6 open source tools for making your own VPN (2024)

If you want to try your hand at building your own VPN but aren’t sure where to start, you’ve come to the right place. I’ll compare six of the best free and open source tools to set up and use a VPN on your own server. These VPNs work whether you want to set up a site-to-site VPN for your business or just create a remote access proxy to unblock websites and hide your internet traffic from ISPs.

Which is best depends on your needs and limitations, so take into consideration your own technical expertise, environment, and what you want to achieve with your VPN. In particular, consider the following factors:

  • VPN protocol
  • Number of clients and types of devices
  • Server distro compatibility
  • Technical expertise required

Algo

Algo was designed from the bottom up to create VPNs for corporate travelers who need a secure proxy to the internet. It “includes only the minimal software you need,” meaning you sacrifice extensibility for simplicity. Algo is based on StrongSwan but cuts out all the things that you don’t need, which has the added benefit of removing security holes that a novice might otherwise not notice.

More Great Content

As an added bonus, it even blocks ads!

Algo supports only the IKEv2 protocol and Wireguard. Because IKEv2 support is built into most devices these days, it doesn’t require a client app like OpenVPN. Algo can be deployed using Ansible on Ubuntu (the preferred option), Windows, RedHat, CentOS, and FreeBSD. Setup is automated using Ansible, which configures the server based on your answers to a short set of questions. It’s also very easy to tear down and re-deploy on demand.

Algo is probably the easiest and fastest VPN to set up and deploy on this list. It’s extremely tidy and well thought out. If you don’t need any of the more advanced features offered by other tools and just need a secure proxy, it’s a great option. Note that Algo explicitly states it’s not meant for geo-unblocking or evading censorship, and was primarily designed for confidentiality.

Streisand

Streisand can be installed on any Ubuntu 16.04 server using a single command; the process takes about 10 minutes. It supports L2TP, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, Stunnel, Tor bridge, and WireGuard. Depending on which protocol you choose, you may need to install a client app.

In many ways, Streisand is similar to Algo, but it offers more protocols and customization. This takes a bit more effort to manage and secure but is also more flexible. Note Streisand does not support IKEv2. I would say Streisand is more effective for bypassing censorship in places like China and Turkey due to its versatility, but Algo is easier and faster to set up.

The setup is automated using Ansible, so there’s not much technical expertise required. You can easily add more users by sending them custom-generated connection instructions, which include an embedded copy of the server’s SSL certificate.

Tearing down Streisand is a quick and painless process, and you can re-deploy on demand.

OpenVPN

OpenVPNrequires both client and server applications to set up VPN connections using the protocol of the same name. OpenVPN can be tweaked and customized to fit your needs, but it also requires the most technical expertise of the tools covered here. Both remote access and site-to-site configurations are supported; the former is what you’ll need if you plan on using your VPN as a proxy to the internet. Because client apps are required to use OpenVPN on most devices, the end user must keep them updated.

Server-side, you can opt to deploy in the cloud or on your Linux server. Compatible distros include CentOS, Ubuntu, Debian, and openSUSE. Client apps are available for Windows, MacOS, iOS, and Android, and there are unofficial apps for other devices. Enterprises can opt to set up an OpenVPN Access Server, but that’s probably overkill for individuals, who will want the Community Edition.

OpenVPN is relatively easy to configure with static key encryption, but it isn’t all that secure. Instead, I recommend setting it up with easy-rsa, a key management package you can use to set up a public key infrastructure. This allows you to connect multiple devices at a time and protect them with perfect forward secrecy, among other benefits. OpenVPN uses SSL/TLS for encryption, and you can specify DNS servers in your configuration.

OpenVPN can traverse firewalls and NAT firewalls, which means you can use it to bypass gateways and firewalls that might otherwise block the connection. It supports both TCP and UDP transports.

StrongSwan

You might have come across a few different VPN tools with “Swan” in the name. FreeS/WAN, OpenSwan, LibreSwan, and strongSwan are all forks of the same project, and the lattermost is my personal favorite. Server-side, strongSwan runs on Linux 2.6, 3.x, and 4x kernels, Android, FreeBSD, macOS, iOS, and Windows.

StrongSwan uses the IKEv2 protocol and IPSec. Compared to OpenVPN, IKEv2 connects much faster while offering comparable speed and security. This is useful if you prefer a protocol that doesn’t require installing an additional app on the client, as most newer devices manufactured today natively support IKEv2, including Windows, MacOS, iOS, and Android.

