Selfhosted

Wireguard and their official Android app. My home router acts as the WG server and it does also the daily dynDNS refresh, so I can pretend having a fixed address.

I just use wireguard, no there is no simple GUI or anything like that. I also run it bare metal no docker.

It currently sits on a pi zero 2, it has just enough power to use my pihole DNS’s. I plan on moving it to a pi 5 whenever I get around to building my firewall.

Pangolin or netbird on a vps and the rest is easy.

Truenas + wireguard + wg-easy. Quite easy to setup. Official apps that exist on any os you can think of. And stable. Turn it on and forget.

If you have a public IP just use wire guard. If you don't have a public IP, rent a cheap VPS and use that as entry point, setting up one wire guard from home to the vps, and the other from your phone to the vps.

I use Wireguard.

For my phone, I use the "WG Tunnel" app: https://github.com/wgtunnel/android

It's nice because it'll automatically enable/disable it as I move between networks.

Before that, though I used the official client and I just kept it on 24/7. It's not like it uses extra data or battery or anything.

I have a wireguard server on my opnsense router. My phone and my wifes phone is permanently connected, doesnt matter if we are on home wifi or not, we just leave it on. Very basic, very stable.

I'm like you and did not want any kind of corporate entity involved in my network if it could be avoided. I settled on Wireguard and rather than deal with management constantly I set up 3 times as many peer configurations as initially needed. When a new device is added I just copy a spare configuration to the device and change the name of the config on the server. Tasker is used to connect the WG tunnel on our phones whenever home wifi is not connected. The open port on the router looks closed to the outside and only responds when the correct key is received so there's no known way to breach the network.

Everything from my phone is run through WG and it only uses a tiny amount of additional mobile data. Syncthing adds nothing of consequence except when syncing big files. Battery life is fine even with both WG and Syncthing running.

Once set up it's required zero attention or maintenance.

personally I just use headscale with tailscale clients and mullvad vpn via wireguard on the control server. there's a bit of systemd magic required to make sure wg-quick starts before headscale does. dns is setup via a pihole device and I just point headscale's config at that device for dns. it's a pretty simple setup, but I have no issue doing everything via cli so this works well for me.

Headscale is best used with the CLI. If you host a UI it's only for convenience, and you need to keep track of the Headscale version it supports. The Discord guild can help you debug things.

Can Tailscale be logged in from multiple credentials? If so try having a few of them instead of one for redundancy. Also maybe look into hosting a reliable and simple IDP like Kanidm for Tailscale.

Sounds like you're talking about a Mesh VPN.

Syncthing doesn't need a VPN to function - in fact you're better off not using a VPN as it's own rules will see the VPN as a LAN connection and sync data across it when your Syncthing rules exclude using your data connection. Maybe that's what you saw with Netbird's data usage. I'd be really surprised if Netbird itself used any significant data.

I have about 20 sync jobs per phone - some are allowed to use cell data (photos), others aren't. When I enable Tailscale on my phone, Syncthing will try to sync all the jobs because it sees the VPN as a LAN.

I run rooted and use a firewall and block VPN there for Syncthing to prevent this.

I use NordVPN and it's nifty Meshnet feature for these kinds of things. Once setup, any of my devices that have the NordVPN app running and have Meshnet enabled can access my services, which at the moment is really only Immich and Jellyfin. I could even grant other Nord users access to it without much hassle.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

[Thread #280 for this comm, first seen 9th May 2026, 18:40] [FAQ] [Full list] [Contact] [Source code]

So I have a tinc mesh for my house, VPS and dedicated server. I have started using pangolin for access to things from the internet, I have also used pangolin as a VPN into my networks from my phone

I use Proton's VPN.

Issues I've observed: timeouts and extra (sometimes excessive) "are you human" verifications, extra step on troubleshootings if a site doesn't load properly or at all, sites load slower, connection may not even work when it's morning in Russia and China or if the server is in a country being bombarded (e.g. Iran's former allies) or possibly also going through some natural disaster, some sites may hardcode your VPN region to your account if you stay in a given IP too much (e.g. Crunchyroll), and some sites block VPN IPs they know about (e.g. Nijimiss.moe, part of the fediverse, and GameFAQS).

I use Nord for most things. My phone connects to my home server via tailscale and routes to Nord through there (just for adguard really). I also have mullvad which is only used for IPTV streaming / torrents / when I want to be a ghost.

Nothing, mostly. Will use point-to-point Wireguard once I get around to setting up Prometheus ingestion.

What do you need a VPN for?