Having a VPN, Virtual Private Network, is essential nowadays for many reasons, such as accessing restricted content by your ISP or government, bypassing geographically restricted content, protecting your privacy, and so on. In an earlier post, I have reviewed the top three VPN providers. If you are looking for a secure and affordable VPN provider, Private Internet Access is an excellent option as they respect your privacy while offering the service for a low price. If privacy is not your primary concern, check out my review of the top 3 VPN providers.
In some cases, governments attempt to block VPNs to make it harder for citizens to access the Internet freely, which is a fundamental human right. You might wonder, how can a government know that I am using a VPN, block it and fine me (in some countries). There are many ways to unleash VPN users. For starters, if you are using a third-party VPN, anyone, including the Big Brother, can use the service, store their IPs, then, block them. Another way to find out is intercepting packets sent from your IP and analysing them. In case you were using the VPN with default ports or weak protocols (e.g. PPTP or L2TP), ISPs and governments can block your connections.
In this post, I teach you how to set up a personal secure VPN server that you only can access. I start by suggesting VPS, Virtual Private Server, providers with cheap packages for hosting the VPN. Then, I take you through the process of configuring a VPN on the server.
Affordable VPS for hosting a personal VPN
I keep the list of VPS providers short and limit it to only very affordable ones. VirMach, RamNode, and Vultr are probably the cheapest providers that have decent servers. Reviewing VPS providers is outside the scope of this post. Choose whichever provider from the list that meets your criteria (e.g. price, location, and policies) and proceed to configure your VPN server.
How to easily configure a personal VPN
To set up your VPN server, use the script by Angristan as it facilitates and speeds up the process a lot. I chose Debian as the distro of the server; however, you can choose whichever distro you like. Once you login to the server, update the packages by running: apt-get update && apt-get upgrade
Then, install OpenSSL and certificates authority packages, if not installed already, by executing:
apt-get install openssl ca-certificates
Now you are ready to set up the VPN server. Execute the below commands to obtain, set the permissions and run the script.
wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh chmod +x openvpn-install.sh ./openvpn-install.sh
If you got a message saying: “TUN is not available”, go to the control panel and enable “TUN/TAP”. Once enabled, the server will restart. After that, you can rerun the script. The script takes you through a wizard for configuring your VPN. Below I explain the parameters that the script prompts you to fill along with suggestions of what they should be for getting higher security.
The first parameter is the IP address of the server. As you are using a VPS, the default value is probably correct.
Which port to use is the second parameter. I recommend using a custom port, something between 1024 and 65535, for UDP connections. For TCP connections, use 443. Nevertheless, the default port is sufficient for most users.
Next, you need to set up the type of protocol (either UDP or TCP). I recommend UDP as it is faster than TCP. However, if you absolutely want to make your connection to the VPN look as if you are browsing a secure website (https), use TCP along with port 443.
The following table shows different settings for configuring a fast, balanced or ultra-secure VPN:
After inputting the desired parameters, the script will take few minutes to configure the server and generate private-public keys and server certificates. The script stores client’s configuration in the home directory of the user (~/myvpn.ovpn or /root/myvpn.ovpn); in either case, the script will state the location at the end.
Boom! That is it! You now have a personal VPN server that you only can access and use! All you have to do now is access it using a VPN client. Copy the configuration from the server to your local machine using your preferred method (e.g. SCP or copy/paste). Now, let’s connect to the server and securely tunnel all your packets through it!
Connect to VPN server from desktop and mobile clients
Connecting to the VPN server is all that is remaining. To do so, follow these simple steps. If you are using Linux as your local desktop, install OpenVPN and run the configuration by firing:
apt-get install openvpn openvpn --config myvpn.ovpn
In case you are a Mac user, I suggest using TunnelBlick as it is free and works. Download it, import the configuration to it and connect, voilà!
On Windows, use OpenVPN‘s client. Once you have downloaded and installed it, copy the configuration file to C:\Program Files\OpenVPN\config\. After that, run OpenVPN, and you should see the configuration in the menu.
You can connect to your VPN server from your mobile as well, on Android and iPhone. Configuring them should be reasonably straightforward and similar to others (i.e. open the configuration file and connect).
In conclusion, this article demonstrated how to own and set up a personal VPN server while spending very little (~ 1-3 USD/month). If you find this post helpful, share it to spread the knowledge! Do not forget to exchange your thoughts, questions or suggestions in the comments section below. Vive l’internet gratuit!