We curate 19 open-source GitHub repositories matching "open source vpn". Results are ranked by relevance to your query — pick filters below to narrow, or refine with AI.
This project provides a complete OpenVPN server deployment packaged as a Docker container, with an integrated EasyRSA certificate authority for automated public-key infrastructure management. It handles the full lifecycle of a VPN server, from initial PKI bootstrap and server configuration generation to client certificate issuance and revocation, all within a containerized environment. The server is configured entirely through Docker environment variables, eliminating the need for manual configuration file editing. It supports time-based one-time password (TOTP) authentication as a second fac
kylemanna/docker-openvpn is a Docker-packaged OpenVPN server with automated PKI management and client certificate handling, making it a genuine self-hosted VPN solution, though it focuses solely on OpenVPN and lacks WireGuard support, a web admin interface, and the other requested features.
Outline Apps is a suite of software components for establishing private proxy networks, consisting of cross-platform proxy clients, server administration interfaces, and identity-based access control systems. It enables the routing of device traffic through secure VPN or Shadowsocks server connections using unique access keys. The project provides tools for deploying and configuring VPN servers on cloud providers or Linux infrastructure. It includes a management interface for administering these servers and a system for generating access keys to authorize devices and enforce individual bandwi
Outline is a self-hosted VPN server software with a web admin interface, cross-platform clients, and automated deployment, but it uses its own Shadowsocks-based protocol rather than the requested WireGuard or OpenVPN support.
This project is a bash-based installation script and deployer used to automate the setup and configuration of an OpenVPN server on Linux systems. It provides a guided setup process for deploying virtual private network software across various Debian and Red Hat based distributions. The tool functions as a user management interface, allowing for the creation, removal, and administration of client profiles and the security credentials required for network access. It orchestrates the deployment of secure tunnels to enable remote network access to private environments. The system manages the ins
This is a shell script that automates OpenVPN server deployment on Linux, fully covering the self-hosted VPN category, but it only supports OpenVPN (no WireGuard) and lacks a web admin interface and kill switch, making it a narrower option than you described.
Pritunl is an enterprise VPN gateway and server manager used to deploy and configure OpenVPN and WireGuard servers through a centralized web interface. It functions as a VPN access control system and an SSH certificate authority, issuing short-lived signed certificates to manage secure shell access and network entry without manual public key distribution. The platform acts as an SSO integrated VPN controller, synchronizing user access and organization mapping with third-party identity providers via OAuth, OIDC, and SAML. It supports high-availability deployments by using database-backed clust
Pritunl is a self-hosted VPN gateway and server manager that supports both OpenVPN and WireGuard with a centralized web interface, aligning with the core need for a deployable VPN solution, though it does not explicitly include bundled clients, an automated deployment script, or a built-in kill switch.
PiVPN is an automated VPN deployer and server manager designed to establish secure gateways for remote network access. It provides a command-line tool for the installation and configuration of WireGuard and OpenVPN servers on Linux systems, with specific optimizations for single-board computers like the Raspberry Pi. The project distinguishes itself through a wrapper-based management interface that abstracts complex server commands into simplified operations. This includes automated handling of firewall rules, port forwarding, and package installation, as well as the ability to export client
PiVPN is a command-line tool that automates the deployment and management of WireGuard and OpenVPN servers on Linux (especially Raspberry Pi), making it a true self-hosted VPN server solution—though it lacks the requested web admin interface and built-in cross-platform clients.
Firezone is a zero trust network access platform that uses WireGuard to provide identity-based connectivity to internal network resources. It functions as a virtual private network that synchronizes authentication and user groups via OpenID Connect providers. The system implements a group-based access control engine to enforce least privilege by restricting network resources to specific user groups. It utilizes holepunching and relay protocols for NAT traversal to establish encrypted tunnels through firewalls without requiring inbound ports. The platform includes a control plane for managing
Firezone is a self-hosted VPN server built on WireGuard with a web-based management interface and identity-based access control, fitting your need for a deployable VPN solution despite missing OpenVPN support and some deployment automation features.
