Step by step.
Please say goodby to ShadowSock. It seems to be a dead project. Maybe great at its time, bit if noone is maintaining it, it is more a security hole, than a solution.
Maybe there are other solutions, that are in active development and/or maintined. I don’t use/need obfuscation. So I can’t say much about this topic.
You have an own server. Great.
You’d want a VPN. Great.
Google, look out for a suitable solution that is supported by GL.iNet, search for a how to with some grade of explanation, do it.
If anything is different from the manual (I hope a recent one, not from 1998), than ask a specific question here. A lot of people want to help.
I did it myself this way.
For my setup I have chosen Wireguard. Just a little Debian in a Proxmox Container, used a Setup script and it is working. I’ve tried to replace the script with a own way, doesn’t working (because of some Virtualization techniques, I’m not familiar right now).
Now I have 3 GL.iNet devices and 2 Android Phones, that are connecting in my VPN… I am happy.
Because I have some spare time at the moment, I also set up a OpenVPN Container… And deleted it. Don’t like the look and feel. The speed was drastic lower with no security benefits.
Next I’m replacing the login within the VPN with 2FA (Yubikey based)…
Bit even if I’ve not write all this, let’s assume I translate my Wiki article on English, so you can follow my way, it doesn’t need to be yours.
My intention was, to show you there are a lot of possible setups, not ‘one way to success’. It depends on environment, goal, user abilities, support by devices, …
You are asking for the holy grail. I doubt you’ll find it here. If I am front, please show me the direction.