this post was submitted on 16 Mar 2026
47 points (98.0% liked)

Selfhosted

60093 readers
938 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
47
a VPN that is easily self-hostable and resistant to blocking? (eviltoast.org)
submitted 3 months ago by pr3d@eviltoast.org to c/selfhosted@lemmy.world
37 comments fedilink hide all child comments
 

Hi, i'm looking for a VPN that:

  • is easily deployable via a docker-compose
  • has an Android App and it doesn't drain the battery too much
  • hides as regular HTTPS traffic so it's not blockable by Firewalls. (I don't need strong censorship resistance; it just has to work in offices and hotel WiFis.)
  • Bonus: A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

https://github.com/TrustTunnel/TrustTunnel sounds interesting, but the PR for docker compose was closed.

Do you know something else?

you are viewing a single comment's thread
view the rest of the comments
[–] irmadlad@lemmy.world 6 points 3 months ago (1 children)

resistant to blocking?

That's going to be the sticky wicket right there. It is rather trivial for server admins to know what IPs go with VPNs and not. Wireguard is about the best thing on the planet right now, imho, but it will also get blocked. Occasionally, I will happen on a site that outright blocks me. If I can't bend the site to my will, I just move on. The information on the blocked site will 9 times out of 10 be found duplicated somewhere else.

One 'trick' I've found works fairly well is Opera. So, when I go to pay my bills online, my VPN coupled with the way I have Firefox configured, will trigger a block. I can fire up Opera, engage it's built in VPN, still keep my local VPN connected, and have no problem accessing my bills. It's not an elegant solution, and some users have preclusions to Opera. However, that generally works for me.

[–] iopq@lemmy.world 5 points 3 months ago (1 children)

Wireguard is not resistant to blocking, it is plain as day if you're using wireguard and china had blocked it for years

[–] irmadlad@lemmy.world 3 points 3 months ago (1 children)

I sort of said as much. It really doesn't matter, imho, what you use. As soon as that service becomes abused globally, everyone blocks it, including Tor. Any server using DPI or TLS will spot it a mile away. Now, if you have a fool proof way, than I am very much ready to be educated.

[–] iopq@lemmy.world 1 points 3 months ago

It does matter.

When I connect to my VPN, the network sees that the server name is yahoo.com

It actually connects to my server which sends the request to yahoo.com and then replies with the cert. So the network sees that yahoo.com sent the cert back to my client from that IP address

Then there is a bunch of encrypted communication with timings and sizes that look like I'm downloading stuff over http.

I'd like to hear a credible model of blocking this