Multihop: server chains
How to build a multihop inbound in CreateYourVPN: traffic enters on one server and exits from another. Why you'd want it, how to create one, and what the user sees.
A regular inbound is simple: the user connects to a server and exits to the internet from that same server. Multihop breaks that link: traffic enters on one server, travels through a chain, and exits to the internet from a completely different one.
Why multihop
- Fast, reliable entry. The user connects to an "entry" server nearby — say, one with a fast, cheap link to their country — and exits to the internet from the location you need. Such a route is often more stable than a direct one.
- Privacy. Websites see the exit server's IP, while the user's ISP sees only the entry server. Neither side sees the whole picture, and traffic between the servers themselves stays encrypted.
- Flexible geography. Enter in the country where your VPN works most reliably, exit wherever the content is.
The scheme looks like this:
User → [Entry: 🇷🇺 Moscow] → [Hop: 🇹🇷 Istanbul] → [Exit: 🇩🇪 Frankfurt] → InternetThere can be one hop or several; the internet always "sees" the last server in the chain.
Creating a multihop inbound
Multihop isn't a separate entity — it's a regular inbound with hops added. You build it in the same "New inbound" dialog:
Create the inbound as usual: pick a server (this will be the entry of the chain), a name, and a masquerade site. You give the whole chain a single name — that's what the user will see.
In the "Hops" section, click "add hop". For the hop, choose a server and a masquerade site — following the same rules as for the entry: a major site that works flawlessly in that server's country.
Need a longer chain — add more hops. The order of the cards is the order of the chain: entry → hop 1 → hop 2 → … The last hop is the exit, where traffic leaves for the internet.
Attach the inbound to a route and click "Create". The system will bring up the service entry points on the chain's servers and wire them together on its own.
All servers in the chain must be connected nodes of the same cluster — you can't hand traffic off to another cluster. Planning multihop across countries? Keep those servers in one cluster.
Once a chain is created, its composition cannot be changed: you can still edit the name and the entry's masquerade site, but not the list of hops. Need a different chain — create a new multihop inbound and delete the old one.
What it looks like in the panel and for the user
- In the inbound list, the chain is marked with a MULTIHOP badge.
- The inbound inspector shows the full traffic path: entry → hop → exit.
- The service hop inbounds are hidden from the lists — you manage the chain as a single unit. Split tunneling rules and torrent blocking are configured on the entry inbound.
- The user sees a single line — the name of the entry inbound. To them, multihop is indistinguishable from a regular server: connect and go.
If you delete a server that someone's chains run through, the panel will warn you which multihops will break.
What it costs you
Every hop is an extra leg of the journey: latency grows a little, and the chain's throughput is capped by its slowest server. That's why multihop is a tool for a specific job (circumvention, privacy, geography) — not a "default for everything" setting.
Key takeaways
- Multihop = inbound + hops: enter in one location, exit in another; the internet sees only the exit.
- Built in the inbound creation dialog, "Hops" section; all servers must belong to one cluster.
- A chain can't be edited after creation — only recreated.
- The user sees one "server" and configures nothing.