Ikea shelf instead of a rack, but I used metal shelves for better thermals!

Top to bottom:

• Unifi ac
• Brother printer
• Sunshine streaming machine
• ftth 1 / 2, unifi GW pro
• AVR, UPS, Synology NAS

Even if it only works sometimes, there is still a use case with a benefit. I.e. speed throttling on tethering

And yet eve with that pitfall there is a valid benefit of using a shared VPN over the hotspot. Specifically making your data look like it’s coming from the phone so it isn’t throttled by the carrier as tethered data. The failure scenario being the data goes slower.

I recognize the problems you list as valid, and yet there is still a beneficial tradeoff decision to be made.

No need to insult me, I both read the GitHub and understand how VPNs work.

There is no point in using a vpn if you don’t care if your data leaks outside the tunnel.

Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone.

True, but don’t let perfect be the enemy of good.

Sharing VPN from a phone over a hotspot, means all of that traffic looks like it’s coming from the phone. Admittedly if the VPN dies, the routing will bypass it. But the benefit here is immense, if you use visible, you have unlimited data from the phone, but very slow data on tethering. Sharing the VPN from the phone, gives you unlimited data on the hotspot. That’s a pretty good trade-off

I use a calyxos device to share VPN, as of a few months ago.

Hotspot & Tethering

• Allow clients to use VPNs

https://calyxos.org/features/list/#network

Perhaps your confusing GOS? If not, can you cite the design decision to disallow this feature? I’d be curious to learn about it

If openwrt can do it, gli-net can do it

Honestly, for your use case, you should just get a older cell phone. Put lineage OS on it, or calyxos… share your VPN over hotspot, these are the only two ROMs that I’m aware of that allow you to do that. This has the benefit that the VPN traffic looks just like for traffic from the phone, and you don’t have to do any gymnastics to modify the TTL, or the operating system signature of the traffic.

Boom, travel router. Very portable, has a built-in battery etc etc etc etc etc

I like GLI-net, they are great, they have great hardware. If you want to buy it I endorse it. If you’re paranoid flash your own firmware. If you use an end-to-end VPN from your device it doesn’t matter what your mobile router uses. However the killer feature here, I think is better supplied by an older phone running the ROMs I mentioned above. It’s just more portable. And you have a backup phone when you’re traveling

The general topic was about self-hosting. IPv6 is very useful for self-hosting,… connections.

I’ll admit there is a critical mass problem with torrenting clients, but if you’re trying to set up a wire guard tunnel with your friends, IPv6 is a absolute banger

In most environments ipv6 bypasses cgnat (because, why would you need a nat with ipv6).

I didn’t mind their crazy half-baked idea communities, but they never committed to the bit. Plus with their whole federation issue, when people did comment there to try to make something happen, there was no response…

https://www.wireguard.com/netns/

Here is a good how to for wireguard. Most commercial VPNs let you connect directly with wireguard.

Basically crate the interface in your clearnet namespace and then move it to your vpn namespace

I stand by what I said. If you examine who supports those organizations, they are getting a benefit.

The US Navy supports tor more than anybody else. Not to mention all of the government-run exit notes. Now you’re the product here, is the product watching your data? Or is the product providing noise for their clandestine operations? Tor is a great thing, 100%, but it is being supported by people who get a benefit from it.

I’m sure you can find a counter example, but the point is it’s about incentives. If the incentives aren’t aligned you can’t trust it. Not for mission critical objectives

If you don’t pay money for something, you are the product. In this case it would be your net flow data. It’s not a good idea to use a free service if you’re worried about privacy

Everything you said is true, but I don’t think it’s the complete answer the OP would like.

For instance if somebody goes to Google, on the raw network, and on the VPN. They would correctly expect that traffic to take two different routes, and come from different IP addresses

Network namespaces!

ip exec namespace command

One namespace for surfshark, and anything you run in that namespace uses those rules

https://www.privacyguides.org/en/advanced/payments/

Monero is the only privacy digital cash equivalent I’m aware of. There are a limited number of vendors who will accept it, and any of your friends who you can convince to take monero will also accept it

https://kycnot.me/?t=service

Here’s a list of known services that accept it. Things like VPNs, web hosting, email hosting, game hosting, internet services basically

Any of the other payment systems, the bank systems like zelle, PayPal, etc … They all have the problem of introducing a third party into your transactions. Who will then almost certainly sell your data

https://safing.io/spn/

Here’s an open source company that provides you a different circuit for each socket. So a new IP for every link…

^^^ agree 100%

Additionally, I would recommend not buying any hardware right now. Just experiment with containers, or even virtual machines. Once you get a feel for how you want the system to work. Then you can look to offloading it to some low power device. But I would put that a few months down the road.

For what it’s worth a lot of people have a NAS, and that NAS also can run containers or virtual machines. TrueNAS/Synology, etc.

Yeah, to me it’s a absolute killer feature for a travel phone. The GOS discussion around it boils down to violating the android profile security model.

E.x., im using a hotel wifi that only allows one device, or I have a esim for one phone only that doesn’t allow “tethering”.

Fair enough on the security model, but at least give me the option… Maybe with a always on notification warning. Being paternalistic about how you think the phone will be used and in which context is overstepping for infrastructure

I travel with a backup phone, and because of this I have calyxos on the backup and not gos.

lineageOS, and CalyxOS both let you share vpn over hotspot connections.