Self-Hosted VPN Server

All your internet traffic is encrypted before it leaves your device. Your provider can no longer see which sites you visit. You are protected on public WiFi. And you can securely access your home network from anywhere. No third-party provider, no subscription, set up in minutes.

100% Made in GermanyGDPR compliantHourly billingNo minimum term
So funktioniert ein VPN

Ihr Traffic, verschlüsselt von Anfang an

Ihr Gerät

VPN-Client verschlüsselt

Tunnel

Provider sieht nur eine IP

dataforest

AS58212 · Deutschland

Internet

Erst hier öffentlich

WireGuard·ChaCha20-Poly1305·Curve25519
≈ 4.000Zeilen Kernel-Code
1-RTTHandshake
Kernel-SpaceKein User-Space-Overhead
01

Why you need your own VPN server

Access your network from anywhere

Securely reach your NAS, home automation or local services no matter where you are. Many routers support site-to-site VPN, letting you transparently secure your entire home network through a single tunnel.

Stay safe on public WiFi

On open networks (hotels, airports, cafes), your unencrypted traffic can be intercepted. A VPN tunnels everything encrypted to your own server before it reaches the internet.

Connect locations securely

Link your office, home office and additional servers via encrypted tunnels. No expensive licenses and no dependency on a third-party provider.

Your provider sees nothing

Without a VPN, your internet provider sees every DNS query and every connection destination. With a VPN, they only see encrypted traffic to one IP address. What you do online stays your business.

02

Why run your own VPN server

You control everything

No VPN provider you need to trust. You run the server yourself and decide whether and what gets logged.

Data stays in Germany

Your server is located in certified data centers in Germany. German data protection law and GDPR apply. No US CLOUD Act, no data transfers abroad.

One server, many possibilities

Your seed is a full Linux server. Besides VPN, you can use it for websites, automation or other projects. A commercial VPN subscription only offers the VPN service.

Set up in minutes

A single package manager command installs the VPN protocol. Generate keys, create configuration, connect. Clients for all platforms are available through official package sources.

Your own IP address

Your VPN server has a fixed IP that belongs only to you. No shared addresses that end up on blacklists, as is common with commercial VPN services.

All devices, one tunnel

VPN clients exist for Linux, macOS, Windows, iOS and Android. Configurations can be shared via QR code. Set up once, use on all devices.

03

The proven solution for your VPN server

WireGuard In the Linux kernel since version 5.6

Modern VPN protocol that runs directly in the Linux kernel (wireguard.com). Minimal code (approx. 4,000 lines), high speed and simple configuration. Available for Linux, macOS, Windows, iOS and Android.

Suited for: Remote access to home network, secure connection in public Wi-Fi, site-to-site networking.

04

Your VPN is only as good as the network behind it

We operate our own network (AS58212) with redundant infrastructure in Germany. For your VPN server, that means high bandwidth, low latency and maximum availability.

Own Autonomous System

AS58212, an independent network with its own routing. Not leased, not resold.

Redundant Routers

Multiple Juniper MX routers in edge and core network. Redundant power supplies, routing engines and line cards.

Unlimited Bandwidth

No traffic limits, no throttling. Redundant uplinks with consistently low utilization.

99.98%+ Availability

Annual average. Redundant fiber connections between locations, routed without crossings.

Open Peering Policy

Direct data exchange with other networks for shorter paths and lower latency.

Certified Data Centers

Facilities in Germany at maincubes, firstcolo and Interxion.

05

Which VPN technology?

WireGuard

Best choice for fast, straightforward VPN connections.

  • Part of the mainline Linux kernel since 2020
  • One configuration file per device, no complex setup
  • Encryption directly in the kernel, no user-space overhead
  • Significantly more throughput than OpenVPN in benchmarks
  • Compact software, formally verified for security multiple times
  • Connection established after a single data exchange
  • Apps for all platforms with QR code import

OpenVPN

Best choice when TCP is required or networks are restrictive.

  • In use for over 20 years and widely deployed
  • Works over TCP when UDP is blocked
  • Can disguise itself as HTTPS traffic (useful in censored networks)
  • Configurable encryption for compliance requirements
  • Broader operating system support on older systems
  • Runs in user-space, resulting in less throughput than WireGuard
  • More complex setup and configuration
Bottom line: WireGuard is the right choice if you want to run a straightforward, fast VPN server. OpenVPN is the alternative when you need TCP transport or firewalls block UDP.
06

Your own VPN in 3 steps

01Step 01

Create a seed

Choose a model that fits your needs. All models are suitable for a VPN server. WireGuard uses minimal resources. The bottleneck is network bandwidth, not CPU.

02Step 02

Install VPN software

On all supported operating systems (Debian, Ubuntu, AlmaLinux, RockyLinux), install WireGuard via the package manager with a single command.

03Step 03

Connect your devices

Create a configuration file or QR code per device. Using the WireGuard app on your smartphone or laptop, you connect in seconds.

