You don't seem to mention pricing at all beyond the "5 devices and 5Gb/mo free". That would be useful to what I expect your main audience to be (people for whom the other obvious alternative is a cheap VPS and either OpenVPN or more manually setup SSH tunnelling).
Momentum mainly I suspect: it has been around and stable for quite some time so a lot of people have good experience with it so it is their go-to when thinking about VPN options (at least F/OSS ones).
It has also been audited by third parties (example: https://www.theregister.co.uk/2017/05/16/openvpn_security_au...) which is reassuring as it has passed with minor issues which were fixed FDQ. I don't know if that is the case for the other options you've listed.
I set up an OpenVPN server on DigitalOcean from scratch and it wasn't nearly as easy to use as I expected. Connecting from ubuntu meant connections would randomly hang and I'd have to restart the client and iPhone didn't work out without some third party app. Honestly if I weren't in Ukraine I would have given up completely, but paranoia is justified in Kiev.
Use IKEv2 instead -- it's natively supported in iOS/macOS.
I'm using [this](https://github.com/gaomd/docker-ikev2-vpn-server) Docker recipe on the $5 Digital Ocean instance and it works great. Also setup was much easier than OpenVPN.
I have no experience with iDevices, but when I did use OpenVPN on Android I found it to be reliable.
If you find 3rd party apps unrelibale, perhaps you could try setting up a server that uses one of the protocols that are officially supported out-of-the-box (https://support.apple.com/en-us/HT201533) and see if they are less troublesome?
It takes more configuration, and does not seem to have some of the nice properties, like direct connection between two VPN-connected hosts when on the same LAN. It's a killer feature for me, when I can sync a gig or two between my laptop and my home server when at home, without routing them through a box outside the LAN.
> like direct connection between two VPN-connected hosts when on the same LAN
If they are on the same LAN then they should be able to see each other through the local interface.
If connections between them using local addresses are going through the VPN then you have a routing issue - even with the OpenVPN interface set as your default gateway the gateway for the local subnet should still be the local, presumably physical, network interface.
If you are using VPN provided addresses (or public addresses) for the connections then that is the issue. It shouldn't be the VPN's job to say "I think this should be routed locally instead".
If you are using non-local local addresses, i.e. if you have two subnets on your physical network are talking between them, then you need to set the gateways for those subnets appropriately. The VPN will see them as separate networks (they are addressing-wise) and again it is not its job to decide routing apart from for its own virtual network.
I want a private network which has its traffic encrypted while routed over public internet, and just always use the names bound to that private network, not caring about the local physical addresses I receive from a particular point of connection.
I also don't want to pass the traffic over a remote gateway if a local link is available.
I don't know and don/t care if it's a "VPN proper" or something else, as long as it gives me an IP interface with these properties, and is open-source.
ZeroTier provides that. Tinc provides that. OpenVPN provides something more narrow, which I happen to prefer less.
If you use local addresses (or names that map to local addresses) and your data is going over the VPN then you have a routing problem that is not OpenVPN's (or any other VPN's) fault. If you set the VPN as the default gateway it should only end up being the default for non-local addresses.
Either that or the names are not getting mapped to local addresses as you expect, so the second possibility is a name resolution problem. If you have a split-DNS setup this could be because DNS requests are getting sent out through the VPN your the DNS servers are seeing you as external and giving out public addresses instead of local ones.
