I Self-Host My Own VPN — Do I Still Need Mullvad?

TL;DR: "VPN" is really two different products that happen to share a name. A self-hosted VPN (WireGuard or OpenVPN on your own VPS) is private infrastructure — a tunnel back to your stuff, exiting from your IP. A privacy VPN like Mullvad is a rented crowd — many people behind shared, no-log exit IPs that aren't tied to your name. Running your own does not give you the second thing. In fact, for hiding who you are, your own VPS is one of the worst exit points you can pick, because its IP is static and registered to you. Which one you need comes down to a single question: what are you actually trying to hide, and from whom?

If you've set up WireGuard or OpenVPN on a VPS, you've probably had this thought: "I run my own VPN now — why would I pay Mullvad or Proton five bucks a month for one?"

It's a smart question, and the people asking it are usually the ones who've actually done the work. But it's built on a hidden assumption: that the thing you self-hosted and the thing Mullvad sells are the same product. They aren't. They share a name and a bit of technology, and almost nothing else.

I run both. Here's why that isn't redundant, and how to tell which one you actually need.

"A VPN" is two completely different things

The word "VPN" got flattened by marketing into "the privacy thing you buy to be anonymous." But the technology is older and more boring than that, and the two use cases pull in opposite directions.

A self-hosted VPN is infrastructure. You stand up a WireGuard or OpenVPN server — usually on a VPS you rent, or a box at home — and your devices tunnel into it. Traffic comes out the other end wearing your server's IP address. The whole point is that the endpoint is yours: you control it, you trust it, and it's a fixed, known place.

A privacy VPN is a service. You pay a company, and your traffic gets mixed in with thousands of other customers behind a pool of shared exit IPs the provider operates. The whole point is that the endpoint is not yours and not uniquely you: you disappear into a crowd, on infrastructure deliberately designed to know as little about you as possible.

Read those two paragraphs again. One is built so the endpoint is unmistakably you. The other is built so the endpoint is unmistakably not traceable to you. They are opposites wearing the same three-letter label.

What self-hosting a VPN genuinely gets you

I'm not talking you out of your setup. Running your own VPN is one of the highest-value things a self-hoster can do, and it's good at real things:

• Remote access to your own network. This is the killer use case. Reach your home lab, your NAS, your Pi-hole, your internal dashboards, your SSH boxes — from anywhere, without exposing any of them to the public internet. If you only ever use your VPN for this, you've already won. (New to it? My WireGuard VPN setup guide walks the whole thing.)
• Encrypting the hop you don't trust. On airport or coffee-shop Wi-Fi, a tunnel to your VPS means the local network — and whoever's snooping on it — sees only encrypted noise to one address. The sketchy hop is covered.
• A stable, known exit IP. Sometimes you want a fixed IP: allowlisting yourself into a firewall, a work system, or an API that only trusts known addresses. A commercial VPN's rotating shared IPs are useless for that; your own server is perfect.
• Total control and zero added trust. No third party in the path you didn't already choose. You own the server, the keys, and the logs (or absence of them).

If those are your needs, you're done. You don't need Mullvad. Keep your OpenVPN and move on.

The one thing it does not get you: anonymity

Here's where the assumption breaks. People reach for a commercial VPN because they want to be harder to identify and track. A self-hosted VPN does close to nothing for that, and can even make it worse. Three reasons:

1. Your exit IP is a fingerprint of one. A Mullvad exit address is shared by a huge number of users at once, so "this came from that IP" tells an observer almost nothing. Your VPS IP is used by exactly one person: you. Every site you visit through it sees the same stable address every time — which is easier to profile and link across sessions than a normal connection, not harder.

2. That IP is tied to your real identity. You rented the VPS from Hetzner, Contabo, DigitalOcean — with a name, an email, and a card. There's a billing record connecting "that IP" to "that human." A subpoena, a leak, or a cooperative provider turns your private tunnel into a signed confession. Mullvad, by contrast, is built so there's nothing to hand over: you can pay in cash, the account is just a random number with no email, and independent auditors have checked that they don't keep the logs that would link you to activity.

3. You just moved the trust, you didn't remove it. Self-hosting feels like cutting out the middleman, but your traffic still exits somewhere — and now that somewhere is your VPS provider and their upstream ISP. They can see the metadata your home ISP used to see. You haven't hidden from an ISP; you've swapped which ISP can watch you, and pinned a name to it.

None of this makes self-hosting bad. It makes it the wrong tool for anonymity, the same way a house key is the wrong tool for opening a bank vault. Different lock.

What a privacy VPN does that you can't self-host

Stack a service like Mullvad or Proton VPN against your VPS and the gap is exactly the anonymity-shaped hole above:

• Crowd cover. Shared exit IPs mean your traffic is mixed with everyone else's. You're not "the VPS guy," you're one of thousands.
• No identity attached. Mullvad famously takes this to the extreme — no email to sign up, an account is a 16-digit number, and they accept cash in an envelope. There is deliberately no account record to subpoena.
• Audited no-logs, on purpose. Reputable privacy VPNs publish independent infrastructure audits of their no-logging claims. You could run your VPS no-logs too, but nobody's auditing you, and your provider still logs around you.
• Exit locations on tap. Need to look like you're in 30 different countries this week? That's a dropdown. Your single VPS is one IP in one city, forever.

