5 Best Self-hosted VPN/Proxy Solutions in 2024
If you want to use VPN for whatever reason, it’s always easy to sign up for a commercial VPN provider like ProtonVPN. But sometimes, a self-hosted VPN server provides more benefits and this article will list the 5 best solutions.
Self-Hosted VPN/Proxy Benefits
- Dedicated IP Address
- The No Logging policy of commercial VPN providers may not be trustworthy. With a self-hosted VPN, you can have total control of the server logging.
- It allows you to set up an IP whitelist to secure web applications.
- You can use the VPN server for many other tasks, like self-hosted cloud storage server.
But how do you get started with a self-hosted VPN? Which VPN protocol should you choose? Let’s discuss them!
1. OpenConnect VPN
OpenConnect VPN is an open-source implementation of Cisco AnyConnnect VPN protocol, which is widely used in businesses and universities.
Features:
- Lightweight and fast.
- Runs on Linux and most BSD servers.
- Compatible with Cisco AnyConnect client
- There is OpenConnect client software for Linux, macOS, Windows, and OpenWRT. For Android and iOS, you can use the Cisco AnyConnect Client.
- Supports password authentication and certificate authentication
- Supports RADIUS accounting.
- Supports virtual hosting (multiple domains).
- Easy to set up
- Resistant to deep packet inspection (DPI). It’s based on HTTPS, so very good at penetrating firewalls.
Best For: Folks who need a VPN solution for bypassing national firewalls, or manage lots of VPN users, and also don’t want to sacrifice speed.
Setup Guide: Set Up OpenConnect VPN Server (ocserv) on Ubuntu 22.04 with Let’s Encrypt
2. OpenVPN
OpenVPN is an open-source, robust, and highly flexible VPN solution.
Features:
- Runs on Linux and most BSD servers.
- There is OpenVPN client software for Linux, macOS, Windows, Android, and iOS, and OpenWRT.
- Supports RADIUS accounting.
- Supports virtual hosting (multiple domains).
- Easy to set up
- Supports SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport through proxies or NAT.
- Support for dynamic IP addresses and DHCP
- Scalability to hundreds or thousands of users
- Supports conventional encryption using a pre-shared secret key (Static Key mode) or public key security (SSL/TLS mode) using client & server certificates
Setup Guide: How to Set Up OpenVPN with Stunnel on Ubuntu 22.04/20.04 Server
3. WireGuard
WireGuard is made specifically for the Linux kernel. It runs inside the Linux kernel and allows you to create fast, modern, and secure VPN tunnel.
Features:
- Lightweight and super fast speed, blowing OpenVPN out of the water.
- Cross-platform. WireGuard can run on Linux, BSD, macOS, Windows, Android, iOS, and OpenWRT.
- User authentication is done by exchanging public keys, similar to SSH keys.
- It assigns static tunnel IP addresses to VPN clients. Some folks may not like it, but it can be very useful in some cases.
- Mobile devices can switch between Wi-Fi and mobile network seamlessly without dropping any connectivity.
- It aims to replace OpenVPN and IPSec in most use cases.
Best For: Folks who want the fastest speed.
Setup Guide: Set Up Your Own WireGuard VPN Server on Ubuntu 22.04/20.04/18.04
4. SoftEtherVPN
SoftEther VPN is an open-source multi-protocol VPN software developed by the University of Tsukuba in Japan.
Features:
- Super stable SSTP VPN Connection
- Lightweight and fast.
- Runs on Linux, FreeBSD, macOS, Solaris, and Windows servers, including support for X86, AMD64, ARM, PowerPC, MIPS architecture.
- Supports multi-protocols, including traditional protocols like OpenVPN, L2TP, IPSec, SSTP, and the in-house SoftEtherVPN protocol, which is an HTTPS-based VPN protocol.
- There is SoftEther client software for Linux, macOS, Windows, including support for ARM, PowerPC, and MIPS architecture.
- NAT Traversal allows for running SoftEther VPN server behind a NAT without port forwarding. (enabled by default).
- VPN over ICMP / VPN over DNS allows for establishing VPN connection by using ICMP or DNS even if the firewall or router blocks every TCP or UDP connection.
- An HTML5-based modern admin console.
Best For: Folks who want multiple VPN protocols on the same server without manually setting up each one.
