Security

Your own VPN. How to set it up properly

Your own VPN. How to set it up properly Online privacy and anonymity are very important for many people of different occupations. The lack of data privacy and security can lead to the heightened potential of data breaches and various threats. If you want to start a journey to your online protection, a VPN is the starting point. It is beneficial to use a VPN along with a hosting solution that provides an increased level of anonymity. HostZealot has a list of the best anonymous hosting providers that you can use to find the best fit for you. But without further ado, let’s dive into how to properly set up your own VPN. What VPN does do and how does it work? Virtual Private Network (VPN) creates an encrypted connection between a browser and a device you access the Internet from. When you access the web, and browse a specific page, your browser goes to the DNS system to get its domain and IP address with it, and only then does it connect with the web server that the page is hosted on. This pathway is also encrypted, but the SSL or TLS certificates, become frequent subjects to cybersecurity threats. Once you add VPN protection to the mentioned sequence, you get an additional layer of encryption put on the data transferred between your browser and a web server. VPN assigns a different (though public) IP address to the browsing session, which makes it much harder for cyber attackers to track you down and penetrate the protection layer set on your connection. Relying on a browser to encrypt your connection might bring about real security threats and expose vulnerabilities. Why use a VPN? VPN increases your privacy by masking your online activity and not letting it be processed by your ISP through encryption. VPN can help hide your location, your IP address and location, and your browsing history. The specific benefits of using a VPN: Your personal information remains hidden. A VPN doesn’t let other sources access your connection, since it hides your online activity and personal information. The speed of the online connection may improve. Since you can visit and be present on multiple resources simultaneously, they all can affect your internet connectivity by consuming the data that’s coming from you. Thus, by using a VPN and thereby limiting access to data related to your online activity, you can speed up your internet connection significantly. You may get access to geographically restricted products or services. Because VPN changes your IP address, you are likely to receive access to some of the geographically restricted web content. You can safely use the public Wi-Fi. Public Wi-Fi is surely convenient, but that convenience might come at a price. Using a public network is multiplying the chances of someone accessing your private information. If you use a VPN, your data gets encrypted, thus it is not easily accessible to other users on public Wi-Fi. Stopping an ISP from tracking your online activity. Usually, when you use a browser to connect to the internet, information about what you do or did online gets to your Internet Service Provider (ISP) servers. When you use a VPN, your online traffic goes through VPN provider servers and gets there already encrypted. Purchasing a subscription from a VPN provider is quite convenient and straightforward, and has many advantages. However, if you want to have control over VPN services, you can very well build your own. And since it’s not that hard to do, why not set up one? How to set up your own VPN You can buy a VPN plan if you want to, but you don’t need to. You set up your own VPN following these steps. Step 1: Have your server ready If you currently don’t use a server, know that it’s necessary for the VPN setup. For example, you can use a free tier offered by AWS for setting up your VPN. For convenience, use a server with Linux OS. When you’ve got your server ready, run the following command: ssh (username you used to log into your server)@(the IP address of your server) Step 2: Install and configure OpenVPN To install OpenVPN, run the following command: sudo apt update sudo apt install openvpn Next, we need to configure the OpenVPN. Configuration involves generating keys and certificates for your server. To start the process, run the following command: cd /usr/share/easy-rsa sudo ./easyrsa init-PKI sudo ./easyrsa build-ca sudo ./easyrsa gen-req server nopass sudo ./easyrsa sign-req server server Next, generate the Diffie-Hellman key exchange: sudo openssl dhparam -out /etc/openvpn/dh.pem 2048 (Optional) You can also generate an HMAC signature to enhance security, by running this command: sudo openvpn --genkey secret /etc/openvpn/ta.key Step 3: Configure the server First, you need to create a server configuration file (/etc/openvpn/server.conf) and insert the following there: port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/server.crt key /etc/openvpn/easy-rsa/pki/private/server.key dh /etc/openvpn/dh.pem tls-auth /etc/openvpn/ta.key 0 server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /etc/openvpn/ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log verb 3 After that, save the file. Step 4: Turn on IP forwarding To do this, you need to uncomment the line in the config file (from the Step 3): net . ipv4 . ip_forward=1 Then save the changes: sudo sysctl -p Step 5: Configure the firewall You need to properly configure the firewall so that it allows VPN traffic to come through: sudo ufw allow 1194/udp sudo ufw allow OpenSSH sudo ufw enable Step 6: Configure the client First, you need to generate the client keys: cd /usr/share/easy-rsa sudo ./easyrsa gen-req client nopass sudo ./easyrsa sign-req client client Create the configuration file - client.ovpn - in /etc/openvpn/ and insert: client dev tun proto udp remote your_server_ip 1194 resolv-retry infinite nobind persist-key persist-tun key-direction 1 remote-cert-tls server tls-auth ta.key 1 data-ciphers AES-256-GCM:AES-128-GCM verb 3 Step 7: Switch on the VPN Now you can connect to your own VPN server, using: openvpn --config client.ovpn

Online privacy and anonymity are very important for many people of different occupations. The lack of data privacy and security can lead to the heightened potential of data breaches and various threats.

If you want to start a journey to your online protection, a VPN is the starting point. It is beneficial to use a VPN along with a hosting solution that provides an increased level of anonymity. HostZealot has a list of the best anonymous hosting providers that you can use to find the best fit for you.

But without further ado, let’s dive into how to properly set up your own VPN.

