OpenVPN has been the workhorse of self-hosted VPN for two decades. Universal client support, runs over TCP or UDP, plays nicely with deep-packet inspection. Pair it with a Pulsar67 VPS for a tunnel you fully control. From $3/mo.
WireGuard is the new hotness, but OpenVPN still wins on compatibility. Old routers, locked-down corporate firewalls, environments where you need TCP-mode to look like HTTPS - that's OpenVPN territory.
Every operating system has a client. Every consumer router supports it. Every cloud platform speaks it. If you need a VPN that "just works" for non-technical users, OpenVPN is still the answer.
Windows, macOS, Linux, iOS, Android, OpenWrt, pfSense, Mikrotik. If it does VPN, it does OpenVPN.
Run on UDP/1194 for speed or TCP/443 to slip through restrictive firewalls that only allow HTTPS-looking traffic.
Easy-RSA does the PKI lift. Issue, revoke, rotate. Per-user certificates without per-user pain.
Audited, patched, deployed since 2001. Conservative defaults, well-known knobs, well-understood failure modes.
OpenVPN is heavier than WireGuard but still light. CPU only matters when you have many simultaneous connections.
Or use angristan/openvpn-install - one script, done.
apt install openvpn easy-rsaeasy-rsa in a tmpfs so private keys live in RAMDedicated IPv4. You won't get blacklisted because someone scraped Wikipedia from your "neighbor."
Migrating from a paid provider? Snapshot the working config before touching anything.
If the tunnel won't come up, we'll help you read the OpenVPN log - not redirect you to a chatbot.
BTC and ETH if you'd rather not put a card down. Anonymous billing for anonymous tunnels.
One VPS, one config file, one .ovpn for every device. Done before lunch.