Setting up and running a private Syntropy VPN

When you use commercial VPNs, you just move the risk down the VPN tunnel as you trust 3rd party providers with your data. By deploying a private VPN, you take ownership of your privacy. You can do that now easily with Syntropy Stack.

We aim to make the process of setting up your private VPN as easy as possible. We believe that you will set up your private VPN infrastructure with ease by going through this tutorial. Moving forward, we will be building an extended knowledge base that brings you through the technical aspects of running your VPN, as well as educating you about privacy on the Internet. If you have any further questions, let us know on our Discord, where we have a dedicated channel for VPN support.

Setting up your private VPN is really no longer than three steps:

  • Set up your virtual machine.
  • Establish a connection via the Syntropy Stack platform.
  • Plug in the connection configuration to the Wireguard application.

To access Syntropy Stack, please create an account here.

Wireguard currently supports Windows, Linux, macOS, iOS and Android. You will be able to connect from these devices as soon as you deploy your VPN infrastructure.

Step 1 - Setting up a virtual machine with VPN Syntropy Agent

Setting up a virtual machine with a Syntropy Agent is the very first step. This will allow you to use your server as a relay for your VPN traffic. You can opt for any VPS or similar kind of cloud infrastructure capable of running a Docker image of a Syntropy Agent.

To help you deploy Syntropy Agent, we are preparing a list of tutorials, teaching you how to set up a private VPN in different situations or various providers.

Find the available tutorials for specific providers below:

  • Azure Cloud
  • Aws (TBA)
  • Google Cloud Console (TBA)
  • Digital Ocean (TBA)
  • Oracle Cloud (TBA)
  • Alibaba (TBA)
  • IBM cloud (TBA)
  • More coming soon.

Generic tutorial for all providers:

Step 2 - Setting up a Virtual Endpoint

When you already have your VPN server up and running, you will need to create endpoints for devices you will connect to your VPN.

Dedicated Syntropy Windows and macOS applications are on their way, but we are proposing a universal solution for the time being. This way, you will be able to connect any device capable of configuring a Wireguard connection!

Get your agent token

Navigate to the user section in the upper right of the screen and click on Agent tokens.


Create an Agent token by setting its name and the expiration date. Remember that after the expiration date passes - your token becomes invalid. For anything else than testing - please select an adequate time period in advance.


Make sure you save your agent token as it won't be displayed again!

Find more information about agent tokens here.

Create a Virtual endpoint

You will need to create a Virtual endpoint for every end device you intend to use. You can think of it as a placeholder for a connection.

  • Click on an Add Endpoints button.
  • Select Virtual.
  • Name your endpoint.
  • Insert a valid Agent token. You should have already created one in a previous step. If not - click on a 'Generate Agent token' button to generate it.

You can now find your Virtual endpoint in the Endpoints table. You should set up separate Virtual endpoints for every device you intend to connect to your VPN network.


Step 3 - Connect Virtual Endpoint with VPN Agent

Set up a VPN Connection

The next step is to establish a connection between your Virtual endpoint and the VPN server you've set up by deploying Syntropy Agent in the first step.

Now click on the "Add Endpoints" button and do the following:

  • Add the VPN server endpoint that you have deployed Syntropy Agent on.

  • Add all Virtual endpoints that you have created in the previous step.

Then select your added endpoints and tick any others to which it should be connected.

Finally, establish a connection!



No virtual to virtual endpoint connections!

Due to their simplistic, placeholder-like nature, you cannot establish a connection in-between virtual endpoints. The tickboxes will be disabled.

Step 4 - Set up your Wireguard applications to enable VPN from your device

Get your config

Virtual endpoints that have connections will contain a cog icon. When you click on it, you will find the essential part of every VPN connection here - a connection configuration!


The configuration will be generated for all of the connections, so you will see as many peers in the config file as there are connections.


It's a single-use config!

Configuration is re-generated every time you request it, as we do not hold your keys. Make sure you save the configuration and be aware that the next time you'll generate a new one - the old one will cease to be valid.


Configuration is provided in both the QR code and the file format, so it's easy to set up these connections in mobiles and desktops.

Add the config to your Wireguard application.

We build on Wireguard, the fastest and most modern open-source VPN protocol today. Until dedicated Syntropy applications are released, please use Wireguard applications to connect to your VPN.

We won't cover specific device setup, but it's all really straightforward:

  • Add a config either by scanning a QR code or uploading a configuration file (.conf).
  • Enable the tunnel.

As soon as the tunnel is enabled, the connection is active, and you will see your traffic flowing through the VPN server.

You're all set now!


I have my agent running, and the connection with VPN is established, but the connection status displayed is Offline/Packet loss is 100%.

  • This is most likely caused by firewall setup on your side. This means that VPN cannot directly reach you but can transfer traffic in both directions when contacted by an Agent on your side. Therefore, the connection is working. It does not impact the performance when used from your side, and only the connection status icon is affected. Turning the firewall off on your side or tweaking its settings would fix it.