What VPN does do and how does it work?

Virtual Private Network (VPN) creates an encrypted connection between a browser and a device you access the Internet from.

When you access the web, and browse a specific page, your browser goes to the DNS system to get its domain and IP address with it, and only then does it connect with the web server that the page is hosted on. This pathway is also encrypted, but the SSL or TLS certificates, become frequent subjects to cybersecurity threats. Once you add VPN protection to the mentioned sequence, you get an additional layer of encryption put on the data transferred between your browser and a web server.

VPN assigns a different (though public) IP address to the browsing session, which makes it much harder for cyber attackers to track you down and penetrate the protection layer set on your connection.

Relying on a browser to encrypt your connection might bring about real security threats and expose vulnerabilities.

Why use a VPN?

VPN increases your privacy by masking your online activity and not letting it be processed by your ISP through encryption. VPN can help hide your location, your IP address and location, and your browsing history.

The specific benefits of using a VPN:

  • Your personal information remains hidden. A VPN doesn’t let other sources access your connection, since it hides your online activity and personal information.
  • The speed of the online connection may improve. Since you can visit and be present on multiple resources simultaneously, they all can affect your internet connectivity by consuming the data that’s coming from you. Thus, by using a VPN and thereby limiting access to data related to your online activity, you can speed up your internet connection significantly.
  • You may get access to geographically restricted products or services. Because VPN changes your IP address, you are likely to receive access to some of the geographically restricted web content.
  • You can safely use the public Wi-Fi. Public Wi-Fi is surely convenient, but that convenience might come at a price. Using a public network is multiplying the chances of someone accessing your private information. If you use a VPN, your data gets encrypted, thus it is not easily accessible to other users on public Wi-Fi.
  • Stopping an ISP from tracking your online activity. Usually, when you use a browser to connect to the internet, information about what you do or did online gets to your Internet Service Provider (ISP) servers. When you use a VPN, your online traffic goes through VPN provider servers and gets there already encrypted.

Purchasing a subscription from a VPN provider is quite convenient and straightforward, and has many advantages.

However, if you want to have control over VPN services, you can very well build your own. And since it’s not that hard to do, why not set up one?

How to set up your own VPN

You can buy a VPN plan if you want to, but you don’t need to. You set up your own VPN following these steps.

Step 1: Have your server ready

If you currently don’t use a server, know that it’s necessary for the VPN setup. For example, you can use a free tier offered by AWS for setting up your VPN. For convenience, use a server with Linux OS.

When you’ve got your server ready, run the following command:

ssh (username you used to log into your server)@(the IP address of your server)

Step 2: Install and configure OpenVPN

To install OpenVPN, run the following command:

sudo apt update sudo apt install openvpn

Next, we need to configure the OpenVPN. Configuration involves generating keys and certificates for your server. To start the process, run the following command:

cd /usr/share/easy-rsa

sudo ./easyrsa init-PKI

sudo ./easyrsa build-ca

sudo ./easyrsa gen-req server nopass

sudo ./easyrsa sign-req server server

Next, generate the Diffie-Hellman key exchange:

sudo openssl dhparam -out /etc/openvpn/dh.pem 2048

(Optional) You can also generate an HMAC signature to enhance security, by running this command:

sudo openvpn –genkey secret /etc/openvpn/ta.key

Step 3: Configure the server

First, you need to create a server configuration file (/etc/openvpn/server.conf) and insert the following there:

port 1194 

proto udp 

dev tun 

ca /etc/openvpn/easy-rsa/pki/ca.crt 

cert /etc/openvpn/easy-rsa/pki/issued/server.crt 

key /etc/openvpn/easy-rsa/pki/private/server.key 

dh /etc/openvpn/dh.pem 

tls-auth /etc/openvpn/ta.key 0 

server 10.8.0.0 255.255.255.0 

ifconfig-pool-persist /etc/openvpn/ipp.txt 

push “redirect-gateway def1 bypass-dhcp” 

push “dhcp-option DNS 8.8.8.8” 

user nobody 

group nogroup 

persist-key 

persist-tun 

status /var/log/openvpn-status.log 

verb 3

After that, save the file.

Step 4: Turn on IP forwarding

To do this, you need to uncomment the line in the config file (from the Step 3):

net . ipv4 . ip_forward=1

Then save the changes:

sudo sysctl -p

Step 5: Configure the firewall

You need to properly configure the firewall so that it allows VPN traffic to come through:

sudo ufw allow 1194/udp sudo ufw allow OpenSSH sudo ufw enable

Step 6: Configure the client

First, you need to generate the client keys:

cd /usr/share/easy-rsa sudo ./easyrsa gen-req client nopass sudo ./easyrsa sign-req client client

Create the configuration file – client.ovpn – in /etc/openvpn/ and insert:

client 

dev tun 

proto udp 

remote your_server_ip 1194 

resolv-retry infinite 

nobind 

persist-key 

persist-tun 

key-direction 1 

remote-cert-tls server

tls-auth ta.key 1 

data-ciphers AES-256-GCM:AES-128-GCM 

verb 3

Step 7: Switch on the VPN

Now you can connect to your own VPN server, using:

openvpn –config client.ovpn

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Photo of Tirupati Gumpula

Tirupati Gumpula

Tirupati Gumpula is an Internet geek, Work from Home dad, and founder of this website. He loves to share his experience in Business, Marketing, and personal finance topics. For more details Email: [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button