Innernet is a WireGuard VPN mesh orchestrator and control plane that automates the deployment of encrypted tunnels between distributed peers. It functions as a virtual private network that coordinates endpoint discovery and distributes network configurations from a centralized server to establish a private overlay network. The system differentiates itself through a structured peer management lifecycle, using single-use invitation files for secure onboarding and cryptographic key exchange. It provides granular network segmentation by organizing peers into named CIDR blocks, allowing administra
Innernet is a WireGuard-based VPN mesh orchestrator that automates the deployment of encrypted tunnels, making it a genuine self-hosted VPN solution, but it lacks OpenVPN support, a web admin interface, and a kill switch, so it is a narrower fit than a full-featured server.
EasyTier is a decentralized peer-to-peer virtual private network and mesh networking tool. It functions as a layer 3 network overlay that establishes secure tunnels between devices without requiring a centralized server or coordinator. It also serves as a WireGuard-compatible VPN, capable of acting as a server for standard WireGuard clients. The project distinguishes itself through multipath latency-based routing and the use of KCP or QUIC proxies to mitigate packet loss and stabilize connections in high-loss environments. It provides a virtual networking manager featuring a web management co
EasyTier is a self-hosted WireGuard-compatible VPN and mesh networking tool with a web management console, making it a solid fit for your intent even though it lacks OpenVPN support and a built-in kill switch.
Algo is a cloud VPN deployment tool and WireGuard orchestrator designed to automate the provisioning and configuration of personal VPN servers across multiple cloud infrastructure providers. It functions as a multi-cloud infrastructure provisioner and a VPN client configuration generator, creating the necessary tunnels and connection profiles for secure device connectivity. The project distinguishes itself by integrating a network ad-blocking DNS server directly into the deployment, filtering advertisements and malicious domains for all connected clients. It further simplifies the onboarding
Algo is a cloud VPN deployment tool that automates setting up a WireGuard and IPsec server on cloud providers, fitting the self-hosted VPN need, but it lacks OpenVPN support and a web admin interface, making it narrower than the full feature set requested.
Wirehole is a containerized network stack that integrates a WireGuard VPN server with recursive DNS resolution and sinkhole-based advertisement filtering. It bundles these interdependent services into a single managed environment using a compose-based deployment. The system enables network-wide ad blocking and tracker filtering by intercepting DNS queries via a sinkhole. It implements recursive DNS resolution to resolve domain names independently of external upstream providers and provides a web-based interface for managing VPN client peers and keys. Additional capabilities include split-tun
Wirehole is a containerized self-hosted VPN server that bundles WireGuard with a web-based peer manager and DNS filtering, making it fit the category, though it only supports WireGuard (not OpenVPN) and lacks built-in kill switch or cross-platform clients.
This project is an automated command-line tool designed to install and configure a secure network gateway on a host machine. By utilizing established open-source security protocols, it establishes a private tunnel endpoint that encrypts internet traffic and facilitates remote access connectivity for authorized users. The tool functions as an infrastructure lifecycle manager, streamlining the deployment of private network services through shell-script-based orchestration. It distinguishes itself by integrating directly with the Linux kernel to manage packet filtering rules and providing creden
This repository provides an automated shell script to deploy an IPsec/L2TP/IKEv2 VPN server, fitting the self-hosted VPN category, but it lacks WireGuard, OpenVPN, and a web admin interface, making it a narrower option than what the requested features imply.
This project is a shell-based orchestration tool designed to automate the deployment and administration of WireGuard virtual private network servers on Linux hosts. It functions as a system-level networking utility that handles the installation of kernel modules, the configuration of secure tunnel interfaces, and the management of network routing rules to enable encrypted remote access. The tool provides an interactive command-line interface that simplifies the lifecycle management of network peers. It allows administrators to dynamically add or remove client access profiles, assign custom DN
This is a shell script that automates setting up and managing a WireGuard VPN server on Linux — it directly delivers a self-hosted VPN server, but it lacks OpenVPN support, a web admin interface, a kill switch, and cross-platform client tooling, making it a narrow fit for a full-featured solution.
