6 open source tools for making your own VPN (2024)

Table of Contents
Algo Streisand OpenVPN StrongSwan SoftEther WireGuard Homemade VPN vs. commercial VPN Insights, advice, suggestions, feedback and comments from experts

If you want to try your hand at building your own VPN but aren’t sure where to start, you’ve come to the right place. I’ll compare six of the best free and open source tools to set up and use a VPN on your own server. These VPNs work whether you want to set up a site-to-site VPN for your business or just create a remote access proxy to unblock websites and hide your internet traffic from ISPs.

Which is best depends on your needs and limitations, so take into consideration your own technical expertise, environment, and what you want to achieve with your VPN. In particular, consider the following factors:

  • VPN protocol
  • Number of clients and types of devices
  • Server distro compatibility
  • Technical expertise required

Algo

Algo was designed from the bottom up to create VPNs for corporate travelers who need a secure proxy to the internet. It “includes only the minimal software you need,” meaning you sacrifice extensibility for simplicity. Algo is based on StrongSwan but cuts out all the things that you don’t need, which has the added benefit of removing security holes that a novice might otherwise not notice.

More Great Content

As an added bonus, it even blocks ads!

Algo supports only the IKEv2 protocol and Wireguard. Because IKEv2 support is built into most devices these days, it doesn’t require a client app like OpenVPN. Algo can be deployed using Ansible on Ubuntu (the preferred option), Windows, RedHat, CentOS, and FreeBSD. Setup is automated using Ansible, which configures the server based on your answers to a short set of questions. It’s also very easy to tear down and re-deploy on demand.

Algo is probably the easiest and fastest VPN to set up and deploy on this list. It’s extremely tidy and well thought out. If you don’t need any of the more advanced features offered by other tools and just need a secure proxy, it’s a great option. Note that Algo explicitly states it’s not meant for geo-unblocking or evading censorship, and was primarily designed for confidentiality.

Streisand

Streisand can be installed on any Ubuntu 16.04 server using a single command; the process takes about 10 minutes. It supports L2TP, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, Stunnel, Tor bridge, and WireGuard. Depending on which protocol you choose, you may need to install a client app.

In many ways, Streisand is similar to Algo, but it offers more protocols and customization. This takes a bit more effort to manage and secure but is also more flexible. Note Streisand does not support IKEv2. I would say Streisand is more effective for bypassing censorship in places like China and Turkey due to its versatility, but Algo is easier and faster to set up.

The setup is automated using Ansible, so there’s not much technical expertise required. You can easily add more users by sending them custom-generated connection instructions, which include an embedded copy of the server’s SSL certificate.

See Also
VPN Server mit Windows Server 2022 (RAS) - InfrastrukturHelden.deVPN Server mit Windows Server 2019 (RAS) - InfrastrukturHelden.deVPN kostenlos: 7 kostenlose VPN-Dienste für Windows 10 und 11

Tearing down Streisand is a quick and painless process, and you can re-deploy on demand.

OpenVPN

OpenVPNrequires both client and server applications to set up VPN connections using the protocol of the same name. OpenVPN can be tweaked and customized to fit your needs, but it also requires the most technical expertise of the tools covered here. Both remote access and site-to-site configurations are supported; the former is what you’ll need if you plan on using your VPN as a proxy to the internet. Because client apps are required to use OpenVPN on most devices, the end user must keep them updated.

Server-side, you can opt to deploy in the cloud or on your Linux server. Compatible distros include CentOS, Ubuntu, Debian, and openSUSE. Client apps are available for Windows, MacOS, iOS, and Android, and there are unofficial apps for other devices. Enterprises can opt to set up an OpenVPN Access Server, but that’s probably overkill for individuals, who will want the Community Edition.

OpenVPN is relatively easy to configure with static key encryption, but it isn’t all that secure. Instead, I recommend setting it up with easy-rsa, a key management package you can use to set up a public key infrastructure. This allows you to connect multiple devices at a time and protect them with perfect forward secrecy, among other benefits. OpenVPN uses SSL/TLS for encryption, and you can specify DNS servers in your configuration.

OpenVPN can traverse firewalls and NAT firewalls, which means you can use it to bypass gateways and firewalls that might otherwise block the connection. It supports both TCP and UDP transports.

StrongSwan

You might have come across a few different VPN tools with “Swan” in the name. FreeS/WAN, OpenSwan, LibreSwan, and strongSwan are all forks of the same project, and the lattermost is my personal favorite. Server-side, strongSwan runs on Linux 2.6, 3.x, and 4x kernels, Android, FreeBSD, macOS, iOS, and Windows.

