Hosting a VPN, w/ internet via different VPN?
First things first. I've been reading the forums and I'd say I'm fairly competent with tech as a whole (virtualization, networking, etc) although I'm not much of a coder (nor that great at scripting TBH). This is a new personal project and I'm not quite sure how to ask the right questions to find what I'm looking for. Maybe I'm just not quite so good at visualizing it to put it all in place. So I'm hoping one of you who's a little better at the puzzle pieces than I am can help. If this post isn't in the right area, please feel free to move it and I apologize.
Right, so I'm about to start the process of building a new home server. What I'd like to accomplish is using any one of a million proxy services and tunneling everything (with some exceptions) through that. However (this is where it gets interesting) I'd like to also host my own VPN that I can connect to from my phone, my laptop, etc, to give me access to things like printing, file sharing (SMB not P2P), and hosting other cloud services for myself.
Now, the exceptions being, as much as I like people who speak other languages (I do!) I'd like to be able to bypass the VPN for things like consoles and other localized services (Hulu, BBC, whatever). This COULD be per device. Like my XBox or PS3. They play games. That's all. They don't need access to things like my media server or anything else. If they can, great. If not, I have an Android stick with XBMC. So outside playing games I could care less.
Like I said, I'm not really sure about how to ask the right questions to accomplish this. I'm comfortable with networking and terminology, but this is (probably) a little over my head. At least, the ability to visualize it all. So! I've made this handy little diagram as an example.
The green is just an example of a console connecting WITHOUT the VPN service (so I'd still be playing with people in my area). Now, it goes via the WAP, but it doesn't have to. It could be hardwired. My WAP runs DDWRT so creating a vlan with tagging is what I was thinking if I did go with the wireless option.
There will also be other VMs than the single *nix box in the diagram, but they would all be attached to the internet via VPN and maintain local access, so I didn't feel the need to include them as it would of just made things more complex.
Anyway, does that make sense? I want to ask the right questions and document everything so if anyone else has an interest in repeating the process, they will be able. I'm not quite sure where to start to be honest. If someone posts before I do, wonderful. If not, watch this space. It may be awhile, as I'm in the process of moving between from the southern hemisphere to the northern for the Nth time.
Edit: The .xml file from Draw.io can be found HERE if anyone wants to edit the diagram and post in return.
Edit 2: The WAN interfaces are shown as separate as they'll be virtual. There will only be 1 physical internet connection for all this to happen through.
Edit 3: I also left out a modem or something when connecting via the internet. I'm aware it's best practice. For the purposes of this it was just an extra step that can, more or less, just be plugged in when appropriate.