I remember you were worried about your ISP messing things up for you, hence the VPN. I would recommend creating a “Virtual Machine” that does all of your downloading to whatever hard drive you’re using. That VM can have proton installed. Then, on your regular computer (not within the VM), you can host Jellyfin with no VPN involved, making it accessible at 192.168.0.xx.

I think this hits your goals without needing to expose Jellyfin to the Internet. Plus it has minimal technical complexity. Your downloading traffic will be VPN protected, but Jellyfin will still be accessible to your local network.
edit: You can set up a password for Jellyfin, protecting it from your internal threats.

edit2: You can use letsencrypt to create a certificate that picky clients will accept. Buy a domain, any domain, and configure the “A record” to point to 192.168.0.xx (your Jellyfin IP). Then tell your client to go to whatever domain you get, like “luigiliterallydidnothingwrongplzfree.com”, then the client will have to use the internet to ask DNS what the IP address is, but after that, it will just use your local network.

edit3: Since you just have the raspberry PI, instead of using a Virtual Machine, you could have 2 separate SD cards. One only has the downloader and VPN installed, the other only has Jellyfin installed (no VPN). Then swap as needed.

Do you have more information on this, or a phrase to Google? The idea of zero traffic, zero petty crime sounds incredibly impressive

I agree that straight up using Tailscale would likely be easier. But to answer your question, you’re looking to “push routes” because what you actually want to do is “route” but that’s kinda hard to Google haha. This looks maybe promising: https://forums.freebsd.org/threads/wireguard-how-to-route-another-subnet-through-it.89744/

This approach largely works, with the caveat that it then requires you to always be on the tailnet. If someone wants to connect locally AND via tailnet using the same URL, they’ll need to push/advertise routes (or do some other hacky thing)

Right now, I’ve only got the spoons to provide rough guidance, not details. In order to use non-tailnet IPs, you’ll need to configure your tailnet host to “advertise routes/push routes”. In more laymen terms, tailnet needs to say, “hey network client, I do know where 192.168.0.69 is! So I can route that request”. By default, each tailnet host only advertises the other tailnet hosts. Anything else fails.

Also, I really appreciate how detailed your question is!

Wow, no ambiguity or anything. Jesus Fucking Christ

To add, here’s an example of my OpenVPN config addition to ensure 192.168.3.* is accessible over VPN

verb 5
push "route 192.168.3.0 255.255.255.0 vpn_gateway"

Awesome! Thanks for the detailed update, and I’m glad it worked well for you!

Maybe sort by “date” instead of date & site?

Sounds like someone could use some more shut the fuck up Friday in their life 😘

I gotchu: https://m.youtube.com/watch?v=uqo5RYOp4nQ

Where is your VPS located, and which Wire Guard server are you connecting to?

Removed by mod

That’s like a third of a washing machine with a washing machine on top of it traveling at 880 football fields an hour!

Tangential thought: maybe the two are related? Like, on days where you’re super busy, you’re more likely to get a bit dehydrated from the busyness (lol, root of business?), and ALSO more likely to miss steps in the evening routine, like bringing the water bottle to bed, for the same reason.

I think it’s reasonable that you chose that title based on the email header, and I also think it’s very irresponsible of haveibeenpwned to send out an email with that subject line. They absolutely should know better.

“Breached” implies that sensitive data, like payment details, private communication, or physical addresses, were leaked. Instead, this is just semi-public stuff like email/username/name. Maybe a better title would be “15M Trello users have been identified (name/email)”