Disclosure: This post contains affiliate links for ExpressVPN and Vultr.
Hosting your own VPN has never been easier. There are now multiple Github projects that will reduce the pain on setting up your own VPN server.
Before we start installing the VPN, lets talk about what VPN is and how it can help us.
What is a VPN?
A VPN or Virtual Private Network is a network between the VPN client(s) and the VPN server. The advantage of this network is, that it is fully encrypted and the whole network traffic of the VPN client will go through the encrypted tunnel.
The VPN client never access other (web)servers directly, everything will be requested from the VPN server and the VPN server will forward the request.
Why do I want to host my own VPN server?
Having your own VPN means that you have fully control over it and only YOU are able to read the logs of the server.
Here are some use cases, where a VPN can be helpful:
- Hiding your real IP address
- Secure surfing in public Wi-Fis
- Accessing services inside the VPN servers network
Why should I not host my own VPN server?
If you want to have access to multiple server in different locations, you should probably buy a VPN from a known provider such as ExpressVPN or NordVPN. These providers have lots of VPN servers in different countries.
Hosting your VPN server
I am using a Ubuntu 18.04.3 LTS server hosted on Vultr
This Tutorial should also work on Debian, Ubuntu and CentOS
To install our VPN server in seconds, we are using a shell script created by Nyr named openvpn-install.
OpenVPN installation
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
The script will ask a few questions on how you want to setup your VPN server. Press Enter to use the default (and most of the time recommended) option.
I only changed the default DNS to use 1.1.1.1
Welcome to this OpenVPN road warrior installer!
I need to ask you a few questions before starting setup.
You can use the default options and just press enter if you are ok with them.
Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port do you want OpenVPN listening to?
Port [1194]:
Which DNS do you want to use with the VPN?
1) Current system resolvers
2) 1.1.1.1
3) Google
4) OpenDNS
5) Verisign
DNS [1]: 2
Finally, tell me a name for the client certificate.
Client name [client]:
Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...
The script will now install OpenVPN on your server.
Adding a new user
After the Installation has finished, you need the make the openvpn-install.sh exectuable.
chmod +x openvpn-install.sh
To add a new user just run the script again and select 1 and type in a name for which device you will be using this client certificate. In my case I created a user for my iPhone.
./openvpn-install.sh
Looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option: 1
Tell me a name for the client certificate.
Client name: iphone
Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140236248433088:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd
Generating a RSA private key
................................+++++
.................+++++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/private/iphone.key.BnNBhJXQKm'
-----
Using configuration from ./safessl-easyrsa.cnf
Can't load /etc/openvpn/server/easy-rsa/pki/.rnd into RNG
140374526300608:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/etc/openvpn/server/easy-rsa/pki/.rnd
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'iphone'
Certificate is to be certified until Jan 19 18:31:07 2030 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Client iphone added, configuration is available at: /root/iphone.ovpn
Retrieving the .ovpn file from the server
On macOS and Linux you can copy the file from the server to your machine using scp. On Windows it is best if you download Filezilla orWinSCP and logging into the server using SFTP.
To copy the file with scp run the following command:
scp <USERNAME>@<SERVER_IP>:/root/<CLIENT>.ovpn .
an example could look like this:
scp root@123.45.67.89:/root/iphone.ovpn .
If the certificate is for a smartphone, it is important that you copy it using a secure medium. With a Mac and a iPhone it is recommended that you copy the .ovpn file using AirDrop.
If you have to use Email, please zip the .ovpn file and give the zip file a strong password before you send it.
Using the .ovpn file
On macOS you can use the app Tunnelblick, on Windows there is an official programm from OpenVPN and on iOS and Android there are offical OpenVPN Connect apps on the App Store and Google Play.
Usually the process is the same for every client. You have to import the .ovpn file into the client and connect to the server. If the connection was successful you can type into google "what is my ip address" and Google should show you your current IP address.
If the IP address is the same as the server, you can congratulate yourself! You just set up your (first) self hosted VPN server 🎉
Top comments (15)
I used OpenVPN, but I've switched to WireGuard. Simpler to use, built in linux kernel (so I guess it's faster than OpenVPN in most cases). If you don't need any specific stuff from OpenVPN and just want a personal VPN, consider trying it. I've been using it for a year or two.
Hey Sergey, I never heard of WireGuard before, but looks very interesting. Thanks for sharing!
Have you tried Trojan GFW - trojan-gfw.github.io/trojan/ It's a modern undetectable proxy server and the speed with any server is mind-blowing. I am using it for last few months, I don't even feel like using a VPN anymore.
spinupvpn.com uses a modified version of NYR's script to fire up VPN servers on demand without having to deal with the maintenance/update of yet another server or even logging into the server at all. Most folks in this group might not need something like it since most members of the group is comfortable working at the command line. Just pointing it out as something to maybe go kick the tires on...
you also try mysteryium vpn
mysterium.network/
Do you mean this site. The concept looks quite interesting and its decentralised.
yes just added link
CyberGhost VPN does a very good job!
Yes I have used CyberGhost before. I think I got it once through one of those macOS apps bundles.
Hey all! I if someone need it, I find compare of vpns: bestadvisor.com/vpn-services
Both advantages and disadvantages are given there. I hope someone comes in handy)
hey thanks for sharing.. have you seen v2ray by any chance ?
There’s a safer, much more up-to-date version of Nyr’s script forked here. I would definitely take a look at it 😉
Thanks for "the help"
Some comments may only be visible to logged-in visitors. Sign in to view all comments.