this post was submitted on 16 Mar 2026
47 points (98.0% liked)

Selfhosted

60093 readers
907 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require your active participation in selfhosting or related communities, or the post will be removed. No more than 10% of your posts or comments may be self-promotional, or your post will be removed. F/LOSS Exception: If your post is about a project that is completely open source & can be self-hosted in full without payment, and your account is at least 7 days old, your post is exempt from this rule as long as you continue to engage in comments.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
47
a VPN that is easily self-hostable and resistant to blocking? (eviltoast.org)
submitted 3 months ago by pr3d@eviltoast.org to c/selfhosted@lemmy.world
37 comments fedilink hide all child comments
 

Hi, i'm looking for a VPN that:

  • is easily deployable via a docker-compose
  • has an Android App and it doesn't drain the battery too much
  • hides as regular HTTPS traffic so it's not blockable by Firewalls. (I don't need strong censorship resistance; it just has to work in offices and hotel WiFis.)
  • Bonus: A server like caddy can also accept HTTPS traffic for some regular websites next to the VPN server.

https://github.com/TrustTunnel/TrustTunnel sounds interesting, but the PR for docker compose was closed.

Do you know something else?

you are viewing a single comment's thread
view the rest of the comments
[–] moonpiedumplings@programming.dev -2 points 3 months ago (1 children)

Many of the prominent https VPN protocols are for evading the great firewall of China. OP had that as a requirement, so it is not an unreasonable assumption.

If you are evading less locked down firewalls, then you don't need as stealthy VPNs.

[–] spaghettiwestern@sh.itjust.works 5 points 3 months ago* (last edited 3 months ago) (1 children)

Many of the prominent https VPN protocols are for evading the great firewall of China. OP had that as a requirement

OP said exactly the opposite. Where the fuck do you get this stuff?

[–] moonpiedumplings@programming.dev -1 points 3 months ago* (last edited 3 months ago) (1 children)

hides as regular HTTPS traffic so it’s not blockable by Firewalls

From OP's post, of course. If OP does not need to evade firewalls that are that aggressive, then they should have settled for a less stealthy VPN solution, as many of these HTTPS proxy solutions have performance and usability (can often only proxy TCP traffic) tradeoffs.

Perhaps they have already tried the wireguard on port 443 solution, and it didn't work for them. My high school would auto detect and block wireguard to any port. Perhaps they are in a similar situation.

[–] pr3d@eviltoast.org 1 points 3 months ago (1 children)

I haven't tried WG on 443/udp yet. On my last UK journey I had it on the default WG port and it was blocked a few times. Will try 443/udp @ homelab next time. Every other advanced obfuscating solution sounds pretty complicated and I'm not sure if there will be time to handle this during a journey.

[–] moonpiedumplings@programming.dev 2 points 3 months ago (1 children)

Also try wireguard over port 53. Often (udp) traffic to port 53 is unblocked because it's needed for DNS.

What is special about this setup is that it can sometimes get around captive portal wifi.

[–] pr3d@eviltoast.org 1 points 3 months ago

Pretty nice idea! Will try it. Thanks.