GlassBox VPN is a private VPN service originally built for customers running OSS SecureNet. One year running. Zero unplanned downtime. Zero security events. Now available as a standalone subscription.
Most VPN companies tell you they're fast. We test ours against the competition every twenty minutes, twenty-four hours a day, against ten real websites people actually use, and we publish every result. Live. The same live data that runs our office runs on this website.
From day one, the goal was to build a VPN you could leave on all the time. Not a tool you constantly fiddle with, not a speed bump you work around, and not another app shouting for attention. GlassBox is meant to feel like your normal connection, backed by infrastructure we run and verify in public. We've been running it that way for over a year.
GlassBox VPN has been running for OSS SecureNet customers for about a year.
Four US locations: Chicago, LA, Dallas, and Ashburn.
WireGuard tunnels, ~2M domains blocked at DNS, ~50K IPs filtered at the firewall.
OSS customers started asking if their phones could use it. If their college kids could get on. If they could run their tunnels without the full SecureNet buildout. So we opened it up. New servers, same rigor. Same receipts published, every week and every day:
The reason VPN experiences get worse over time isn't bad luck. It's the business model. Anyone with a credit card gets an IP. Abusers, scrapers, spammers, pirates, bots. You share that IP with all of them.
Spamhaus, Cloudflare, StopForumSpam. Your VPN's IPs show up on abuse lists because someone else on your IP broke the rules. You pay the price.
Unlimited signups means unlimited users on every IP. When one of them runs a scraper or hammers a login endpoint, every site you visit next starts asking you to prove you're human.
Your connection randomly slows. Sites stop loading. Support blames "network conditions." The actual reason (server overload, IP reputation, shaping) is a black box you're not allowed to look into.
You are one peer. We cap each server at 300 peers and spin up a new one before the existing one gets crowded. We block the traffic that gets VPN IPs blacklisted (torrents, Usenet, bulk download hosts) at DNS and firewall. We publish the blocklist, the server configs, and the weekly security audits for anyone to audit.
The result: your IP behaves like a normal home IP. Fewer CAPTCHAs. Fewer blocklists. Honest speed at honest load.
Most VPNs claim ad blocking. We publish the file.
Every GlassBox VPN server filters DNS lookups against a combined blocklist of ~2M domains and a firewall list of ~50K IPs. Ads, trackers, malware, phishing, known-bad infrastructure, and streaming services. Filtered at the network level, every device tunneled through GlassBox VPN gets the same protection without browser extensions, custom apps, or per-device setup.
The lists are built on Hagezi Pro++ and OISD Big, two of the most respected community blocklists in the privacy world. We add custom entries for streaming services and abuse infrastructure.
And they are not behind a login. Anyone can pull the raw file: oss-blocklist.net/dns-combined.txt. Diff it against the repo. Audit what we block. Other VPNs claim ad blocking. We ship the file.
We're honest about this up front so you can decide before you pay, not after you're frustrated.
Streaming services actively fight VPNs anyway. We'd rather tell you streaming won't work than watch your Netflix die at random and blame the internet.
Because every GlassBox VPN server runs on a 10 Gbps unmetered fiber connection, and that's the bottleneck we care about. The CPU, RAM, and storage on a GlassBox VPN server could comfortably handle ten times the peers we put on it. The cap is set by the bandwidth, not the box.
Throughput is what makes the tunnel feel invisible. A server with plenty of CPU but a saturated network pipe is a slow server. Most VPNs hide this by averaging metrics across customers and hoping nobody notices. We cap on throughput, hard, because that's the metric you actually feel.
And we don't ask you to take our word for it. Every GlassBox VPN subscriber can see the live server metrics through their tunnel. CPU, RAM, peer count, throughput. If we ever over-provisioned a server, every customer on it would see the saturation in real time. That's what accountability looks like.
GlassBox VPN isn't trying to be Mullvad or Proton. They're good at what they do. We're good at what we do. The full transparency comparison, with every row sourced and dated, lives on the How It Works page.