07

Step-by-step setup

Detailed tutorials by our engineers, tested on a current dataforest Seed. Accessible without an account.

Networking · approx. 10 minBeginner

Set up a WireGuard VPN server

Step-by-step guide to set up your own WireGuard VPN server on a dataforest seed and connect your first device.

WireGuardVPNNetworkingSecurity
Open guide

View all guides →

08

Configure a seed

Billed hourly, no minimum term, no setup fee. The server is available for other services alongside VPN.

Entry

Beginner

CPU allocation based on availability
At least Intel Xeon Gold
NVMe SSD storage
3-way replication via Ceph
DDR4
Balanced disk performance
3,65 €
/ Month
from
0,005848 €
/ Hour

Standard

All-rounder

AMD EPYC Turin
At least 2.6 GHz
Up to 4.5 GHz
NVMe SSD storage
3-way replication via Ceph
DDR5
Increased disk performance
9,01 €
/ Month
from
0,014439 €
/ Hour

Performance

CPU-optimized

AMD EPYC Turin (High Frequency)
At least 3.3 GHz
Up to 5 GHz
NVMe SSD storage
3-way replication via Ceph
DDR5
Maximum disk performance, IOPS-optimized
12,26 €
/ Month
from
0,019639 €
/ Hour

All prices incl. 19% VAT

09

Why dataforest Cloud?

Data sovereignty

Your data stays in Germany. All seeds run in certified data centers in Frankfurt. No data transfers to third countries, full GDPR compliance.

Deployed in seconds

Seeds are provisioned automatically. From configuration to a running server takes only seconds. No waiting, no tickets.

Hourly billing

You only pay for what you use. No minimum terms, no setup fees. Seeds can be created and deleted at any time.

Full control

Root access, public API and full transparency. You decide what runs on your seed. No vendor lock-in, no hidden restrictions.

10

Bevor Sie loslegen.

What exactly does a VPN do?
A VPN creates an encrypted tunnel between your device and your server. All your internet traffic flows through this tunnel. Your internet provider only sees that you are connecting to one IP address, but not which websites you visit or which services you use.
What does a VPN protect and what does it not?
A VPN protects the transport layer: your provider and others on the same network only see encrypted traffic. What a VPN does not protect: if you are logged into a service (Google, social networks), it knows who you are regardless of the VPN. Tracking via cookies or browser fingerprinting is also not prevented by a VPN.
When is a self-hosted server better than a VPN subscription?
A self-hosted server is the better choice when you need secure remote access to an existing network (home network, office, other servers), when you want full control over logging, or when GDPR compliance matters. Additionally, you get a full Linux server that you can use for other projects alongside VPN. A commercial subscription is better when you need VPN endpoints in many different countries or anonymity through thousands of users behind the same IP address.
Do I need technical knowledge for this?
Basic Linux skills are helpful: connecting to a server via SSH and running commands in the terminal. The actual WireGuard installation is a single command via the package manager. The configuration consists of a text file with just a few lines. If you have set up a Linux server before, you can do this in under 15 minutes.
Do I need a powerful server?
No. WireGuard runs directly in the Linux kernel and uses barely any CPU or memory. The bottleneck is the server's network bandwidth, not compute power. For typical use with multiple devices, any seed model is sufficient. If you want to run other services in parallel, choose a larger model accordingly.
How many devices can I connect?
WireGuard does not set a hard limit on concurrent connections. For typical use with 5 to 50 devices, any seed model is sufficient. With very many concurrent connections, network bandwidth becomes the limiting factor.
Which devices are supported?
On the server side, all operating systems on the dataforest Cloud support WireGuard natively: Debian, Ubuntu, AlmaLinux and RockyLinux. On the client side, there are apps for Windows, macOS, iOS and Android. The configuration can be transferred from server to smartphone via QR code.
How fast is my VPN?
Speed depends on the network your server is connected to. We operate our own network (AS58212) with redundant routers, unlimited bandwidth and an open peering policy. WireGuard leverages this infrastructure optimally since it encrypts directly in the Linux kernel with no user-space overhead. In practice, you can expect to use most of the available server bandwidth.
What happens to my data on a server in Germany?
Your server is located in certified data centers in Germany. German data protection law applies including GDPR. No data transfers to third countries.
What responsibility do I take on with my own VPN server?
Running your own server means taking responsibility for its security. This includes keeping the operating system up to date, installing security updates and configuring firewall rules. Our step-by-step guide shows you how to set this up. If you would rather not deal with server maintenance, a commercial VPN subscription is the simpler choice.
How do I back up my server?
Regular backups of your VPN configuration and server settings are recommended. The dataforest Cloud offers optional automatic offsite backups as an add-on option. Additionally, we recommend independently backing up important configuration files to external systems.

Any questions?

Then our experts are happy to help. You'll be surprised how fast we are.

Contact an expertVisit FAQs
Background image