WireGuard > Route ALL traffic via VPN

Well, PC, laptops, security cams (few of those), some servers, TV for streaming certain things, various smart home bits and bobs, really just wanting to secure the lot.

That's quite vague. What are you wanting to secure them from? What do you think you'll get/are expecting to get from using a VPN? It's very tricky to advise people when the purpose isn't clear so the more info you can provide the better.

1 Like

Well without going into things on a public forum too deeply, essentially, i dont want ISP knowing exactly what I'm doing, or anyone who tries snooping. I dont want to be hacked (and have heard IoT devices/security systems are easy targets), but do want to use streaming sites/consoles etc in my region. Perhaps geo related on occasion. I also want to get into my LAN from outside and when travelling. My servers need to be secure but accessible. But for streaming and security cameras I imagine bandwidth will become an issue with the router being the VPN server. I have a Pi4 so can get that up and running as the gateway which opens up many more VPN providers than the OpenWrt route (currently restricted to Torguard and Mullvad by the looks of things). I was just trying to improve my router and simplify everything making that the VPN gw you see.

When you say streaming are you talking about from your LAN to other devices, e.g. with something like Plex, or using Netflix/Prime Video etc?

It sounds a lot like you're just trying to allow secure access to your own network when you're away from home? If that's what you're aiming to do then you don't need a commercial VPN provider

No, don't really use plex actually, more Netflix and the like. My main reason is to encrypt my server communications for monetary reasons, and the various security cameras/IoT, and extreme paranoia!

That is not what a VPN alone can do. Any connection that goes to the internet has to be decrypted at some point, you can just change where it happens. For example: If you have low trust in your ISP, surrounding WAN, country, etc... it can make sense to tunnel the traffic to a VPN provider somewhere else. But keep mind that it just shifts the problem, now you have to trust this external VPN endpoint, which per design sees all you decrypted traffic.
In most cases this is not advisable at home. Many VPN providers had security breaches and sometimes even outright lied about their logging policy, especially the cheap ones with aggressive marketing. From them also comes the claim "to protect against hackers", which is just wrong. A VPN is not a general solution, for example it does not help at all if your IoT devices are vulnerable. So check your devices and firewall (OpenWrt default is fine). As private individual the risk is not that high though.


Sure, agree mate and understand.

Unfortunately OpernWrt is such a learning curve for me I'm really struggling, days of trial and error clicking things to see what happens, exhausting! I've moved on considerably from this and posted more info on new issues in another post, but sadly not getting very far :frowning: might give up and downgrade back to normal TP-Link firmware tbh!