StrongSwan is not particularly easy to use, and despite decent documentation, it uses a different vocabulary than most other tools, which can be confusing. Its modular design makes it great for enterprises, but that also means it’s not the most streamlined. It’s certainly not as straightforward as Algo or Streisand.

Access control can be based on group memberships using X.509 attribute certificates, a feature unique to strongSwan. It supports EAP authentication methods for integration into other environments like Windows Active Directory. StrongSwan can traverse NAT firewalls.

SoftEther

SoftEther started out as a project by a graduate student at the University of Tsukuba in Japan. SoftEther VPN Server and VPN Bridge run on Windows, Linux, OSX, FreeBSD, and Solaris, while the client app works on Windows, Linux, and MacOS. VPN Bridge is mainly for enterprises that need to set up site-to-site VPNs, so individual users will just need the server and client programs to set up remote access.

SoftEther supports the OpenVPN, L2TP, SSTP, and EtherIP protocols, but its own SoftEther protocol claims to be able to be immunized against deep packet inspection thanks to “Ethernet over HTTPS” camouflage. SoftEther also makes a few tweaks to reduce latency and increase throughput. Additionally, SoftEther includes a clone function that allows you to easily transition from OpenVPN to SoftEther.

SoftEther can traverse NAT firewalls and bypass firewalls. On restricted networks that permit only ICMP and DNS packets, you can utilize SoftEther’s VPN over ICMP or VPN over DNS options to penetrate the firewall. SoftEther works with both IPv4 and IPv6.

SoftEther is easier to set up than OpenVPN and strongSwan but is a bit more complicated than Streisand and Algo.

WireGuard

WireGuard is the newest tool on this list; it's so new that it’s not even finished yet. That being said, it offers a fast and easy way to deploy a VPN. It aims to improve on IPSec by making it simpler and leaner like SSH.

Like OpenVPN, WireGuard is both a protocol and a software tool used to deploy a VPN that uses said protocol. A key feature is “crypto key routing,” which associates public keys with a list of IP addresses allowed inside the tunnel.

WireGuard is available for Ubuntu, Debian, Fedora, CentOS, MacOS, Windows, and Android. WireGuard works on both IPv4 and IPv6.

WireGuard is much lighter than most other VPN protocols, and it transmits packets only when data needs to be sent.

The developers say WireGuard should not yet be trusted because it hasn’t been fully audited yet, but you’re welcome to give it a spin. It could be the next big thing!

Homemade VPN vs. commercial VPN

Making your own VPN adds a layer of privacy and security to your internet connection, but if you’re the only one using it, then it would be relatively easy for a well-equipped third party, such as a government agency, to trace activity back to you.

Furthermore, if you plan to use your VPN to unblock geo-locked content, a homemade VPN may not be the best option. Since you’ll only be connecting from a single IP address, your VPN server is fairly easy to block.

Good commercial VPNs don’t have these issues. With a provider like ExpressVPN, you share the server’s IP address with dozens or even hundreds of other users, making it nigh-impossible to track a single user’s activity. You also get a huge range of hundreds or thousands of servers to choose from, so if one has been blacklisted, you can just switch to another.

The tradeoff of a commercial VPN, however, is that you must trust the provider not to snoop on your internet traffic. Be sure to choose a reputable provider with a clear no-logs policy.

6 open source tools for making your own VPN (1)This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.

6 open source tools for making your own VPN (2024)