StrongSwan uses the IKEv2 protocol and IPSec. Compared to OpenVPN, IKEv2 connects much faster while offering comparable speed and security. This is useful if you prefer a protocol that doesn’t require installing an additional app on the client, as most newer devices manufactured today natively support IKEv2, including Windows, MacOS, iOS, and Android.

StrongSwan is not particularly easy to use, and despite decent documentation, it uses a different vocabulary than most other tools, which can be confusing. Its modular design makes it great for enterprises, but that also means it’s not the most streamlined. It’s certainly not as straightforward as Algo or Streisand.

Access control can be based on group memberships using X.509 attribute certificates, a feature unique to strongSwan. It supports EAP authentication methods for integration into other environments like Windows Active Directory. StrongSwan can traverse NAT firewalls.

SoftEther

SoftEther started out as a project by a graduate student at the University of Tsukuba in Japan. SoftEther VPN Server and VPN Bridge run on Windows, Linux, OSX, FreeBSD, and Solaris, while the client app works on Windows, Linux, and MacOS. VPN Bridge is mainly for enterprises that need to set up site-to-site VPNs, so individual users will just need the server and client programs to set up remote access.

SoftEther supports the OpenVPN, L2TP, SSTP, and EtherIP protocols, but its own SoftEther protocol claims to be able to be immunized against deep packet inspection thanks to “Ethernet over HTTPS” camouflage. SoftEther also makes a few tweaks to reduce latency and increase throughput. Additionally, SoftEther includes a clone function that allows you to easily transition from OpenVPN to SoftEther.

SoftEther can traverse NAT firewalls and bypass firewalls. On restricted networks that permit only ICMP and DNS packets, you can utilize SoftEther’s VPN over ICMP or VPN over DNS options to penetrate the firewall. SoftEther works with both IPv4 and IPv6.

SoftEther is easier to set up than OpenVPN and strongSwan but is a bit more complicated than Streisand and Algo.

WireGuard

WireGuard is the newest tool on this list; it's so new that it’s not even finished yet. That being said, it offers a fast and easy way to deploy a VPN. It aims to improve on IPSec by making it simpler and leaner like SSH.

Like OpenVPN, WireGuard is both a protocol and a software tool used to deploy a VPN that uses said protocol. A key feature is “crypto key routing,” which associates public keys with a list of IP addresses allowed inside the tunnel.

WireGuard is available for Ubuntu, Debian, Fedora, CentOS, MacOS, Windows, and Android. WireGuard works on both IPv4 and IPv6.

WireGuard is much lighter than most other VPN protocols, and it transmits packets only when data needs to be sent.

The developers say WireGuard should not yet be trusted because it hasn’t been fully audited yet, but you’re welcome to give it a spin. It could be the next big thing!

Homemade VPN vs. commercial VPN

Making your own VPN adds a layer of privacy and security to your internet connection, but if you’re the only one using it, then it would be relatively easy for a well-equipped third party, such as a government agency, to trace activity back to you.

Furthermore, if you plan to use your VPN to unblock geo-locked content, a homemade VPN may not be the best option. Since you’ll only be connecting from a single IP address, your VPN server is fairly easy to block.

Good commercial VPNs don’t have these issues. With a provider like ExpressVPN, you share the server’s IP address with dozens or even hundreds of other users, making it nigh-impossible to track a single user’s activity. You also get a huge range of hundreds or thousands of servers to choose from, so if one has been blacklisted, you can just switch to another.

The tradeoff of a commercial VPN, however, is that you must trust the provider not to snoop on your internet traffic. Be sure to choose a reputable provider with a clear no-logs policy.

6 open source tools for making your own VPN (1)This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.

Insights, advice, suggestions, feedback and comments from experts

I am an expert and enthusiast. I have access to a vast amount of information and can provide insights on various topics. Let's dive into the concepts mentioned in this article.

VPN Protocols:

A VPN protocol is a set of rules and procedures that govern how data is transmitted and encrypted over a VPN connection. The article mentions several VPN protocols:

  1. IKEv2: IKEv2 (Internet Key Exchange version 2) is a secure VPN protocol that is built into most devices. It is known for its fast connection times and strong security features [[6]].

  2. WireGuard: WireGuard is a relatively new VPN protocol that aims to be simpler and more efficient than traditional protocols like IPSec. It is lightweight and designed to provide fast and secure connections [[7]].

  3. L2TP: L2TP (Layer 2 Tunneling Protocol) is a protocol that allows the creation of virtual private networks. It provides a secure tunnel for data transmission but may require additional software or configuration [[8]].

  4. OpenConnect: OpenConnect is an open-source VPN client that supports various VPN protocols, including SSL VPN and Cisco's AnyConnect SSL VPN [[9]].

