I intend on hosting a number of services on a single NAS-like device and so was wondering if there were an easy way to set up a reliable VPN connection for only certain services while leaving others exposed -- like game servers so that users are not bogged down in latency -- all from a router as I am hearing this is the preferred way. However, the stock TP-Link firmware provided by my router (AX6000) seems to only be capable of tunneling entire devices through the VPN as opposed to particular connections. It has led me to think about having multiple network interfaces that I can have the services select, I am running them through Docker after all, but networking is already an arcane subject to me.
What I am asking for is kinda particular, so if it is not at all possible I could focus instead on setting up the VPN client on the server itself with elaborate iptables to tunnel my desired traffic through safer means. I do run a basic Debian 12 installation on it and have no worry about wiping it clean when called for. So, my question instead would be the compromises I am making when not running it on a router level.