Tuesday, September 27, 2022

How To Run Your Own VPN

Don't Miss

Are There Any Disadvantages

How To Run Your Own VPN Server With Outline And DigitalOcean

While setting up your own VPN server can be extremely beneficial, there are some situations when this idea might be a poor choice:

  • If you use a VPN to accessregion-locked content around the globe. If you rely on your VPN provider having lots of available servers in different countries, a homemade VPN server is inferior. Commercial VPN operators can subsidize the cost of running servers in so many places by having lots of customers.
  • If you arent willing to dedicate the time to set it up. While modern tools have made the process easier, theres no doubt that setting up a VPN isnt for everyone.
  • If you dont want to be on the hook for security. Even though todays automation solutions help, youre ultimately still responsible for securing your server and VPN solution. Youll need to make informed decisions on security-related issues.

Why Should You Even Use A VPN To Begin With

Perhaps the most important reason to use a VPN, is to stay safe when using public WiFi. Youd be surprised at the amount of sensitive information that even an amateur hacker can get at whenever you log on public hotspots with your laptop or phone.

It doesnt matter if its your local Starbucks, a busy airport, or a five star hotel. Password protected or not, youre not safe from other people logged on to the same network.

And anyone can order a WiFi Pineapple online for less than $100, and use it to create lookalike WiFi networks, and launch man-in-the-middle attacks to get all your passwordseven if the page youre logging into normally uses HTTPS.

Think about that the next time youre logging on FREE Airport Wifi, Starbucks Free Internet or anything else.

There are countless more reasons why you might want a trustworthy VPN:

  • Access geo restricted content from other countries .
  • Access websites blocked by internet service providers, your employer, or the local government.
  • Protect your privacy when downloading movies or TV shows, legally or illegally, via peer to peer networks and torrenting. Avoid being fined or blackmailed by letter-sending lawyers.
  • Make it harder for governments or other prying eyes to spy on and restrict your online activities.

Tying Up A Few Loose Ends

Now your VPN server is configured! But, just a few more steps before you can actually connect to it and start using the VPN service.

Microsoft Azure automatically uses an internal IP address for your VPN Access Server, so you need to login to OpenVPN Access Servers Web Admin UI, and manually change hostname. Go to:

https://your_vm_public_ip_address/admin

And use the admin account and password you picked in the previous step to login. Now go to Network Settings to specify a Hostname. If you have a domain name that points to your VM, enter that domain name. Otherwise, enter the public IP address.

Now, back to your SSH session into the VM, change the machines timezone to your desired timezone.

sudo dpkg-reconfigure tzdata

Use arrow keys to pick your desired timezone.

Then you need to enable IP forwarding in your VM configuration. But note that this is not done in the VM itself, but rather, in the Network Interface instance that Azure created for you. You should find it in the same resource group as your VM.

Before exiting the Network Interfaces configuration window, go to Overview and notice the Private IP.

Now, as the last step, you need to create a new Azure resource, a Route Table, and put it into the same resource group. In the Route Table, add 2 routes.

Address Prefix: 172.27.224.0/20Next hop type: Virtual applianceNext hop address: The_Private_IP_address_of_the_Network_Interface

Thats it you now have a running VPN server you can connect to!

Read Also: Can You Get VPN On Apple TV

Option Three: Make Your Own Dedicated VPN Server

You could also just use VPN server software on one of your own computers. Youll want to use a computer or device thats on all the time, thoughnot a desktop PC you turn off when you leave home.

Windows offers a built-in way to host VPNs, and Apples Server app also allows you to set up a VPN server. These arent the most powerful options around, though, and they can be a bit finicky to set up and get working right.

RELATED:How to Create a VPN Server on Your Windows Computer Without Installing Any Software

You can also install a third-party VPN serverlike OpenVPN. VPN servers are available for every operating system, from Windows to Mac to Linux. Youll just need to forward the appropriate ports from your router to the computer running the server software.

RELATED:Everything You Need to Know About Getting Started with the Raspberry Pi

Theres also the option of rolling your own dedicated VPN device. You could take a Raspberry Pi and install OpenVPN server software, turning it into a lightweight, low-power VPN server. You could even install other server software on it and use it as a multi-purpose server.

