Installing

Install StartTunnel on a Debian VPS by renting a server, running the one-line installer script, and initializing the web interface. The entire process takes just a few minutes.

Get a VPS

Rent a cheap Debian 12+ VPS with a dedicated public IP. Minimum CPU/RAM/disk is fine. For bandwidth, no need to exceed your home Internet’s upload speed.

Requirements

• Debian 13
• Root access
• Public IP (required for clearnet port forwarding; not required for private VPN use)

Important

StartTunnel is designed to be the sole application on your VPS. The installer disables UFW and manages its own firewall rules via iptables. Do not run other Internet-facing services on the same VPS.

Run the installer

SSH into your VPS and run:

curl -sSL https://start9labs.github.io/start-tunnel/install.sh | sh

Note

If DNS resolution is not working on your VPS, the installer will configure public DNS resolvers (Google, Cloudflare, Quad9) and back up your existing /etc/resolv.conf.

Initialize the web interface

StartTunnel can be fully managed from the command line, but it also offers a web UI for convenience. To set it up, run:

start-tunnel web init

This initializes a web server, creates a random password, generates a Root Certificate Authority (Root CA), and prints them all the console on completion.

Save the URL and password to your password manager, then follow instructions to trust the Root CA.

Note

The URL, password, and Root CA are only for accessing your StartTunnel’s web user interface. None are needed to use StartTunnel from the command line.

Trust your Root CA

You can access your StartTunnel web UI without trusting its Root CA by powering through the browser warning, but this is less secure and not recommended.

To trust your Root CA, select your operating system and follow instructions:

Next steps

• Subnets — Create isolated VLANs
• Devices — Add servers, phones, and laptops
• Port Forwarding — Expose ports on your VPS’s public IP