This is also why I don't treat them as competitors to a homelab. Proton VPN is the one I keep a paid subscription to and reviewed in detail in my 60-day Proton VPN write-up; Mullvad is the privacy-maximalist's pick. Either is doing a job your self-hosted tunnel structurally can't.

Proton VPN — see plans — affiliate link; same price for you, small commission to me if you subscribe.

So which one do you need? Ask what you're hiding from

Forget the products for a second. The honest way to choose is to name your threat — the thing you don't want to happen — and see which tool addresses it.

• "I want to reach my home network and servers from anywhere." → Self-hosted VPN. This is its home turf; a privacy VPN can't do it at all.
• "I'm on untrusted Wi-Fi and want the local network to see nothing." → Either works. Both encrypt the local hop. Use whichever you already have running.
• "I want a fixed IP to allowlist into firewalls or work systems." → Self-hosted VPN. Shared commercial IPs can't give you this.
• "I don't want my ISP building a profile of every site I visit." → Privacy VPN. Self-hosting just hands that view to your VPS provider's ISP instead, with your name attached.
• "I don't want websites linking my visits back to a single identifiable address." → Privacy VPN. Your static personal VPS IP is the opposite of what you want here.
• "I want to download, research, or speak without it being traceable to me." → Privacy VPN, with anonymous signup (this is Mullvad's whole reason to exist).
• "I'm up against a global, state-level adversary." → Honestly, neither. That's Tor and operational discipline, not a VPN. Don't let any VPN marketing tell you otherwise.

Notice the split: everything in the access and control column is your self-hosted tunnel, and everything in the anonymity and unlinkability column is the commercial service. They almost never overlap.

Can you run both? Yes — and people do

These aren't mutually exclusive. A common, sane setup is: self-hosted WireGuard for getting into your own stuff, plus a privacy VPN for general browsing you'd rather keep unlinkable. You switch between them depending on the task. There's no conflict; they're separate tunnels for separate jobs.

One trap to avoid: don't try to get anonymity by chaining your laptop through Mullvad and then out your own VPS. The moment your personal VPS is the exit, you've re-attached your identity to the traffic and thrown away the crowd cover you were paying for. If anonymity is the goal, the commercial VPN has to be the last hop, not a stop on the way to your server.

The honest answer

So, do you still need Mullvad if you self-host your own VPN? It depends entirely on what you were using a VPN for.

If "VPN" to you means get back to my servers and cover sketchy Wi-Fi, your self-hosted setup already nails it and a paid service adds nothing. If "VPN" to you means be harder to identify and profile, your VPS was never going to deliver that — its IP is static, solo, and signed with your name — and a no-logs privacy service is doing a genuinely different job.

The mistake is assuming one box ticks both columns. It doesn't. Keep self-hosting your VPN; it's one of the best things in the homelab. Just don't mistake a private tunnel for an invisibility cloak.

I'm putting this to the test right now, by the way — I'm running Mullvad alongside my own WireGuard server and writing up a straight Proton VPN vs Mullvad comparison next, both on the same self-hosted stack. If you want the head-to-head, the newsletter box above is how you'll hear about it first.

If wiring up your own WireGuard or OpenVPN server (hardened, behind your own firewall, on a box you own) sounds like more of an evening than you want to spend, that's part of what I set up in my VPS setup service — a hardened server with your VPN, SSL, and the rest, on infrastructure that's yours.

Try the services

• WireGuard — free, open source. The self-hosted tunnel in this post; my setup guide gets it running on a VPS.
• Mullvad — privacy VPN, flat €5/month, anonymous accounts, no affiliate program (plain link — they don't pay anyone to recommend them, which is part of why people trust them).
• Proton VPN — privacy VPN with a free tier; the one I subscribe to and reviewed over 60 days. Affiliate link.
• Want the whole picture? My 2026 self-hoster's privacy stack covers where a VPN fits among the other tools.

Affiliate disclosure

The Proton VPN link in this post is an affiliate link — if you subscribe I earn a small commission, at no extra cost to you, same price either way. I subscribe to Proton on my own card. The Mullvad links are plain, unpaid links: Mullvad runs no affiliate program by policy, and I'm testing it on a review voucher I asked them for. The $49-base VPS setup is my own paid service. I'm not paid to prefer any of these. — enim

Related

[ vpn ]

WireGuard vs OpenVPN vs Tailscale: Self-Host in 2026

[ privacy ]

The 2026 Self-Hoster's Privacy Stack: every tool I actually pay for, configured end-to-end

[ vpn ]

Proton VPN in 2026: I ran it for 60 days on my self-hosted stack — here's what works and what doesn't