I’ve been building up some little servers/services on my home network for things like CalDav, CardDav, photo browser, etc. AFAIK, there are basically two ways to get access to these resources off my home network:
- Set up domains and forward ports through my router to the internal servers, or
- Use a VPN to get into my home network
I only need occasional access to my home resources while I’m out. For one thing, I’m home 90% of the time these days. Even when I’m out, I don’t care if my calendar is a couplefew hours out of date. But if someone asks about my vacation, I’d like to be able to load up my photo service for a while.
Option #1 seems like a subpar option here, security-wise. Having these things always open puts a heavier burden on me to keep everything immediately patched and always monitored.
I’d rather go the VPN route, but that brings me to my dilemma: I generally run the Mullvad app on my phone (Android) and laptop (Windows). I don’t mind going in and toggling off custom DNS (pi-hole) when I leave the house, but am I correct that I’d also have to completely disconnect from Mullvad and connect to a home VPN any time I wanted access to those home resources? Or is there some solution to allow me to “graft” two VPN connections together?
I’m not sure if what you want to do is possible. Is running something like pfsense at home an option for you?
You could setup that as both:
- a vpn client, to protect all home traffic by getting via mullvad rather than straight over the Internet.
- a vpn server, which your phone can use when not at home to get Internet access via mullvad at home, and also securely access your at home services too.
You get more benefits at home, but it is a little more involved to setup initially. But you simplify your mobile experience. You can use something like tasker to automate the connection to your vpn server when you’re not on home wifi.
It’s been almost a year since I posted this, but I have a working solution written up based on u/Beardedgeekhd’s suggestion: https://irrsinn.net/2022/05/23/network-routing-and-automation-fun-with-pfsense-wireguard-and-tasker/
It didn’t fully sink in until I came to post this reply, but 11 months ago, I hadn’t even heard of pfsense except in passing. I feel like a different person. 
Many, many thanks to Beardedgeekhd for setting me on a fun, educational path.
Oh, that’s an interesting approach. I haven’t typically put the whole home network on Mullvad’s VPN because I toggle it on/off on my devices to be able to use streaming services or when I want the full bandwidth of my internet connection.
That said, I hadn’t realized how complex and interesting pfsense is until your answer prompted me to research it more deeply. 
My knowledge of VLANs is currently very shaky, but if I’m interpreting this post correctly, I could set up pfsense to route the VLAN consisting of incoming VPN connections (my phone, etc.) to go out through a Mullvad connection while leaving the rest of my setup un-Mullvad’d. (Although if I can segment that nicely, I might send other clusters of devices through Mullvad.)
This is going to be a really fun rabbit hole. Thank you!
Many, many thanks to Beardedgeekhd for setting me on a fun, educational path.
My knowledge of VLANs is currently very shaky, but if I’m interpreting