DEV Community

Cover image for How I created my personal VPN with static IP
Adrien Laugueux
Adrien Laugueux

Posted on • Updated on

How I created my personal VPN with static IP

This article targets developers who'd need their VPN:

  • For confidentiality (especially when working with public wifi)
  • If company resources are restricted to IP whitelists
  • For any other reason

Have a good reading =)

Why using a VPS to create a VPN

I identified 3 main ways to get a vpn with a static IP:

  • πŸ’°πŸ’° Subscribe a VPN with static IP option. This option can be great if beyond the fixed IP and confidentiality aspects, you want to be able to be behind an IP of the country of your choice. It's the easiest and most powerful way, but... also the most expensive. Note that static IPs are only available in paying VPN (at least today, in March 2023), so normally they don't make money with your personal data, like some free VPN.
  • πŸ§” Install your own personal VPN server at home, like on your favorite Raspberry pie zero. Given the consumption of such a device, it's very probably the least expensive way. But you are limited to your up bandwidth, so if you're not fibered, you'll feel it.
  • ❀️ What I chose and what I'll present here is installing OpenVPN on a VPS (Virtual Private Server). It's a bit more technical, but very fast if you have the right guidelines. I prefer this solution to the 2 other ones, because small VPS are enough and clearly less expensive than VPN, because I'm not fibered and because it's more reliable.

Prerequisites

  • A device with a terminal and ssh and scp installed
  • An OpenVPN client installed on the machine you want to use a vpn.

First step: subscribing a VPS plan

There are many VPS providers. I personally chose the german Netcup for its competitive prices, and for the absence of commitment (I can stop when I want).

Here is the subscription page: https://www.netcup.eu/vserver/vps.php

Image description

VPS 200 G10s is clearly enough to make our VPN. It has:

  • Processor: 2 vCore
  • Main memory: 2 GB
  • Hard disk: 40 GB SSD (RAID10)
  • Unthrottled traffic: 80 TB / month (80 000 GB per month!)

Second step: admin access

Once the order is maid (yes, there is no payment step), a confirmation email will be sent, followed by a few more a few minutes later.

The most important mail will contain your customer number and password, to access the administration part:

we are pleased to welcome you as a customer at netcup. Enclosed you will find your access data to the netcup CCP (customer control panel).
There you have the possibility to maintain your data and products, as well as to view past invoices.
Your access data to the CCP are as follows:
Customer number: 123456
Password: blablabla

So don't forget to note:

Third step: root password configuration

First, for security reason, the root password must be changed via the admin interface. Access it via: https://www.customercontrolpanel.de/rechnungen.php

We can see our VPS listed, in the Products section:

Image description

Then by clicking on the πŸ”Ž, the URL to admin panel is displayed:

Image description

It's always https://www.servercontrolpanel.de/SCP/Home but just in case you lose it, this way you know where you can find it.

Once there, we can start the configuration of the server (it's very fast):

  • General > give a nickname to your server (optional but i recommend it) Image description
  • Control > click on Shutdown (ACPI). required to set a new root password
  • Access > change the root password and NOTE IT
  • Control > restart the server

⚠️ Do not even try to use the terminal available on the General tab, you'll probably never be able to simply enter your password, because of the poor keymap support. To access it we'll open a real SSH terminal.

Fourth step: ssh access

Open your favorite terminal with ssh installed and run this command (of course adapt it to your server).

ssh root@YOUR_IP
# To the question "Are you sure you want to continue connecting (yes/no/[fingerprint])?", press enter
Then enter the root password you created in the "Third step"
Enter fullscreen mode Exit fullscreen mode

Here we are.

Fifth step: user creation

For security reasons (if you are interested you can check here), it is recommended to run your programs as non-root user.

Here is how to create a user named "admin" (feel free to set the name of your choice of course):

# user creation
useradd admin

# password creation
passwd admin
# here create a password for admin

# set user as sudoer
usermod -aG sudo admin

# Create his home directory
mkhomedir_helper admin
Enter fullscreen mode Exit fullscreen mode

Sixth step: OpenVPN installation

For security reasons (if you are interested you can check here), it is recommended to run your programs as non-root user.

Here is how to create a user named "admin" (feel free to set the name of your choice of course):

# use your non-root user
su - admin

# download OpenVPN installer
wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O debian-11-vpn-server.sh

# make it executable
chmod -v +x debian-11-vpn-server.sh

# execute it
sudo ./debian-11-vpn-server.sh

# Then simply press enter multiple times until you get this message: 
# "The configuration file has been written to /root/mydesktopclient.ovpn.
# Download the .ovpn file and import it in your OpenVPN client."
Enter fullscreen mode Exit fullscreen mode

Seventh and ultimate step: Connection of OpenVPN client

Exit the server (exit command multiple times), then let's use scp command to retrieve mydesktopclient.ovpn file on your PC/mac/whatever:

scp admin@YOUR_IP:/home/admin/mydesktopclient.ovpn .
# enter here the password you created for admin (not root, just in case)
Enter fullscreen mode Exit fullscreen mode

Open your OpenVPN client (install it if you don't have it yet), select the File tab > Browse > select your mydesktopclient.ovpn file.

Image description

Confirm by clicking on Connect, and πŸŽ‰ we are done!! πŸŽ‰

To create a new client .ovpn file

If you want to share your vpn with someone, instead of sharing your .ovpn file you can create a new one easily:

Connect to the server with ssh:

ssh admin@YOUR_IP
# admin password
Enter fullscreen mode Exit fullscreen mode

And run the installer:

sudo ./debian-11-vpn-server.sh
# admin password

# What do you want to do?
1

# Tell me a name for the client.
# => enter here a name matching this new client

# Do you want to protect the configuration file with a password?
1
Enter fullscreen mode Exit fullscreen mode

Then proceed like in the "Seventh step" to retrieve the file, and share it.

πŸ‘‹ Thanks for reading

Top comments (0)