5 Best Self-hosted VPN/Proxy Solutions in 2024

If you want to use VPN for whatever reason, it’s always easy to sign up for a commercial VPN provider like ProtonVPN. But sometimes, a self-hosted VPN server provides more benefits and this article will list the 5 best solutions.

5 Best Self-hosted VPN/Proxy Solutions

Self-Hosted VPN/Proxy Benefits

  • Dedicated IP Address
  • The No Logging policy of commercial VPN providers may not be trustworthy. With a self-hosted VPN, you can have total control of the server logging.
  • It allows you to set up an IP whitelist to secure web applications.
  • You can use the VPN server for many other tasks, like self-hosted cloud storage server.

But how do you get started with a self-hosted VPN? Which VPN protocol should you choose? Let’s discuss them!

1. OpenConnect VPN

OpenConnect VPN is an open-source implementation of Cisco AnyConnnect VPN protocol, which is widely used in businesses and universities.

Features:

  • Lightweight and fast.
  • Runs on Linux and most BSD servers.
  • Compatible with Cisco AnyConnect client
  • There is OpenConnect client software for Linux, macOS, Windows, and OpenWRT. For Android and iOS, you can use the Cisco AnyConnect Client.
  • Supports password authentication and certificate authentication
  • Supports RADIUS accounting.
  • Supports virtual hosting (multiple domains).
  • Easy to set up
  • Resistant to deep packet inspection (DPI). It’s based on HTTPS, so very good at penetrating firewalls.

Best For: Folks who need a VPN solution for bypassing national firewalls, or manage lots of VPN users, and also don’t want to sacrifice speed.

Setup Guide: Set Up OpenConnect VPN Server (ocserv) on Ubuntu 22.04 with Let’s Encrypt

2. OpenVPN

OpenVPN is an open-source, robust, and highly flexible VPN solution.

Features:

  • Runs on Linux and most BSD servers.
  • There is OpenVPN client software for Linux, macOS, Windows, Android, and iOS, and OpenWRT.
  • Supports RADIUS accounting.
  • Supports virtual hosting (multiple domains).
  • Easy to set up
  • Supports SSL/TLS security, ethernet bridging, TCP or UDP tunnel transport through proxies or NAT.
  • Support for dynamic IP addresses and DHCP
  • Scalability to hundreds or thousands of users
  • Supports conventional encryption using a pre-shared secret key (Static Key mode) or public key security (SSL/TLS mode) using client & server certificates

Setup Guide: How to Set Up OpenVPN with Stunnel on Ubuntu 22.04/20.04 Server

3. WireGuard

WireGuard is made specifically for the Linux kernel. It runs inside the Linux kernel and allows you to create fast, modern, and secure VPN tunnel.

Features:

  • Lightweight and super fast speed, blowing OpenVPN out of the water.
  • Cross-platform. WireGuard can run on Linux, BSD, macOS, Windows, Android, iOS, and OpenWRT.
  • User authentication is done by exchanging public keys, similar to SSH keys.
  • It assigns static tunnel IP addresses to VPN clients. Some folks may not like it, but it can be very useful in some cases.
  • Mobile devices can switch between Wi-Fi and mobile network seamlessly without dropping any connectivity.
  • It aims to replace OpenVPN and IPSec in most use cases.

Best For: Folks who want the fastest speed.

Setup Guide: Set Up Your Own WireGuard VPN Server on Ubuntu 22.04/20.04/18.04

4. SoftEtherVPN

SoftEther VPN is an open-source multi-protocol VPN software developed by the University of Tsukuba in Japan.

Features:

  • Super stable SSTP VPN Connection
  • Lightweight and fast.
  • Runs on Linux, FreeBSD, macOS, Solaris, and Windows servers, including support for X86, AMD64, ARM, PowerPC, MIPS architecture.
  • Supports multi-protocols, including traditional protocols like OpenVPN, L2TP, IPSec, SSTP, and the in-house SoftEtherVPN protocol, which is an HTTPS-based VPN protocol.
  • There is SoftEther client software for Linux, macOS, Windows, including support for ARM, PowerPC, and MIPS architecture.
  • NAT Traversal allows for running SoftEther VPN server behind a NAT without port forwarding. (enabled by default).
  • VPN over ICMP / VPN over DNS allows for establishing VPN connection by using ICMP or DNS even if the firewall or router blocks every TCP or UDP connection.
  • An HTML5-based modern admin console.

Best For: Folks who want multiple VPN protocols on the same server without manually setting up each one.

Setup Guide: How to Set Up SoftEther VPN Server on Ubuntu 22.04/20.04

5. V2Ray

V2Ray isn’t a VPN, but a proxy. V2Ray is a lightweight, fast, and secure Socks5 proxy. Originally developed to bypass the Great Firewall of China.