Every server runs a battery of security scans every week and publishes the raw output.
No editing. No cherry-picking. No marketing.
You don't need an account. You don't need to email anyone. You can curl every one of these from your terminal right now.
Annual billing only. US residents, 21 and up. That's the whole pitch.
Cards, Apple Pay, Google Pay, Cash App Pay, Amazon Pay via Stripe. US residents only. 21+ affirmation at checkout.
5% of every subscription goes to the WireGuard project.
Because abuse is contained by design, not by promise. One peer, one IP, one human means an IP problem maps to a single subscription, not a shared pool. That's what keeps the IPs clean.
If you need whole-home coverage for every device in your house, that's what OSS SecureNet is for. A professionally configured firewall with GlassBox VPN built in, so every device on your network is tunneled without installing anything on any of them.
You won't get a wall of canned suggestions before reaching a human. Your first reply is from an engineer.
No script-reading gatekeepers. No escalation queues. One ticket, one engineer, start to finish.
Deep knowledge of every package, protocol, and config we run. They know the answer because they ran the deploy.
Support staffed by people in the United States. Your tickets don't get routed offshore to overnight call centers.
Because datacenter VPN IPs get flagged by streaming services whether we like it or not. Netflix, Hulu, Disney+, and the rest actively fight VPN traffic. Your Netflix will break at random and nobody will tell you why.
We block streaming at DNS up front so you know before you pay. If streaming is what you need a VPN for, buy a different VPN.
Depends on how far you are from the nearest location. We have four: Chicago, LA, Dallas, and Ashburn. That covers the Midwest and Great Lakes, West Coast, South Central, and East Coast. For most users in US population centers, you'll see a few milliseconds to a few tens of milliseconds added on top of your normal internet connection.
Don't take our word for it. The live VPN test publishes our real numbers against Proton and Mullvad every twenty minutes, twenty-four hours a day.
Starlink, rural cellular, and satellite connections add their own latency regardless of VPN. If your starting point is 200ms, GlassBox VPN isn't going to magically make it 40ms.
We watch latency server-side and add capacity per location as demand grows. International expansion isn't on the roadmap. This is a US service.
GlassBox VPN is intentionally narrow. We operate US-only infrastructure, sell to US residents, and design the service for adults using it for everyday private browsing. That focus keeps the network small, accountable, and easier to protect.
GlassBox VPN sells to US residents only. A 21+ affirmation is tied to the Terms of Service. The affirmation is a representation you make to us at signup.
Annual billing filters for customers who take the service seriously. It also makes chargeback fraud harder, which keeps abuse off the network and the IPs clean.
$60 a year is $5 a month.
Probably not. Your subscription includes one WireGuard config that you can install on as many devices as you want - phone, laptop, tablet. The catch is only one device can be tunneled at a time. If you're on your laptop, switch the tunnel off there before turning it on on your phone.
If you need both devices tunneled at the same time (say, your phone stays connected while you work on your laptop), that's two subscriptions.
If you want every device in your house tunneled without managing this per device, that's what OSS SecureNet is for. A professionally configured firewall with GlassBox VPN built in covers every device on your network.
We cap each server at 300 peers. When a server approaches capacity, we spin up another in the same data center. Scaling means adding hardware, not raising the cap or overselling existing servers.
No oversell. No quiet throttling. If you're already a customer on a server, your performance is protected because the cap exists.
GlassBox VPN is operated by Open Source Security, Inc., a Delaware S-Corp. We build professionally configured OPNsense firewall systems (OSS SecureNet). GlassBox VPN is the standalone public version of the VPN that ships with every SecureNet system.
Same infrastructure, same philosophy, now available without buying hardware.
Install the official WireGuard app on the device you want to use. It's free, made by the WireGuard project, and on every app store. The app generates a unique key pair for you - one piece stays on your device forever, the other piece you'll share with us.
