Access your server privately from anywhere in the world using a VPN. Only authorized devices with the VPN configuration can reach your server and its installed services.
Think of your server’s gateway as a defense perimeter with hundreds of locked doors, each door leading to a unique service interface. One door might say “Vaultwarden UI”, another “Bitcoin RPC”, and another “Bitcoin P2P”. An inbound VPN gives authorized devices a key to the doors they need — without opening them to the public Internet.
Tip
Private domains also work over VPN, giving you custom domain names for your services when connected remotely.
Most modern routers include a VPN server feature. If so, it is usually the preferred method for private, remote access to your server.
If you haven’t already, assign a static IP address to your server on the LAN. Refer to your router’s user manual for detailed instructions.
Since home IP addresses can change without warning, we highly recommend setting up dynamic DNS. Many routers offer this as a built-in feature. If not, third-party services are available. Without dynamic DNS, a change to your home IP will disconnect all VPN clients until you re-download configuration files for each one.
Enable your router’s VPN server. Refer to your router’s user manual for detailed instructions.
By default, StartTunnel exports wireguard config files that are configured for split tunneling, allowing you to use your StartTunnel VPN to access your StartOS server and installed services while also preventing it from being automatically used for all Internet traffic.
There are three reasons to select this option:
Your router does not offer a VPN server.
Your router’s VPN server is not automatically configured for split tunneling.
You are already using StartTunnel for clearnet hosting, so most of the work is already done.
To use StartTunnel for private, remote VPN access, see StartTunnel.
Import the config file to your iOS device. If the configuration file can be displayed as a QR code, that is usually easiest. If not, you can download the file and transfer it to your iOS device.
Your VPN tunnel will have been created and visible in the WireGuard app where you can click to activate it.
Click the + button to add a new profile/connection.
Import the config file to your device. If the configuration file can be displayed as a QR code, that is usually easiest. If not, you can download the file and transfer it to your device.
Android will inform you that WireGuard wants to set up a VPN connection. Click “OK”.
Transfer the configuration file to your iOS device. If accessing your router UI via a laptop/desktop, you will need to download the file to that device, then send it to yourself via email, message, or other file sharing tool.
Import the configuration file and enter the necessary authentication settings you chose or were default on your OpenVPN server on your router.
Depending on how you’ve configured your OpenVPN server, you may need to add a username and password before you hit Connect.
Once set up, click on the name of the profile to connect and disconnect. You can edit the profile from the icon to its right.
Transfer the configuration file to your device. If accessing your router UI via a laptop/desktop, you will need to download the file to that device, then send it to yourself via email, message, or other file sharing tool.
Click the + button to add a new profile/connection.
Import the configuration file. Consider giving the profile a descriptive name.
Android will inform you that OpenVPN wants to set up a VPN connection. Click “OK”.
If you set up your OpenVPN server with username and password authentication, enter those and select to save the password.
Once set up, click on the name of the profile to connect and disconnect. You can edit the profile from the icon to its right.
Tip
If you’re not able to browse websites when connected, your router VPN may not be providing valid DNS servers. Edit the profile, visit the IP and DNS tab, and override the DNS settings with your own.