This project provides a self-hosted, containerized WireGuard VPN server that simplifies network administration through a web-based management interface. It allows users to deploy and manage VPN tunnels, configure peer identities, and monitor connection status without the need for manual configuration file editing. By bundling the VPN stack into a portable container, it ensures consistent deployment and persistent state management across diverse host environments. A key differentiator is the built-in support for traffic obfuscation, which modifies packet headers and handshake patterns to help
wg-easy is a self-hosted WireGuard VPN server with a web admin interface and containerized deployment, fitting your need for a deployable VPN solution, though it focuses solely on WireGuard and does not include OpenVPN support or an explicit kill switch feature.
Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and soft
Netmaker is a self-hosted mesh VPN platform built on WireGuard that provides secure device connectivity through an encrypted overlay network, making it a solid match for a self-hosted VPN solution—though it focuses on WireGuard and mesh topology rather than traditional VPN server features like OpenVPN or kill switch.
OpenVPN is a cross-platform networking solution that establishes secure virtual private network connections by wrapping data traffic within encrypted tunnels. It functions as a server-side application that authenticates remote endpoints and routes encrypted traffic to provide access to private network resources across untrusted public networks. The software utilizes standard cryptographic protocols to perform mutual authentication and key exchange over a dedicated control channel. It verifies the identity of remote systems through certificate-based authentication, ensuring that only trusted e
OpenVPN is a fully self-hosted VPN server software that provides encrypted tunnels for device connectivity, but it only supports the OpenVPN protocol without WireGuard, and lacks a web admin interface, automated deployment script, and kill switch, so it covers only part of the requested feature set.
SoftEtherVPN is a multi-protocol virtual private network server that provides secure remote access and site-to-site connectivity. It functions as a virtual network gateway, enabling encrypted communication across public internet connections while supporting both Layer 2 Ethernet bridging and Layer 3 IP routing to manage traffic between connected devices. The platform is designed to maintain connectivity in restrictive network environments by bypassing firewalls and NAT devices through techniques such as HTTPS, ICMP, and DNS-based tunneling. It eliminates the requirement for static public IP a
SoftEtherVPN is a multi-protocol self-hosted VPN server that supports both WireGuard and OpenVPN and provides administrative consoles for management, making it a strong fit for a deployable VPN solution with broad protocol compatibility.
strongSwan - IPsec-based VPN
strongSwan is an IPsec-based VPN server that you can self-host to securely connect devices, though it lacks the WireGuard, OpenVPN, web admin interface, and some other features this search expects.
This project is a containerized IPsec VPN server designed to provide secure remote network access. It functions as an IKEv2 VPN gateway, utilizing the StrongSwan daemon to manage security associations and establish encrypted tunnels between remote clients and a private network. The server acts as a certificate-based VPN manager, handling the generation and distribution of digital certificates and pre-shared keys to authenticate remote users. It includes tools for IKEv2 client management to automate the creation of configuration profiles and security keys for connecting devices. The system co
This repo is a containerized IPsec VPN server using StrongSwan that you can self-host, but it lacks the requested WireGuard or OpenVPN protocol support, a web admin interface, and a kill switch, making it a partial fit for a multi-protocol VPN solution.
Amnezia Client is a cross-platform VPN client application and server orchestrator designed to manage secure tunnels and automate the deployment of containerized VPN services on remote self-hosted servers. It functions as a multi-protocol VPN manager that supports various tunneling standards to ensure connectivity across restrictive network environments. The project distinguishes itself through network traffic obfuscation, which disguises VPN traffic as common web protocols or DNS requests to bypass deep packet inspection and censorship. It further enables the automation of remote server admin
Amnezia Client is a cross-platform VPN client and server orchestrator that automates deployment of containerized VPN services on self-hosted servers, directly matching the need for a self-hosted VPN solution with support for WireGuard, OpenVPN, and automated deployment, though a web admin interface and kill switch are not confirmed.