Visit members.glassboxvpn.com/apply, paste in the shareable piece, pick which US city you want your server in, and give us an email address for service messages. (Use one you actually check. For maximum privacy we recommend Apple Hide My Email or Proton hide-my-email aliases.)
Every application is reviewed by hand, usually within one business day. If approved, you'll get a Stripe payment link by email. After payment, we send your connection details. Paste those into your WireGuard app, flip the switch on, and you're tunneled.
One thing to know: the piece that stays on your device is the only copy. We don't have it, can't recover it, and would refuse to handle it even if we could. If you lose the device, you'll start over with a new application. Most people back it up in a password manager like Bitwarden or Proton Pass.
No account to create. No password to remember. No login.
No. GlassBox VPN does not accept crypto. We sell to US residents only and route payments through Stripe. Accepted methods: cards, Apple Pay, Google Pay, Cash App Pay, and Amazon Pay.
Yes. Annual subscriptions renew automatically on the same date next year unless you cancel through the Stripe Customer Portal. If a renewal charge fails (expired card, insufficient funds), Stripe will email you with a chance to update payment before the subscription lapses.
Your card statement will show OPENSOURCESECURITY.NET as the merchant, the parent company that operates GlassBox VPN.
Visit the Stripe Customer Portal and enter the email alias you used at signup. Stripe will email you a magic link to manage or cancel.
Cancellation takes effect at the end of your current billing period. You keep GlassBox VPN access through the year you already paid for, then your peer auto-deactivates.
If you no longer have access to the email alias you used at signup, email support@opensourcesecurity.net with your tunnel IP or WireGuard public key and we will cancel manually.
If the email you entered is associated with an existing Stripe Link account (their cross-merchant saved-info system), Stripe may prompt you to verify with a code. You can dismiss this popup with the X button and enter card info directly.
Using a fresh email alias avoids this entirely.
Stripe collects the card information required by card networks: cardholder name, billing ZIP code, and the card number itself. GlassBox VPN sees only the email alias you provide at checkout, your tunnel IP and public key (you enter these as custom fields), and the cardholder name and ZIP that AVS surfaces in the transaction record.
We have disabled Stripe Link account-wide so saved-profile data from past Stripe purchases at other merchants will not leak into our records. Klarna and Affirm are also disabled.
The full breakdown is on the privacy page: what we always see, what we see only with card payments, what we never see regardless of payment method.
Cash App Pay transmits your $cashtag instead of a legal name and skips the AVS fields. Amazon Pay transmits whatever name you've set on your Amazon account. Both are friendlier than a card.
For maximum privacy, some customers use prepaid Visa cards purchased with cash. Stripe accepts them. Whatever registration details you put on the card are what reaches the transaction record, nothing more.
This is legal under US law. We mention it because most VPN providers won't.
Yes. Stripe emails the receipt directly to the alias you provide at checkout. We see that a payment occurred and which alias received the receipt. We do not see the receipt contents.
If you want zero email correspondence, use a throwaway alias and discard it after payment. We will not email you again unless you contact us first.
On the GlassBox VPN side: your WireGuard public key, your assigned tunnel IP, your server location, the email alias you provided, and your 21+ / US affirmation. No real name, no home address, no phone number, no DNS query logs, no browsing history.
On the Stripe side, when you pay with a card: the cardholder name, billing ZIP, and card number. AVS fraud checks require this and there is no way for any merchant to opt out. We see the name and ZIP in the transaction record. The full card number stays at Stripe.
Cash App Pay and prepaid gift cards reduce what reaches us. The privacy page documents this in detail.
$60 per year. One peer. One honest IP. No account. No upsell. No bullshit.
GlassBox VPN tunnels one device at a time by design. If you want every device in your house tunneled simultaneously, without managing subscriptions per device, that's what OSS SecureNet is built for. Professionally configured OPNsense firewall, GlassBox VPN included, you own everything.
Visit opensourcesecurity.net →