Solène 

Update with a TLDR: I'm looking for an open source router appliance to make it EASY to control network / tunnel into VPN between a computer and a wifi/Ethernet network. Any proposed software solution is not good enough, there is a need to have a second hardware to prevent data leak even if the computer has its own VPN.

----

Is anyone aware of an open source project to create a gateway between 2 networks and force traffic over a VPN?

Basically, I think of a raspberry pi that would connect over WiFi and provide network to a computer on ethernet. The pi would establish a VPN and make sure the computer packets do not leak. This could also act as a simple firewall so that you can let the computer handle the VPN but to a couple of IP only.

I already designed all features that could be provided, how to manage the thing too, but before going further I wondered if such project did not exist yet? I wasn't able to find anything except expensive commercial products. And having to do all the configuration from something bare is not an option (due to skill issues for end users and risks of misconfiguration).

Jan 19, 2025 at 11:02amWeb
Show threadLukaJan 19, 2025

@solene A closed-source solution that has a great free tier for single user I know about is Tailscale. That’s a kind of proprietary Wireguard distribution, so Wireguard can do it too at the cost of a painful and long configuration :D

Wireguard (and so Tailscale) is a peer-to-peer VPN, which supports being split (if some machines on a same network lose internet, they can still talk to each others), and Tailscale even has a built-in support to expose whole networks to the VPN (in a DMZ manner) without requiring setting up the VPN on all machines.

Well, if I understood correctly your use case, I believe that might interest you.

Show threadIgniscJan 19, 2025
@solene
I guess you could give a try to openwrt.
Gl.inet uses it as travel routers and make wireguard tunneling easy for users.
Not shure about end users usability tho
Show threadJason Lenz  Jan 19, 2025
@solene I'm not aware of a preconfigured solution, however openwrt just came out with some compelling hardware that may be worth considering for a custom solution rather than a pi. https://openwrt.org/toh/openwrt/one
[OpenWrt Wiki] OpenWrt One

Show threadFilipi LimiJan 19, 2025

@solene the viwib seems to check a lot of boxes in that list

https://ungleich.ch/u/products/viwib-wifi-ipv6-box/

VIWIB - The VPN IPv6 WiFi IoT Box - ungleich.ch

Show threadPetros ChrysovitsinosJan 19, 2025
@solene i think a Beryl AX (GL-MT3000) would be perfect for your use case. It will act as a Wireguard client to establish the connection to your Wireguard VPN Server.
Show threadAlexandre Oliva (moving to @[email protected])Jan 19, 2025
that sounds like a job for openvpn with explicit routes
Show threadPeter OttJan 20, 2025
@solene probably starting out from OnionPi would make sense
Show threadsimgal55Feb 2, 2025

@solene Sorry for being late to the party, but have you look at Turris products, perhaps the Mox: https://www.turris.com/en/products/mox/

Yes, it’s a commercial product, but with open source-code, based on #openwrt open schematics.

I don’t think you’ll find a lot of solutions that are not commercial, except if you go the #DIY route.

Turris - MOX

Show threadRodolpheFeb 17, 2025
@solene Sorry for the late reply, I think I encounter some troubles with bsd.network, I couldn't get new statuses since a few months 😱

Anyway, I like the Turris solution someone game you, however I have another proposal : OpnSense.
https://opnsense.org/
It's an open-source FreeBSD-based router/firewall with a non-free business version that can safely be ignored. If you have the budget, they also sell hardware (it's not that expensive):
https://shop.opnsense.com/
They have a good documentation on VPNs:
https://docs.opnsense.org/manual/vpnet.html
And on the forums someone asked how to redirect all outbound trafic through a VPN, which seems to be what you are looking for.
https://forum.opnsense.org/index.php?topic=37211.0
If you wish to test it, here is the installation instruction:
https://opnsense.org/users/get-started/
BSD Network

bsd.network is a *BSD-adjacent Mastodon Instance. We have a code of conduct.

Mastodon hosted on bsd.network