Hello everyone, I live in a country where several website are banned by the ISP, however I can access them with VPN.
I have a home server, with Unraid OS installed. I just ordered another 2.5GB Lan PCIE card. I want to create a VM to to act as a router that connects to NordVPN and tunnel only selected websites through VPN and rest of the traffic without VPN. Cause internet speed through VPN is an issue.
I am attaching a diagram to show what I want. (https://imgur.com/TYrmpnx)
Can someone please point me to resources of software/OS or anything that can make this possible.
And I also plan to implement DNS blocking for ads and other stuff to make my network more efficient.
The general concept of sending only a subset of traffic through a VPN is called split tunneling.
There are two problems to solve with your proposed setup.
The first problem is directing traffic from devices to a location where it can be evaluated against your rules. Since your mesh router is unlikely to have any rules engine, the traffic will have to go the Router VM where you can implement the rules. You need set up your network so that the Router VM acts as the default gateway for your home network. This may require you to put the Mesh router into AP mode.
The second problem is that it appears to you want to route traffic based on domain name (e.g. example.com = tunnel, youtube.com = pure). As you may or may not know, routers route according to the destination IP address in packets. They don’t route on domain name. I found this post on superuser.com that describes a few methods to “route” traffic by domain name. The methods include specifying the domains in OpenVPN, using a combination of ipset+iptables+dnsmasq or using a proxy server, like squid.
Frankly, it’s not that straightforward and each method has limitations. It may be more straightforward to run the NordVPN on each of your devices. NordVPN appears to have more flexibility in setting up split tunneling (by app, IP or even by URL). See their article: VPN split tunneling.
This sounds great, I will make router VM work,if I have to I will setup scripts to auto renew IP list from DNS server to tunnel it in rules list,I have been thinking of this project for a long time.
Yes, my EERO mesh router is already in AP mode. I will make my router VM the default gateway.
Which router OS do you suggest ? I am looking at https://opnsense.org/ would this be enough to allow me do stuff like this ?
EDIT: Thanks for informing me the keyword VPN split tunneling. I am looking at this guide https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html