Connect with us

Hi, what are you looking for?

Internet

How to make your own self-hosted VPN in less than 30 minutes

How to make your own self-hosted VPN in less than 30 minutes

👨‍💻

VPNs have become a vital measure that helps you stay safe on the Internet. When you’re connected to a VPN, or Virtual Private Network, all traffic to and from your device is routed through an external server, helping you stay incognito. Your ISP can’t know what sites you visit (only that you’re using a VPN) or inject content into web pages. VPNs are also great tools when you want to bypass blocked websites and when you need to stay safe on public Wi-Fi.

Unfortunately, using some VPN service providers can be just as dangerous as going without a VPN in the first place. Many popular providers log users’ contact details, which can then be sold to third parties. Some unsecured services also leak connection information, leaving you as unprotected as if you were without a VPN.

ANDROIDPOLICE TODAY’S VIDEO

Although there are a few excellent VPN options available in the market, hosting your own VPN server is another option. Setup takes a bit of work, and it’s not the best option for everyone, but there are many benefits. For this guide, we are going to setup an OpenVPN server on Linode VPS, which costs $5 per month. While you can certainly host a VPN from a computer at home (even a Raspberry Pi can do the job), you’ll get the highest possible speeds and virtually no downtime from a remotely hosted VPS server. You also won’t have to worry about hardware malfunctions, and you have multiple options for the region.

You might be wondering why there is a post like this on Android Police. The explanation is very simple – our smartphones transmit a huge amount of personal data. While most of that is sent over encrypted channels, such as HTTPS, most phones and tablets still automatically connect to potentially unsecured public Wi-Fi networks. Even if you stick with cellular data, you’re likely still subject to data collection by your carrier.

This guide may seem long, but that’s because we fully explain every possible step, so no one gets lost. You don’t need any previous experience with Linux or server administration for this tutorial.

Should I host my own VPN?

There are advantages and disadvantages to creating your own VPN server. Here are the main points to consider when deciding what to do.

Advantages

  • You are in control of your data.
  • It is usually cheaper or equal to paying for a VPN subscription.
  • You can use a VPN server for other things, such as hosting a website or installing Nextcloud.
  • Websites and services that block VPNs will likely not detect your sites, because they will not be on the IP block list. This does not apply to Android apps, as they can detect when any type of VPN/proxy is being used.

Negatives

  • Anonymity is not possible, because the VPS host will get your name and payment information.
  • Your total bandwidth will be limited. Linode gives you 1TB/month, but you actually get 500GB, because the data has to go from the origin to the VPN and then from the VPN to you.
  • You will not get special features provided by some VPN services, such as malware/tracker blocking, unless you have the technical knowledge to set it up yourself.
  • You cannot easily switch between different countries/locations.

Set up Linode VPS

First we need to create a VPS, which is the Linux virtual machine that our VPN server will run on. over there Many VPS providers are different, but Linode is a good generic option and not too complicated, so this is what we will be using (note: this is not a sponsored/promotional post). DigitalOcean is another popular option.

First, go to the Linode website and create an account, if you don’t already have one. This is our referral link, which will give us a small credit when you join – we host Android Police and APKMirror on Linode. You will need to enter billing information. Once in the dashboard, click the Create button and select Linode, or go directly to this link. This is where you will choose what hardware your server will have, and where it will be hosted.

Photo gallery (1 photos)

In the Distribution box, choose the latest available version of Ubuntu LTS – as of the time of writing, it is 21.04 LTS. Below, choose the region where you want your VPN to be located. It is possible to change the location later, but you will have to contact Linode support. For the plan, select “Nanode 1GB” from the list of shared CPU options. VPNs don’t need a lot of processing power, so this low-spec option will work just fine.

Photo gallery (1 photos)

The last thing to do is to enter a password in the Root Password box. Make sure the password is secure and unique. Then click the Create button and wait for the VPS to finish building and booting. Now you have a new server ready to run a VPN on!

Photo gallery (1 photos)

Log in to VPS

Your server does not have a graphical user interface, like Windows or macOS. It only has a command line, but fear not – all of these steps are easy to follow. If you’ve ever used Terminal on macOS, Linux, or even Android, you’ll feel right at home.

Once your VPS is open, click on the “Launch LISH Console” button in the top-right corner. This will open a web based terminal, as shown in the screenshot below, and you will be asked to sign in. Type “root” (without the quotes), press Enter, then enter the root password (don’t worry, it’s normal that you don’t get any visual feedback at all as you type), and hit Enter again.

Photo gallery (1 photos)

After that, you should be logged in and greeted with a “Welcome to Ubuntu” message. If you’ve never used Terminal on Linux/macOS before, you may find this list of common commands helpful. Now it’s time to set up a VPN service!

Set up a VPN

You might be thinking, “Oh my God, I have to use commands, that would be horrible.” Fortunately, this is actually the easiest step, because we’ll be using the OpenVPN road warrior installer to run everything. Run this command in the console window (this is the letter “O” after VPN, not zero):

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

The script will ask you for your IP address, which protocol to use, and other information. Press Enter when prompted to enter the protocol and DNS server, but when prompted for the port, enter 443. Many networks block the default OpenVPN ports, so changing it to 443 (the port used for HTTPS traffic) can block some types of blocks. Next, enter your name when prompted. The script will then install the required software and setup everything.

