[ninkendo]

I share GP’s expectations too. For me, VPN’s are that thing you do to access things that are normally not available to the public internet, ie. your work email and stuff.

I use wireguard to access my home network while I’m not at home for instance. I have homelab stuff at *.lan.mydomain.example, and in my ideal world, my iPhone would only connect on-demand when I try to connect to something in that domain. (Currently you can only configure connect-on-demand per IP prefix in the iOS wireguard app, even though iOS NetworkExtension.framework allows domain-based configuration… I should send the author a patch some day…)

Point is, I don’t think of VPNs as something that prevents anyone from seeing my traffic. I use it to get access to stuff that is normally behind a firewall, and a split-tunnel VPN that only sends the minimum amount of traffic over the tunnel is what I want.

This idea of VPNs as privacy tools is the much newer use case that wasn’t really the point when they were originally conceived.

[BSDobelix]

>I share GP’s expectations too.

Sorry but no you don't, since you call into your LAN-network of course you can see your local machines.

But if you sit in a LAN and you call outside there should be no traffic leaked to the local network your calling out from (for example airport/motel etc).

>Point is, I don’t think of VPNs as something that prevents anyone from seeing my traffic

Correct, every middleman (normally ISP) can see that you connect from your External-IP to the other External-IP over an encrypted tunnel (udp or tcp). The expression 'vpn' i nearly as muddled as cloud ;)

If you want to obfuscate your traffic you need something like tor/i2p, however it's also possible to tunnel your vpn-tunnel through tor-tunnel's (but i don't see much sense in that since exit-nodes are for sure under more observation and publicly known)

Tor and vpn traffic can be detected and blocked (for example Chinese firewall) and for that, shadowsocks can be a solution:

https://github.com/shadowsocks/shadowsocks-rust

[ninkendo]

> Sorry but no you don't

Yes, I really do.

I specifically want my traffic to “leak” from my VPN when traveling away from home, because my home internet upload speed is slow and I don’t want it to bottleneck everything else on my device. I only want the tunnel to be used when I am talking to my LAN.

Similarly when I’m at home and using my work VPN, I want a split tunnel there too. I don’t want every bit of traffic going over the VPN tunnel, because my work network tends to have congestion, and if I’m streaming music or something to listen to, there’s no reason that should have to go throufh my work’s network.

Before saying “nuh uh!” every time someone disagrees with you, maybe stop and consider that people have different use cases from you?

[BSDobelix]

>Yes, I really do.

No you don't, you need a normal (for example) ssh-tunnel, not a "VPN"...trust me ;)

>Before saying “nuh uh!” every time someone disagrees with you, maybe stop and consider that people have different use cases from you?

You want to actively weakening a system that was made for one thing only (a point to point encrypted tunnel with no exceptions of data flow), but hey go on and make your setup a cobbled mess, but don't cry about leaked information.

[ninkendo]

> No you don't, you need a normal (for example) ssh-tunnel, not a "VPN"...trust me ;)

Yes I do. (See how tiring this is getting?)

I don’t want an SSH tunnel when wireguard does the same thing but faster and with an iOS app that works correctly out of the box. I’m aware of SSH tunnels and that’s how I used to do things back in 2008 but times have changed and wireguard is infinitely better at that use case.

> You want to actively weakening a system that was made for one thing only (a point to point encrypted tunnel with no exceptions of data flow), but hey go on and make your setup a cobbled mess, but don't cry about leaked information.

Nobody’s talking about weakening anything here, you’re coming into a conversation where someone said “use cases differ”, and you’re trying to deny that reality… every time someone shows you a different use case you childishly shout “nuh uh” and act like such a use case is wrong because it invalidates your point.

A split tunnel VPN is a valid use case, period. It’s not the only use case. People who want full tunnel where all traffic goes through the tunnel, ALSO have a valid use case. But it doesn’t mean split tunnel is not a thing, and it doesn’t mean people who want split tunnels are wrong.

[BSDobelix]

No problem have fun.