Features:

  • Lightweight and fast.
  • Runs on Linux and most BSD servers.
  • There is official V2Ray client software for Linux, macOS, Windows, and BSD. For Android and iOS, there are third-party apps available.
  • Easy to set up for system administrators
  • V2Ray can be configured to operate on TCP port 443 and uses standard TLS protocol to encrypt network traffic. It looks like a standard HTTPS protocol, which makes it hard to be blocked.
  • Supports KCP transport protocol, which is useful in network environments with high packet loss.
  • Routing support. You can configure it to only route traffic for websites/domains that are blocked in your country or area.
  • You can run it behind Cloudflare CDN.
  • V2Ray is more than a simple proxy tool. It’s designed as a platform that developers can use to build new protocols and tools.

Setup Guide: How to Set Up V2Ray Proxy on Ubuntu 22.04/20.04 Server

Multiple VPN Protocols on a Single Server

Of course, you can always use multiple VPN protocols on the same server. Here are two possible combinations.

  • OpenConnect VPN + OpenVPN + WireGuard + V2ray
  • Softether VPN + WireGuard + V2ray

OpenConnect VPN and SoftEther VPN both use TCP port 443, so they can’t run on the same server. SoftEtherVPN has a built-in OpenVPN functionality, so you don’t need to manually install OpenVPN when SoftEtherVPN is already installed.

Sometimes, I run WireGuard over OpenConnect VPN to build a private network for my cloud servers. OpenConnect is HTTPS-based, and can hardly be blocked, while WireGuard allows me to assign static private IP address to each VPN client.

Wrapping Up

I hope this article helped you choose a self-hosted VPN/Proxy solution. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks 🙂

Rate this tutorial
[Total: 11 Average: 4.9]

13 Responses to “5 Best Self-hosted VPN/Proxy Solutions in 2024

  • The Iranian government is harshly blocking openconnect vpn, even surprisingly on port 443. Are there any tricks to disguise OpenConnect VPN and make it harder to block?

    • Hi Mehdi there is a way tunnel traffic between two Ubuntu server one Iran server second foreign. And many tunneling protocol now exist that work . Such as gost . Stunnel. Fake tls tunnel . Icmp tunnel . Even you can use wbsocket tunnel and no one can’t understand that your ir server link to foreign server . Beacuse you use wbsocket tunnel protocol that specially and lonely make for cloudflare. دیگه آقا مهدی .

  • Dnitrii
    2 years ago

    Thank you for your hard work, you are a very talented programmer and an excellent writer!

  • You may know about it, or not but there is a great reverse proxy I found here: https://github.com/fatedier/frp

  • As far as I know, all the solutions listed here require additional client software to be installed to use the VPN. On the other hand, IPSEC client software is included in iOS, MacOS, Windows, Linux, and the more recent versions of Android.

    However, IPSEC is a bit complex to install, and using Certs for authentication can be a bit complex. The open source project pistrong (github.com/gitbls/pistrong) makes it super-simple to install and manage the strongSwan IPSEC VPN.

    Yes, IPSEC is not as fast as wireguard, and I fully expect WG client software to eventually end up in all the client OS, but in the meantime, pistrong provides a simple, straightforward installer, and it’s easy to configure site-to-site as well as client/server VPNs, so worth considering as an addition to this great list.

    Videos: youtu.be/gDvglvgtYzY (Install and configure pistrong/strongSwan) and youtu.be/mUitM2JeKRc (configure a site-to-site VPN)

  • Is shadowsocks depricated and no longer used anymore? The reason I liked it is because it had the capability to listen on 443 for two different services with “failover” option enabled, so if someone went to the address/port to the server via browser you could make it do a 301 redirect to any website so someone monitoring your traffic would think it’s legit web browsing and not a proxy connection.

  • Lisa Tyler
    1 year ago

    I do not even understand how I ended up here, but I assumed this publish used to be great

  • Hey there xiao I’m trying to access or make a vpn for myself from China for a few months and I can’t access most sites on my laptop(shadow rocket isn’t working on it). I want to be able to finish learning programming and log to git hub. I’m an American that just moved here I’m not sure how to proceed

    • Guoan Xiao (Admin)
      5 months ago

      Hi Kaleb,

      OpenConnect and SoftEther VPN are the best for users in China. It works flawlessly. You can choose either one.

  • Your articles are amazing! Thank you for sharing.

    I’m going to purchase a VPS instance and install either OpenConnect or SoftEther. This will be used as a proof of concept for 25 users. There will be Android, iPhone, Windows and Linux clients. Do you know what specs (RAM, vCPU, bandwidth) are needed for 25 VPN users? I also need to punch through restrictive business firewalls that may block VPN’s. With these requirements, which one should I use or should I look for something else?

    • …sorry, forgot to mention that each user needs to have their own, separate credentials so I need the ability to easily add/remove users.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here