoaning that it did not have VPN Client functionality, when I discovered that it *can* do that if you put OpenWRT on it.
So I did that too.
And that works well too.
So I now have 2 solutions.
And 1 of them was “free” because I already had a spare TP-Link router.
So I guess one lesson for me is:
Even if a router does not support Client VPN ‘out of the box’, it *may* if you put OpenWRT on it.
That probably doesn’t help you - sorry - unless you also have an stay router laying around.
I appreciate it, thank you! I am in the middle of trying the solution elsewhere in the thread where I limit the DNS range of the Nest Router to one IP and then let the gl.inet handle the routing and VPN.
The issues I typically have is with the mesh (though if they are all APs maybe it doesn’t matter?), YouTube TV and then the hardest, Yelp working. My partner lives and dies via Yelp so I’m getting side-eye when I suggest turning off wifi every time we look for take out options. 
