One of the guys at work asked me if I had played with Wireguard yet, and I hadn’t. Now I have. It’s pretty neat, simpler to set up that vpn, and faster to connect to and use. It was recently added to the Linux kernel, so it will be supported by lots of things.
To set it up, I initially followed the steps on https://www.wireguard.com/ but that does not persist through reboots and does not act as a general vpn solution.
I found that by changing the allowed-ips to the local subnet, 192.168.0.0/24 and enabling ipv4 forwarding I was able to access everything on my lan while still using non-tunneled internet. Switching to fully tunneled-internet was just a matter of changing that cidr range over to 0.0.0.0/0 to capture everything. You can toggle it on and off in the android app super quickly compared to any traditional vpn.
These pages helped:
Having access to a vpn on mobile is great since you can’t trust random wifi networks.
Remember to enable ipv4 forwarding: sudo sysctl -w net.ipv4.ip_forward=1 and don’t forget the iptables masquerade rules. Examples are in the PostUp and PostDown sections of the wg0.conf or interface configs.