References

Top Articles
Forever Bonded: Tattoos Honoring Parents | Symbolic Designs
How Chase Sapphire travel insurance saved my family over $1,500 - The Points Guy
Buy Camera Straps Online | Recycled Camera Straps | Urth US
Savage X Fenty Wiki
Memphis Beauty 2084
Ryujinx Firmware 15
Https://Store-Kronos.kohls.com/Wfc
craigslist sf bay ca - Radio Okapi
Getwush Com
Major Carriers In Canada And Their Delivery Schedules 2024 – Stallion
Fototour verlassener Fliegerhorst Schönwald [Lost Place Brandenburg]
Gross Domestic Product (Second Estimate), Corporate Profits (Preliminary Estimate), Second Quarter 2024
Craigslist Chautauqua Ny
NBA playoffs predictions and play-in tournament schedule live updates: Bracket, odds, draft lottery and stats
3300 Main Street Lab
Planet Zoo Obstructed
Wanted Old Motorcycles 📞 www.wantedoldmotorcycles.com - wanted - by dealer - sale - craigslist
Paying Cash for Comics, Sports Cards, Collections, Honest - Respectful - wanted - by dealer - sale - craigslist
What Is 1 10 Of 2000
Citrus County Mugshots October 2022
Page 6457 – Christianity Today
Sam's Auto Arena
9980 Yen To Usd
11 of Our Favorites Places to Watch Free Movies Online
Becker County Jail Inmate List
Did Corey B And Alicia Break Up
Soil And Water Conservation District Group 2 Gill Vs O'connor
Mod Spotlight: 10 Years Later - Project Zomboid
Ledger Enquirer Obituaries Past Week
N-Vu Login
Gina Wilson All Things Algebra Llc 2012 Through 2017 Answers
877 364 6193
Renegade Rentals Logan
3 Ways to Find Any New Meme Template on Reddit
Gobluecc Sports
Pearl Street Mall Directory
Vazallia's Day Off - Spyro Reference Battle Pet in Dragonflight
TRIVIAL PURSUITS: How Many States Are in More Than One Time Zone? | PLANSPONSOR
Midway Antique Mall Consignor Access
Craigslist Car And Truck Honolulu For Sale By Owner
Routenplaner und Entfernung von Gorrie ON nach New Scotland (Regional Municipality of York) ON
Routenplaner und Entfernung von New Scotland (Regional Municipality of York) ON nach Gorrie ON
Omari Mccree Alive
Walgreens Roper Mountain Ext Greenville Sc
Ficoforum
Sport Livestreams und Highlights: alle Videos der ARD
The Complete Sturgis Rally Guide: Everything You Need To Know About The Sturgis Motorcycle Rally - Sturgis Motorcycle Rally SD
Sturgis Bikeweek 2024
Flixtor.is Homepage
4 Extra Schedule
Cody Hendrix Denton Isd
Walmart Neighborhood Market Pharmacy Tupelo Ms
Sherlin Steron
Tyson Employee Paperless
Agora Classlink Login
Makemkv Key April 2023
Redistributor Bl3
Jerry Eze Live Today
360 Chicago - tickets, prices, discounts, what to expect
360 Chicago Observation Deck
January 2023 Birth Club
Craigslist Garage Sales Springfield Missouri
Herc Rentals Maui
Guild Wars 2 Captain Weyandt Treasure
Los 22 Mejores Lugares Turísticos en Buenos Aires ❤️
Buenos Aires Travel Guide - Expert Picks for your Vacation
Training Legends Tournament
Written Update Of Vanshaj
Craigslist Nueva York Cars
Movierulz Plz 3
Whiskeytown Camera
Https E24 Ultipro Com
Erste Tätigkeitsstätte: Definition und Zuordnung
The very definition of a GP
Elijah Streams/Rumble
Dom's Westgate Pizza Photos
Toonkor211
904-747-4758
WHAT WE HAVE | Arizona Tile
Arizona Tile: Premium American tiles in local tile stores
Dark Entreaty Ffxiv
Natalie Roush Internet
Seekers Notes Facebook
Pts6180 Message
Craigs List Rvs
Does Ikea Accept Affirm
Craigslist List Albuquerque: Your Ultimate Guide to Buying, Selling, and Finding Everything - First Republic Craigslist
Craigslist in Albuquerque: The Ultimate Guide to Finding and Selling on the Local Market - First Republic Craigslist
Philasd Zimbra
Panolian Batesville Ms Obituaries 2022
Msgcu Cd Rates
Wendy's Dine In Near Me
Leroy Merz Antique Firearms
Roguelike Adventures And Dungeons 2 How To Salvage
373 N Street Sacramento Ca
ROG Zephyrus G16 (2024) | Gaming Laptops|ROG - Republic of Gamers|ROG Global
New Game Plus Radical Red
Seven Simple Five Minute Lunches for Toddlers - Twins and Coffee
google.com Reviews | check if the site is a scam or legit| Scamadviser
Maintenance Release 11.20.202 (Sep 03, 2024)
Randstad Westside
Utica Pets Craigslist
Latest Posts
Article information

Author: Arielle Torp

Last Updated:

Views: 5963

Rating: 4 / 5 (41 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Arielle Torp

Birthday: 1997-09-20

Address: 87313 Erdman Vista, North Dustinborough, WA 37563

Phone: +97216742823598

Job: Central Technology Officer

Hobby: Taekwondo, Macrame, Foreign language learning, Kite flying, Cooking, Skiing, Computer programming

Introduction: My name is Arielle Torp, I am a comfortable, kind, zealous, lovely, jolly, colorful, adventurous person who loves writing and wants to share my knowledge and understanding with you.