I set up WireGuard or OpenVPN on any Linux server — bare metal or cloud VM — with proper key management, firewall rules, and split-tunnel or full-tunnel routing. You get encrypted remote privs to your private network without trusting a third-party VPN provider.
WireGuard is my default recommendation: it's faster, uses modern cryptography (ChaCha20, Curve25519, BLAKE2), and the 4,000-line codebase is auditable. OpenVPN is available for legacy client compatibility or TCP-over-443 requirements that penetrate restrictive firewalls.
Deliverables: server fully installed and configured; client config files for all your devices (mobile, laptop, server); UFW/iptables rules for routing and masquerading; DNS leak prevention; kill switch configuration; dynamic DNS setup if your server IP isn't static; and a guide for adding future peers without requiring my involvement.
For larger deployments I configure site-to-site tunnels, mesh networks using Headscale (open-source Tailscale control server), or wg-easy for a self-hosted management UI.