this post was submitted on 16 Mar 2026
31 points (97.0% liked)

Selfhosted

56958 readers
1474 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
31
a VPN that is easily self-hostable and resistant to blocking? (eviltoast.org)
submitted 15 hours ago by pr3d@eviltoast.org to c/selfhosted@lemmy.world
24 comments fedilink hide all child comments
 

Hi, i'm looking for a VPN that:

  • is easily deployable via a docker-compose
  • has an Android App and it doesn't drain the battery too much
  • hides as regular HTTPS traffic so it's not blockable by Firewalls. (I don't need strong censorship resistance; it just has to work in offices and hotel WiFis.)
  • Bonus: A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

https://github.com/TrustTunnel/TrustTunnel sounds interesting, but the PR for docker compose was closed.

Do you know something else?

you are viewing a single comment's thread
view the rest of the comments
[–] spaghettiwestern@sh.itjust.works 3 points 14 hours ago (2 children)

I've run Wireguard on 443 (on my router) for exactly that purpose and never had a problem, even when my standard WG port was blocked by some businesses. I've since had to move to port 587 due to router conflicts and it's worked fine so far too.

The battery drain on Android is negligible (at least for my uses) and WG is activated by Tasker whenever my home wifi is out of range. From what I can see WG is configurable via Docker compose.

[–] hellmo_luciferrari@lemmy.zip 2 points 13 hours ago (1 children)

Have you tried [https://github.com/zaneschepke/wgtunnel](WG Tunnel)

I use this WG client and it has options for auto-tunneling

[–] spaghettiwestern@sh.itjust.works 2 points 11 hours ago (1 children)

Thanks for the link. Will take a look.

[–] hellmo_luciferrari@lemmy.zip 1 points 10 hours ago

I quite like the option! I do love tasker, but if i only need auto tunneling this does it quite well!

[–] iopq@lemmy.world -3 points 13 hours ago (2 children)

Doesn't work in China, can be easily blocked by censors

[–] spaghettiwestern@sh.itjust.works 5 points 11 hours ago* (last edited 11 hours ago) (1 children)

Who said anything about China?

OP: "I don’t need strong censorship resistance; it just has to work in offices and hotel WiFis."

[–] moonpiedumplings@programming.dev -1 points 3 hours ago (1 children)

Many of the prominent https VPN protocols are for evading the great firewall of China. OP had that as a requirement, so it is not an unreasonable assumption.

If you are evading less locked down firewalls, then you don't need as stealthy VPNs.

[–] spaghettiwestern@sh.itjust.works 2 points 3 hours ago* (last edited 3 hours ago) (1 children)

Many of the prominent https VPN protocols are for evading the great firewall of China. OP had that as a requirement

OP said exactly the opposite. Where the fuck do you get this stuff?

[–] moonpiedumplings@programming.dev -1 points 2 hours ago* (last edited 2 hours ago)

hides as regular HTTPS traffic so it’s not blockable by Firewalls

From OP's post, of course. If OP does not need to evade firewalls that are that aggressive, then they should have settled for a less stealthy VPN solution, as many of these HTTPS proxy solutions have performance and usability (can often only proxy TCP traffic) tradeoffs.

Perhaps they have already tried the wireguard on port 443 solution, and it didn't work for them. My high school would auto detect and block wireguard to any port. Perhaps they are in a similar situation.

[–] sunbeam60@feddit.uk 1 points 10 hours ago

Most Chinese exits through port snooping. And you really need to be on a Chinese corp network to know - if you take your western mobile there they do very little blocking.

I’ve been fairly successful with most China corp networks letting me out and in to self-hosted WG server on port 123.