DEV Community

Cover image for VPNs & How to make one?
Pranjal Jain
Pranjal Jain

Posted on • Updated on

VPNs & How to make one?

We have all heard the term VPN in our lives. Especially when we are living in the technology-rich era. But let me tell you how little we are aware of this sector of technology that, In a way, rip our privacy apart.

We all are aware of the big conglomerates create a log of every action we are taking while we surf their platform, And this is a big problem. In the current time, When we hear about privacy being a top priority of a user on the internet, We hear about people/corporations eavesdrop on the digital communication of their users. And to prevent these we switch to multiple solutions like Tor & VPNs.

If we talk about Tor, It is indeed a good solution to the previously discussed problem, Tor is free and open-source, And it is enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network. It does sound like tor can be a reliable solution to our problem. But there is a catch, Tor does provide a good cover on the internet, But the speed we get on Tor is comparatively very low, Hence making it less reliable.

Now, If we talk about VPNs, They are also a good solution to our problem, And they do provide good surfing speed, If we compare it to Tor. But then what is the problem here? So the problem here is Log. Almost all of the VPN services create a log of network traffic for individual, which directly contrasts to privacy. And that's not all, These logs are often shared with the Personalised advertisement providers to strengthen the user profile, And fill them with ads.

According to this article on pcmag

Seven VPN services that claim to never log user traffic have been found doing just that—and they leak that information on the internet, according to security researchers at vpnMentor.

Alt Text

(Credit: vpnMentor)

Each of the affected providers also claims to offer “no-log” VPN services, meaning detailed user traffic is supposedly never recorded. However, the exposed server indicates this was far from the truth. “In some cases, illicit sites were accessed from countries where viewing such content is an illegal and punishable activity,” vpnMentor said.

After all these, One thing is sure that, VPNs for different providers cannot be trusted.

So what do we do now?

Isn't it a great idea to create our own VPN?

won't we need expensive servers at multiple locations?
How about we give it a try and then come to some conclusions...

First step

As always the prerequisite

  • A Laptop
  • An Internet Connection
  • A Linode Account

That is indeed a tiny list.

Head over to Linode

Alt Text

Open the dashboard and click the "Add a Linode" Button to create a server.

While configuring the server
Keep in Mind

  • OS - Ubuntu 20.10
  • Region - Where you want your VPN to be located. I went with Newark, NJ
  • Linode plan - Nanode 1GB
  • Add a label to make it unique Mine was Wolfpack
  • Add a root password
  • Lastly enable the Private IP checkbox

  • And now just click create
    Alt Text

Now if you look at the price, 5$/month not that expensive.

Alt Text
Once your Linode has booted up, Check your configuration

Copy the command to connect to the server
which would be like ssh root@xx.xx.xx.xx
Alt Text

And after copying this paste it to your terminal if you're on macOS or use putty if you're using windows.
Here I am using macOS to demonstrate.
After entering the SSH connect command the terminal would ask

The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:bSw0bqbSw0bqbSw0bqbSw0bqkj4/OZ3OZ3dP+/e2e2M.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Type 'Yes' and press enter/return

And after writing yes you will see root@localhost:~# in the terminal that means you're connected to the server.

Update

The first thing is to update the services and applications on the server. We can do that by using

apt-get update && apt-get upgrade -y
Enter fullscreen mode Exit fullscreen mode

After the OS is updated. We can move to the next step which is setting up a new non-root user so that the server is secured.

We can do that by executing

useradd -G sudo -m wolf -s /bin/bash
Enter fullscreen mode Exit fullscreen mode

And we can set a password using the command

passwd wolf
Enter fullscreen mode Exit fullscreen mode

After typing the password twice, Your new user will be added.
Now open a new terminal to test your new user, Without closing the previous terminal window.
In the new terminal, Type

ssh wolf@xx.xx.xx.xx
Enter fullscreen mode Exit fullscreen mode

Now it will ask for the password so enter the password which was set for the new non-root user(wolf).

And you should be connected to the server with the new user.
Don't yet disconnect the previous terminal window as it is logged in using the root user so if we face any problem we can use the previous terminal window to make changes.

Use your non-root user terminal as a default terminal, for now, keep the root terminal as a backup.

Now we will configure SSH to disable root login

In your terminal type to edit your SSH configuration file

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

In the file look for #Port 22 and change it to Port 69
What this will do is, It will be hidden from the SSH scanners, Although it will enough for security.
Remember to remove the '#'

Now look for PermitRootLogin yes and change it to PermitRootLogin no

Now no one can log in to the server as the Root user, But using sudo Root privileges can be provided.

Installing OpenVPN

If we talk about this step
This could be a very long step
But This script makes the whole step very simple.

GitHub logo Nyr / openvpn-install

OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora

With this command, we download the script

wget https://git.io/vpn -O openvpn-install.sh
Enter fullscreen mode Exit fullscreen mode

And we have the file openvpn-install.sh downloaded
And by running

sudo bash openvpn-install.sh
Enter fullscreen mode Exit fullscreen mode

After running this command you will need to enter your password

And then you need to answer these question

Which IPv4 address should be used?
     1) 50.116.58.32
     2) 192.168.152.198
IPv4 address [1]: 1

Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 1

What port should OpenVPN listen to?
Port [1194]: 

Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 3

Enter a name for the first client:
Name [client]: WolfpackVPN

OpenVPN installation is ready to begin.
Enter fullscreen mode Exit fullscreen mode

And congratulations

The client configuration is available in: /root/WolfpackVPN.ovpn

Just remember to keep the answer choices similar, You can change the Name for the first client. And set the DNS you want.

Now we move the file from the root directory to the main directory with the command.

sudo mv /root/WolfpackVPN.ovpn .
Enter fullscreen mode Exit fullscreen mode

now we need to download the WolfpackVPN.ovpn file to our machine. We can do this by using sftp service.

Open a new terminal and type

sftp wolf@xx.xx.xx.xx
Enter fullscreen mode Exit fullscreen mode

After entering your password you will be connected to the sftp server. Now with this command, you will get the file on your macOS.

get WolfpackVPN.ovpn
Enter fullscreen mode Exit fullscreen mode

Once you've downloaded the file on your macOS. Download Tunnelblick on mac from Tunnelblick
Set it up

You will find the file with the Tunnelblick symbol
TunnelBlick

And on importing it to Tunnelblick and then connecting to it you will see this window.

TunnelBlick connection

Viola! You're connected to your OWN VPN server.

And doing a quick speed test...
Speed Test Result

We can see that we are getting a decent speed of 21 Mbps Download and 24 Mbps Upload & we can see we are connected to Server(s) New York, US | Newark, US
Hence our VPN Works with a good speed that too at 5$.

If you're stuck anywhere do leave a comment.
Happy Hacking!

Top comments (0)