Photo gallery (1 photos)

Once the script is finished, it will export the .ovpn file in the /root/ folder. This file contains the connection and login information for your VPN, so we need to remove this file from the server (and not give it to anyone!).

Download login information

The easiest way to transfer an .ovpn file to your device is to temporarily start a web server, so that you can download the file using any web browser. After downloading the file, you can stop the server and store the .ovpn file in a safe place.

To start the web server, run this command:

python3 -m http.server 80

Once the server is up and running, paste your server’s IP address (found on the Linode summary page) into your browser’s address bar. Make sure that the address does not start with “https://”, because the server does not have a security certificate. You should see a simple directory listing with some files. Click on the .ovpn file to download it.

Photo gallery (1 photos)

If you want to set up a VPN on your phone, you can repeat the process on your mobile phone or transfer the .ovpn file from your computer to your phone using your preferred method. We recommend going with the traditional cable-bound method so your file doesn’t leave your local machines, but cloud storage works just as well if you want a more convenient but slightly less secure option.

After downloading the file, you need to shutdown the server, so that no one else can access the data. Press the CTRL and C keys on the keyboard at the same time to exit the server – you will see an “Exit” message. If that doesn’t work, restarting the VPS from the Linode dashboard will also stop the server.

OVPN profile allows anyone to connect to your VPN, So keep it safe! If you think someone is accessing your VPN and they shouldn’t be, run the VPN setup command again to cancel the current file and create a new one.

Connect to a VPN

You’ve set up your VPN and downloaded the connection file, so now you’re ready to try it out. There are OpenVPN clients available for every major operating system. For this guide, we’ll just go through how to connect using an Android device (or Chromebook with Play Store). For Windows/Mac/iOS, VPNGate has an excellent guide here.

There are a few different OpenVPN clients for Android, but my favorite is OpenVPN for Android, because it works well and is completely open source. Once downloaded from the Play Store, click on the import button in the upper-right corner (the box with a down arrow) and select your .ovpn file.

Once you find and click on the .ovpn file, hit the Save to OpenVPN button. A new connection option will be added to the home screen. Once you click on it, you will be connected to your VPN! Chrome OS fully supports Android VPNs, so this app will also work with Chromebooks – you should see a lock icon next to the WiFi indicator.

server lock

Since your VPN is an always-on server that receives and transmits personal data, there are some additional steps you should take to minimize potential server-side security holes.

Enable automatic updates

The first thing you should do is enable automatic package updates. This way, you won’t have to log in every once in a while to make updates, and your server will remain secure on its own. First, run this command to install any updates that are already available:

Convenient Update && Convenient Upgrade – y

Once done, run this command to install the automatic update:

Install apt -y- unattended upgrades

And you’re done! Your server will now check for and install updates automatically, with minimal time (if any) for your VPN to crash. If you get a message saying something like “Unattended upgrades are already the latest version”, they are already installed in the system image provided by Linode.

Turn off SSH access

If you are not using this server for anything else, you should disable remote access via SSH. This will prevent anyone (including you) from logging into the remote server, except from the Linode dashboard console. This will also prevent brute force login attacks on your server.

First, run this command to disable SSH server startup on server startup:

systemctl disable ssh.service

Next, stop the currently running server with this command:

systemctl ssh.service has stopped

Now your server can only be accessed from the Linode console. If you want to undo this later, just run these commands:

systemctl enables the ssh . service

systemctl start ssh.service

Set up two-factor authentication

Finally, you must enable two-factor authentication for your Linode account, so that it is difficult for someone to access your server. With the Linode dashboard open, click on your profile icon in the top right, select “Login and Authentication” and then flip the toggle under “Two-Factor Authentication (TFA)”.

You can then scan the 2FA code using the app of your choice, including Google Authenticator and Authy. It will ask for a code from the app every time you log in to Linode.

Manage your VPN

Congratulations, you now have your own functional VPN server! For the most part, you don’t have to do anything else, except install the OpenVPN client on any other devices you have. Even if your server restarts (when Linode is doing maintenance, for example), the VPN will restart automatically.

However, there are a few things you can do after you’re done, like add/remove profiles and…

[ad_1]
Don’t forget to share this post with friends !

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related

Internet

AnyConnect certificate-based authentication. Cisco community 👨‍💻 The information in this document is based on the following software and hardware versions: ASA 5510 running software...

Internet

AnyConnect: Install a self-signed certificate as a trusted source 👨‍💻 kmgmt-2879-cbs-220-config-security-port objective The goal of this article is to walk you through creating and...

Internet

ITProPortal . Portal 👨‍💻 We live in a dynamic moment in terms of technology. Even criminals are becoming more technically savvy and are using...

Internet

Top 5 Free AV Packages – 👌 Bitdefender Antivirus Free Edition best interface Positives Works on Windows 7 and 8.1 Very easy to use...