  5. OpenSSH: OpenSSH is a suite of secure networking utilities that includes the ability to create encrypted tunnels for secure communication [[10]].

  6. OpenVPN: OpenVPN is a widely used open-source VPN protocol that provides secure and flexible connections. It requires both client and server applications and can be customized to fit specific needs [[11]].

  7. Shadowsocks: Shadowsocks is a secure proxy protocol designed to bypass internet censorship. It uses encryption to protect data transmission [[12]].

  8. Stunnel: Stunnel is an open-source software that allows you to create SSL/TLS tunnels to secure network connections. It can be used to add encryption to existing protocols like HTTP, SMTP, and POP3 [[13]].

  9. Tor bridge: Tor bridge is a feature of the Tor network that allows users to bypass censorship and access the Tor network in restricted environments [[14]].

  10. SoftEther: SoftEther is an open-source VPN protocol that supports multiple VPN protocols, including OpenVPN, L2TP/IPsec, and SSTP. It offers features like deep packet inspection resistance and low latency [[15]].

VPN Tools:

The article compares several free and open-source tools for setting up and using a VPN on your own server. Here's a brief overview of each tool mentioned:

  1. Algo: Algo is a VPN tool designed for corporate travelers who need a secure proxy to the internet. It is based on StrongSwan but focuses on simplicity and minimalism. Algo supports the IKEv2 protocol and WireGuard and can be deployed using Ansible [[4]].

  2. Streisand: Streisand is a VPN tool that supports multiple protocols, including L2TP, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, Stunnel, Tor bridge, and WireGuard. It offers more customization options compared to Algo but requires more effort to manage and secure [[5]].

  3. OpenVPN: OpenVPN is a widely used VPN tool that requires both client and server applications. It supports remote access and site-to-site configurations and can be deployed on various Linux distributions. OpenVPN offers flexibility but requires more technical expertise compared to other tools [[11]].

  4. StrongSwan: StrongSwan is a VPN tool that uses the IKEv2 protocol and IPSec. It supports multiple platforms, including Linux, Android, macOS, iOS, and Windows. StrongSwan is known for its fast connection times and security features but may have a steeper learning curve compared to other tools [[16]].

  5. SoftEther: SoftEther is a VPN tool that supports multiple protocols, including OpenVPN, L2TP, SSTP, and its own SoftEther protocol. It offers features like deep packet inspection resistance and can be used on various operating systems. SoftEther is easier to set up than OpenVPN and StrongSwan but requires some technical knowledge [[17]].

  6. WireGuard: WireGuard is a lightweight and efficient VPN tool that aims to simplify the VPN setup process. It is available for multiple platforms, including Ubuntu, Debian, Fedora, CentOS, macOS, Windows, and Android. WireGuard is still under development and may not be fully audited yet [[18]].

Homemade VPN vs. Commercial VPN:

The article also discusses the trade-offs between building your own VPN and using a commercial VPN service. While building your own VPN can add a layer of privacy and security to your internet connection, it may be easier for a well-equipped third party to trace your activity if you are the only user of the VPN. Additionally, if you plan to use a VPN to unblock geo-locked content, a homemade VPN may be easier to block since it operates from a single IP address.

On the other hand, commercial VPN services like ExpressVPN offer shared IP addresses and a large number of servers, making it difficult to track individual users. However, using a commercial VPN requires trusting the provider not to monitor your internet traffic. It is important to choose a reputable provider with a clear no-logs policy [[19]].

I hope this information helps you understand the concepts mentioned in the article. If you have any further questions, feel free to ask!

6 open source tools for making your own VPN (2024)
Top Articles
Authentic Gazpacho Recipe - Gimme Some Oven
Taco Bell Meat Recipe
In Love With a Killer (Springtrap to William Afton x Reader) - Ch. 2: Getting a Job At the Attraction
In Love With a Killer (Springtrap to William Afton x Reader) - Ch. 20: Your High School Bestie
Latest Posts
iPhone 11 colors: which one should you choose?
22 Delicious Kale Recipes Our Editors Recommend
Article information

Author: Carmelo Roob

Last Updated:

Views: 6249

Rating: 4.4 / 5 (65 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Carmelo Roob

Birthday: 1995-01-09

Address: Apt. 915 481 Sipes Cliff, New Gonzalobury, CO 80176

Phone: +6773780339780

Job: Sales Executive

Hobby: Gaming, Jogging, Rugby, Video gaming, Handball, Ice skating, Web surfing

Introduction: My name is Carmelo Roob, I am a modern, handsome, delightful, comfortable, attractive, vast, good person who loves writing and wants to share my knowledge and understanding with you.