What is everyone else using for VPN solutions and what are the trade offs?
I want a VPN to access all my personal devices and use services like Syncthing. I use it on my phone so it can’t use ungodly amounts of idle data.
I looked at Netbird but found the idle data usage almost 1GB per few days using JetBird with Lazy connections. I tried the default app but it makes me SSO login every day or two, it wouldn’t stay connected, and it still used a reasonable amount of idle data.
I looked at Tailscale but I’m not going to lock access to all my devices behind a Google account login or some other third party service login for no reason. It seems like hosting my own auth server is too much additional risk as well. I tried self hosting headscale which worked well except that I have no decent front end to easily add devices. I have to log into a terminal, then execute docker commands which was a huge pain in the ass. I didn’t even touch on any of the firewalling or routing that can be done because it was so much more complex in headscale then in a web interface. I tried hosting two or three headscale front ends but couldn’t get one working that supported most of the available feature set. Usually I was given generic connection errors with no clear way to diagnose or clear troubleshooting steps so after a few hours I moved on.
Edit 2026-05-10:
Thank you for all the feedback.
Will try disabling expiry on SSO login for my phone via Netbird official app.
Will look into Pangolin.
May try Headplane UI for Headscale again though lower priority than Netbird because it’s fully open source.
I just use wireguard, no there is no simple GUI or anything like that. I also run it bare metal no docker.
It currently sits on a pi zero 2, it has just enough power to use my pihole DNS’s. I plan on moving it to a pi 5 whenever I get around to building my firewall.
Well there is wg-easy which comes with a very decent GUI imho
Cool did not know that I will have to look into that when I set up my pi 5 firewall.
I have a wireguard server on my opnsense router. My phone and my wifes phone is permanently connected, doesnt matter if we are on home wifi or not, we just leave it on. Very basic, very stable.
I use NordVPN and it’s nifty Meshnet feature for these kinds of things. Once setup, any of my devices that have the NordVPN app running and have Meshnet enabled can access my services, which at the moment is really only Immich and Jellyfin. I could even grant other Nord users access to it without much hassle.
I’m like you and did not want any kind of corporate entity involved in my network if it could be avoided. I settled on Wireguard and rather than deal with management constantly I set up 3 times as many peer configurations as initially needed. When a new device is added I just copy a spare configuration to the device and change the name of the config on the server. Tasker is used to connect the WG tunnel on our phones whenever home wifi is not connected. The open port on the router looks closed to the outside and only responds when the correct key is received so there’s no known way to breach the network.
Everything from my phone is run through WG and it only uses a tiny amount of additional mobile data. Syncthing adds nothing of consequence except when syncing big files. Battery life is fine even with both WG and Syncthing running.
Once set up it’s required zero attention or maintenance.
Netbird, it doesn’t use much for data for me, just disable expiry and it’ll stay connected. I would guess the third party app is part of the problem.
Will try disabling expiry and using the default app. Thanks.
NP, you have to do it on the web interface, not in the app. You can also decrease the frequency if you don’t want it to last forever.
Yeah I hadn’t even thought of doing that in the interface. I assumed it would be in the client settings or connection setup. I have turned it on now. Here’s hoping it works fine from here on out.
❤️
Wireguard + VPS. Each device connected can choose to route all their internet traffic or only VPN services traffic.
I use Nord for most things. My phone connects to my home server via tailscale and routes to Nord through there (just for adguard really). I also have mullvad which is only used for IPTV streaming / torrents / when I want to be a ghost.
Removed by mod
As with many others here- Wireguard and public IP. Add to that I can choose between split and full tunnel to either use the connected network for anything not on my network (split) or have everything routed through the network (full tunnel).
