- A different device from your home server?
- On the same home server as the services but directly on the host?
- On the same home server as the services but inside some VM or container?
Do you configure it manually or do you use some helper/interface like WGEasy?
I have been personally using wgeasy but recently started locking down and hardening my containers and this node app running as root is kinda…
Always in the router if it supports it. If it does not support wireguard I would rather (if you are able and allowed to) replace the router instead of using something else.
Can you elaborate on why?
Maybe easier to setup because routers that support vpns come with nice-ish web uis.
That said, if you have a server (pc, pi, etc), setting up wireguard with wg-easy is mostly painless (comes with a nice web ui), so there is no reason to replace your router in this case!
Instead of replacing a router, I’d prefer buying a pi anyways.
Unless you want to route all outbound traffic through a vpn with zero config on devices, I can’t see why you’d replace a router.
Final note: most people prefer hosting a vpn on a server, even if their router supports it as far as I’m aware at least (edit: this might be erong judging from the rest of the comments saying they use their router).