Best compartmentalized Wireguard setup without user profiles

ticklemyIP

I would like to use a Wireguard tunnel to connect to my home server so I can use services like Jellyfin. I don't need internet access from this tunnel or to change my IP. I would like to do this from an Android phone that does not have separate user profiles so whitelisting and blacklisting apps is an issue.

Normally I have a regular VPN which I push all traffic through, but as VPN firewalling is not a proper way to do that, if I were to use Wireguard I could only decide whether an app uses my home IP or my real IP, both of which are undesirable. The ideal setup would be separate user profiles or separate VPN tunnels in one user profile. None of which are feasable. The next best thing would be blocking internet to apps that I don't want accessing my tunnel. Which is unfeasable too.

What should I do?

23Sha-ger

Tailscale or ZeroTier should get you covered, especilly if you have CGNAT from your ISP.
If you want to set it manually, use this app:
https://github.com/zaneschepke/wgtunnel

Will allow you to specify which app goes via the tunnel, so you can select the apps that you need
on your home network.

ticklemyIP

23Sha-ger I will look into Tailscale but WG tunnel acts the same in terms of application exclusion and inclusion. You can either select them all to through the same tunnel or go through real IP