LAT 50.110 · LON 8.682AES-256-GCM · CHACHA20
server · all systems nominal42 agents online4 protocolsuptime 312dv2.4.1
[ 00 // SELF-HOSTED VPN ORCHESTRATION ]

Every VPN protocol.
One server you actually own.

Orchestrate WireGuard, AmneziaWG, OpenVPN and IPSec across every site from a single control plane — with CrowdSec + Suricata threat detection, multi-hop overlay routing and browser-based access. No cloud. No accounts. No telemetry.

Deploy your serverExplore the platform
4protocols, one plane
1 minsetup per site
0cloud dependencies
privycs · gateway.console↑ 312d 04:17:09
fra-01 Frankfurt18 msonline
waw-03 Warsaw29 msonline
nyc-02 New Yorkconnecting
sgp-01 Singapore141 msdegraded
INGRESS · 60speak 3.1G
2.4 Gb/saggregate
WireGuardAmneziaWGOpenVPNIPSec
[ 01 // THE PLATFORM ]

One control plane for every tunnel, every site, every policy.

06 capabilities
server core
[ 02 // GLOBAL AGENT MESH ]

Every site on one private mesh — that you run.

Agents hold a persistent encrypted link to the gateway and route between each other on demand. Watch tunnels come up, fail over and rebalance in real time — no broker in the middle.

nodes online
12 / 12
MESH · OVERVIEWPROJ: EQUIRECTANGULARREFRESH 1.0s↹ 2.4 Gb/s
online agent degraded active tunnel live throughput
[ 03 // ARCHITECTURE ]

One Server = a central Gateway commanding many Agents.

The Gateway pushes configuration down an encrypted TLS WebSocket; lightweight Site Agents enforce it locally and stream metrics back up. No inbound ports, no cloud broker.

TLS·WSTLS·WSTLS·WSTLS·WSSite Agentfra-01Site Agentwaw-03Site Agentnyc-02Site Agentsgp-01Central Gatewayweb · api · ws · postgres
Config pushes down Metrics & events flow up Encrypted TLS WebSocket
1

Central Gateway

Web UIREST APIWebSocket HubPostgreSQL
2

Encrypted Control Channel

TLS WebSocketAuto-reconnectConfig ↓Metrics / events ↑
3

Lightweight Site Agents

Go binariesRun on each VPN siteManage services locally
4

Local Network & Security

WireGuardAmneziaWGOpenVPNIPSec/IKEv2iptablesCoreDNSCrowdSecSuricata
[ 04 // HOW IT COMPARES ]

More protocols, more control, none of the cloud.

privycs vs.
the field

/ competitors shown as text labels — third-party marks omitted

/01
0
VPN protocols, one plane
/02
0 min
to onboard a new site
/03
0%
self-hosted & open source
/04
0
cloud dependencies
[ 05 // FROM THE BLOG ]

Deep dives from the Privycs engineering blog.

In-depth articles on protocols, routing, threat detection, clients and self-hosting.

latest writing
/blog
Read all articles →
[ 06 // DEPLOY ]

Bring up your server in a single line.

Self-host the control plane on any Linux box, enroll your first agent with a one-liner, and push your first tunnel before the kettle boils.

$curl -sSL https://get.privycs.io | sh
Read the admin guideTechnical reference