I have read quite some many blogs and sites about hosting an VPN server but am still a bit confused about which deployment option is the best one for my setup. I dont want to ask whether Wireguard or OpenVPN is the better option but rather focus on how to deploy this vpn.
I rent a vps and use it to self host various applications. I would now also like to use this as a vpn (similar to a proxy) to safely browse the internet in open wifi etc. I use docker for all apps so far, nginx-proxy as a reverse proxy and acme-companion for HTTPs certificates.
When I look into vpn servers, I find easy installers, which directly work on linux (e.g. angristan/wireguard-install) or also vpns, which operate from docker (like kylemanna/docker-openvpn). Then there are options, where multiple things are included, like firezone or this. I am not so sure how well they integrate with my reverse proxy and some seem to be much more complicated than others.
So I wanted to ask which method of vpn you use. So not only what you use, but how you run in. Optimally, I’d love to have a vpn inside a container that is also managable with a web gui.
Using firezone, .deb install though and very happy with it. But I use firezone for accessing my home stuff and camera system without having to open ports all over the place or expose further services of my reverse proxy such as sonarr/radarr etc. and I only expose the services I need like Nextcloud.
I run 3 different VPN servers on my home server and some cloud VPSes, all without using containers. They were installed and are being monitored using the CLI. OpenVPN was setup using the Nry scripts from Nyr · GitHub, and Wireguard and SoftEther was setup manually from my own set of notes. I’m old school and for something basic like networking that is used by multiple processes and is closely tied to device drivers, I don’t want it in a container and I don’t want to depend on a GUI. My VPN services are all controlled by systemsd
i used to use an openvpn server but recently moved to the wg-easy container for wireguard. stupid simple to manage through an easy webgui and just works for me.
I used to use classic open VPN server on either Ubuntu server or a container, but these days I run a pfsense firewall and just use its built in open VPN services. It’s very practical for making and managing user certificates, routing, and enforcing firewall rules as I need. Significantly more overhead than just running open VPN server though if that is all you need.
I use tailscale with 2 subnet routers (one at home and one at my mums…)
I also run 2 copies of wg-easy (one on each of my proxmox hosts) so if i need to get in to do some maintenance then i can access it through the other host (not the one i’m working on).
I use twingate to access LAN from outside and tailscale for home ↔ VPS connection. I have no ports open at home. I find that twingate is significantly faster than tailscale when I access LAN from outside. Been great so far
Thank you for your detailed answere. May I ask why you have multiple VPBs on one home server? What do you achieve with this? And what VPN clients do you use?
Sometimes one or another VPN protocol type or port gets blocked. Having 3 different protocols on different ports gives me a better chance of getting into my system, or using it as a VPN, so it looks like I’m at home when I’m away.
Each protocol has its advantages: SoftEther’s native protocol seems the best for getting around company or country firewalls as it looks like https traffic. Wireguard is the fastest, and OpenVPN is the slowest, but is supported on about everything.
For clients, I use the free Wireguard client from their site for Windows and the Google Play store for Android. I hand setup my Linux WG clients. SoftEther has clients for Windows, Mac, and Linux, but currently there is no support for the native SoftEther protocol for phones. For OpenVPN I use the Network manager client for Ubuntu, for PC I use free OpenVPN community client from openvpn.net, and for my phone OpenVPN for Android by Arne Schwabe, as I like it better then the client from OpenVPN.net for Android systems.
The other reason for multiple protocols and services is playing with networking on physical servers and VPSes is fun and entertaining.