Setup Guide: How to Set Up SoftEther VPN Server on Ubuntu 22.04/20.04
5. V2Ray
V2Ray isn’t a VPN, but a proxy. V2Ray is a lightweight, fast, and secure Socks5 proxy. Originally developed to bypass the Great Firewall of China.
Features:
- Lightweight and fast.
- Runs on Linux and most BSD servers.
- There is official V2Ray client software for Linux, macOS, Windows, and BSD. For Android and iOS, there are third-party apps available.
- Easy to set up for system administrators
- V2Ray can be configured to operate on TCP port 443 and uses standard TLS protocol to encrypt network traffic. It looks like a standard HTTPS protocol, which makes it hard to be blocked.
- Supports KCP transport protocol, which is useful in network environments with high packet loss.
- Routing support. You can configure it to only route traffic for websites/domains that are blocked in your country or area.
- You can run it behind Cloudflare CDN.
- V2Ray is more than a simple proxy tool. It’s designed as a platform that developers can use to build new protocols and tools.
Setup Guide: How to Set Up V2Ray Proxy on Ubuntu 22.04/20.04 Server
Multiple VPN Protocols on a Single Server
Of course, you can always use multiple VPN protocols on the same server. Here are two possible combinations.
- OpenConnect VPN + OpenVPN + WireGuard + V2ray
- Softether VPN + WireGuard + V2ray
OpenConnect VPN and SoftEther VPN both use TCP port 443, so they can’t run on the same server. SoftEtherVPN has a built-in OpenVPN functionality, so you don’t need to manually install OpenVPN when SoftEtherVPN is already installed.
Sometimes, I run WireGuard over OpenConnect VPN to build a private network for my cloud servers. OpenConnect is HTTPS-based, and can hardly be blocked, while WireGuard allows me to assign static private IP address to each VPN client.
Wrapping Up
I hope this article helped you choose a self-hosted VPN/Proxy solution. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂
The Iranian government is harshly blocking openconnect vpn, even surprisingly on port 443. Are there any tricks to disguise OpenConnect VPN and make it harder to block?
Hi Mehdi there is a way tunnel traffic between two Ubuntu server one Iran server second foreign. And many tunneling protocol now exist that work . Such as gost . Stunnel. Fake tls tunnel . Icmp tunnel . Even you can use wbsocket tunnel and no one can’t understand that your ir server link to foreign server . Beacuse you use wbsocket tunnel protocol that specially and lonely make for cloudflare. دیگه آقا مهدی .
Thank you for your hard work, you are a very talented programmer and an excellent writer!
You may know about it, or not but there is a great reverse proxy I found here: https://github.com/fatedier/frp
This article discusses VPN and forward proxy.
If you want to expose localhost, why not use a standard VPN for this purpose? So you don’t have to put trust in random software on GitHub.
Thanks, I do like all of your articles. They’re great!
As far as I know, all the solutions listed here require additional client software to be installed to use the VPN. On the other hand, IPSEC client software is included in iOS, MacOS, Windows, Linux, and the more recent versions of Android.
However, IPSEC is a bit complex to install, and using Certs for authentication can be a bit complex. The open source project pistrong (github.com/gitbls/pistrong) makes it super-simple to install and manage the strongSwan IPSEC VPN.
Yes, IPSEC is not as fast as wireguard, and I fully expect WG client software to eventually end up in all the client OS, but in the meantime, pistrong provides a simple, straightforward installer, and it’s easy to configure site-to-site as well as client/server VPNs, so worth considering as an addition to this great list.
Videos: youtu.be/gDvglvgtYzY (Install and configure pistrong/strongSwan) and youtu.be/mUitM2JeKRc (configure a site-to-site VPN)
Is shadowsocks depricated and no longer used anymore? The reason I liked it is because it had the capability to listen on 443 for two different services with “failover” option enabled, so if someone went to the address/port to the server via browser you could make it do a 301 redirect to any website so someone monitoring your traffic would think it’s legit web browsing and not a proxy connection.
I do not even understand how I ended up here, but I assumed this publish used to be great
Hey there xiao I’m trying to access or make a vpn for myself from China for a few months and I can’t access most sites on my laptop(shadow rocket isn’t working on it). I want to be able to finish learning programming and log to git hub. I’m an American that just moved here I’m not sure how to proceed
Hi Kaleb,
OpenConnect and SoftEther VPN are the best for users in China. It works flawlessly. You can choose either one.