Additional function for my DietPi-Baby

My Pi acts as Pihole, Wireguard-, SMB and NFS- and Plexserver. And “he” does" this in a great manner. Now I am asking myselve if it is possible to use it as VPN-Server IN ADDITION.
To avoid missunderstanding. I am often abroad and sometimes I need to use my home internet connection. For that case DietPi acts as Wireguard-VPN Server. This works well.

But when I am at home I sometimes need a VPN on different devices (Tablett, Smartphone, FiretV) and in that case it would be convenient to use a central “VPN point” e.g. the Dietpi.

In my humble imagination the Dietpi connected via Ethernet to the router establishes a VPN to any VPN-Provider and makes it available within its local network via WLAN.

Many thanks for usefull hints and a Happy New Year

Hi Karl,

Happy New Year in advance to you as well.

Generally this can work. But, if I’m not mistaken, the IP forwarding and NAT rules applied in /etc/wireguard/wg0.conf need to be adjusted to forward incoming traffic from VPN clients to the VPN client component interface, wgX or tun0 (instead of e.g. eth0), depending on whether you connect via WireGuard or OpenVPN to the provider. And a killswitch usually cannot be used, as it blocks communication with the VPN clients, unless some more firewall rules are added to allow that explicitly.

this would be the main challenge as you always need to reconfigure your network device. Because your clients need to change the gateway used once you like to use the VPN tunnel. Means to switch back and forth between router and DietPi :wink:

I am aware about this. On PC/Laptop and Smartphone I could solve this easy via a script on FireTV I could easily do this manually…
Perhaps I can use a Proxy which is used by all devices as gateway and centrally I define wether this proxy goes directly into the internet or uses a VPN???

well you could setup device hosting DietPi as “router” and use it as default gateway. But personally I don’t have a guide for this.

I’m not an expert at all but i believe you can achieve what you’re looking for with,


Have also a look at sub nets router, this will put all your devices even those that can’t connect ( old printer, tv, smartwatch etc ) directly behind Tailscale VPN.

As for Pi-hole, if you what you can set it up on, the Tailscale admin dashboard under dns name server,

Those solutions cańt satisfy my requirements. I know ZeroTier very well. It’s the backbone of my network, but for this purposes it does not fit.
thank you anyway