RSS

TLSOps – self-hosted domain-based WireGuard routing for your network

delbirin1 pts0 comments

TLSOps — Home Network VPN Routing & Domain Split-Tunneling<br>Features Pricing Docs FAQ<br>Get Started

Domain-aware VPN routing

Route by service,<br>not by device.

YouTube through one tunnel, Netflix through another, ads blocked at DNS, everything else on your ISP —<br>without toggling a VPN switch .<br>TLSOps runs on your own Linux hardware and keeps these rules working even when services rotate IPs.

Living Room TV — Streaming split across named exits, ads blocked at DNS<br>Click a device to see how TLSOps routes its traffic TV Living Room TV PH Phone WK Work Laptop KD Kid's iPad<br>TLSOps

Policy Engine<br>US tunnel DE tunnel blocked direct ISP youtube.com netflix.com ads.tv.samsung other traffic instagram.com facebook.com ad.doubleclick.net all traffic tracker.office roblox.com adult sites ads.unity3d.com

Install on a supported Linux host<br>Copy command

$ curl -fsSL https://get.tlsops.com/install.sh | sudo bash curl -fsSL https://get.tlsops.com/install.sh | sudo bash

One install, one rule, and you'll see it route. Free plan — no card required.

Operational contrast<br>The router stops being a blunt instrument.

Without TLSOps, one switch decides everything on a device. With TLSOps, the service intent decides the exit.<br>That means streaming, work traffic, banking, and blocked domains can all behave correctly at the same time.

Without TLSOps<br>Laptop VPN Tunnel Direct ISP VPN Tunnel youtube ✓ banking ✗ slow Direct ISP banking ✓ youtube ✗ exposed ON OFF repeat daily…

Forget to toggle back and a region-locked service sees your real IP — flagged account, blocked access, or worse.

With TLSOps<br>Laptop TLSOps Policy US tunnel youtube.com DE tunnel netflix.com blocked ads direct ISP banking all at once — no switching

Every service follows its own rule. No switching. No tradeoffs. Set it once.

Without policy-aware routing<br>One VPN toggle fixes one destination and breaks another. The device becomes the wrong unit of control.

With TLSOps<br>Each new request is checked, then routed direct, through a specific tunnel, or blocked before it leaves.

Decision flow

How one request turns into one deliberate route

The product decision is simple: treat the service request as the unit of control. DNS policy can stop the request first, and routing policy can then select the correct exit for the connection that follows.

01<br>A device asks for a service<br>Start with the request, not the whole device<br>A phone, TV, or laptop asks for a service such as YouTube, Netflix, or a work app. TLSOps looks at the request before deciding where the new connection should leave.

02<br>Policy is checked in order<br>DNS controls can block, then rules can route<br>DNS policy can stop ads, trackers, or restricted content first. Allowed requests are then matched against your domain rules, app presets, and per-device defaults.

03<br>The right exit is selected<br>Each new connection leaves through the chosen path<br>TLSOps sends the new session direct, through a specific WireGuard tunnel, or through a tunnel group. That matters because large services move across changing IP ranges, while your rule stays attached to the service intent.

Core capabilities

The control surface stays compact, but the policy model does not.

TLSOps combines service-aware routing, device defaults, DNS enforcement, and tunnel health into one appliance that still behaves like infrastructure.

Domain Split-Tunneling<br>Matched by domain name before the connection leaves — YouTube through one tunnel, Netflix through another, banking direct. Rules override the device default for the matched service only.

Per-Device Policy<br>Different default exits for the TV, laptop, and kids tablet. Domain rules override when they match.

App Presets<br>One-click managed domain bundles for popular services. Pick the service, pick the exit, done.

DNS Blocking<br>Block ads, trackers, malware, or adult content at the DNS layer — network-wide or per device.

Tunnel Groups<br>Pool WireGuard tunnels and promote the top-scoring challenger after repeated evaluations.

Telemetry<br>See which path each connection took, per device, with route history and throughput.

Trust model<br>Self-hosted, operationally clear, and easy to verify.

TLSOps is the policy engine on your network edge. You decide where traffic exits, which services are blocked, and when a tunnel should be considered healthy.

Review installation guide

Install First, Pay Later<br>Free plan has real routing capacity. Upgrade only when you outgrow it.

Your Hardware, Your Traffic<br>Runs on a Linux host you control. Routing and DNS decisions stay local.

Bring Your Own Exits<br>Use your existing WireGuard providers, direct ISP, or both. TLSOps is the control plane, not a VPN subscription.

Deploy TLSOps in under a minute

One curl | bash on any Debian-based Linux box.<br>No container orchestrator, no cloud dependency.

Get started<br>Read the docs

tlsops tunnel device service policy domain

Related Articles

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false

The ultimate female fantasy – A feminist critique of Beauty and the Beast

muge6 ptsbeast story paglia beauty older butler
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.