You Will Not Be Able To Unblock Geo

How to Install and Run Your Own Private VPN Server for ...

A big selling point for the main VPN services is that they can bounce your IP address to another country. This gives you the ability to unlock geographically blocked streaming content. If you have set up a VPN in your own home, you wont have this feature, unless you yourself are accessing the VPN from overseas. Even then, you will only be able to access content that is usually available in your own country.

Read Also: Can I Use VPN On My Smart TV

Option Two: Get A Router That Supports Dd

RELATED:How to Use a Custom Firmware on Your Router and Why You Might Want To

Custom router firmware is basically a new operating system you can flash onto your router, replacing the routers standard operating system with something new. DD-WRT is a popular one, and OpenWrt also works well.

If you have a router that supports DD-WRT, OpenWrt, or another third-party router firmware, you can flash it with that firmware to get more features. DD-WRT and similar router firmware include built-in VPN server support, so you can host a VPN server even on routers that dont come with VPN server software.

Be sure to pick up a supported routeror check your current router to see if its supported by DD-WRT. Flash the third-party firmware and enable the VPN server.

Purchasing An Ssl Certificate From Azure Marketplace

Azure partners with GoDaddy to provide SSL certificates. Although branded as Azure App Service SSL Certificate, SSL certificates purchased through Azure Marketplace can be used by non-App Service Azure services, or non-Azure services.

To get started, create a new SSL certificate in Azure Marketplace.

The subsequent configuration should be straightforward.

After a few minutes, your SSL certificate will be deployed, and there are 3 more steps to go.

Don’t Miss: How To Change VPN For Pokemon Go

Why Do You Need Your Own VPN Server

We usually subscribe to a commercial VPN service and connect to one of their remote VPN servers closer to our location. Sometimes you may be using a free VPN that may not be as secure as you expect and opt to subscribe to a paid VPN service for better privacy.

But, you do not necessarily need to pay for a VPN because you can also create your VPN server at your home. Then you can securely connect to your home network when you are away from home.

Setting up your VPN server is cheaper than paying for a premium VPN service as most methods like hosting charge for the compute services you use. Moreover, such VPNs are disposable, meaning that you can terminate your server after you have finished using it.

In addition to that, it will be secure than commercial VPNs because you are not providing your data to an external service that could be keeping your access logs and share with third parties for many purposes.

There are several ways you can achieve this. But, you need some technical knowledge on setting up a home VPN on your own, as it can be a tricky task.

In this guide, we are going to explain different ways you can create one. We will start with the most cost-effective method: turning your computer into a VPN server.

Connect Client To Server

How to Run your OWN VPN on a Raspberry Pi Zero | PiVPN Setup

for connecting the clients to the server steps vary according to the operating system of the clients

Connecting windows client

Download and install the windows client from the official wireguard websiteopen it and load the client configuration file we made in above step by clicking add tunnel and selecting the fileClick on Activate and you are connected to the VPN.

Connecting Android client

Install the official wireguard application form Play Store, load the configuration and connect to the VPN.

Connecting IOS client

Install the official wireguard application from App Store, load the configuration and connect to the VPN.

Connecting Mac OS Client

Install the official wireguard application from App Store, load the configuration and connect to the VPN

Connecting a Linux Client

For Linux, you can follow the installation instruction details for your specific distribution from the official wireguard website, after installing wireguardcopy the client configuration file /etc/wireguard/ directory and run wg-quick up wg0

Recommended Reading: Do VPNs Work On Cellular Data

When Should I Use A VPN

For the best security, you should use a VPN as often as possible, whether you’re using public Wi-Fi or working from homeall the time, ideally. But that’s an aspirational goal, and it’s not always achievable. If your VPN is causing problems and you need to switch if off, don’t beat yourself up. At minimum, you should use a VPN whenever you’re using a network you don’t control, and especially if it’s a public Wi-Fi network.

VPNs for Android and iPhones are a little trickier, particularly if you frequently move in and out of cellphone coverage. Each time you lose and regain data connectivity, the VPN has to reconnect, which adds a frustrating wait. It’s also just less likely that your cell traffic can be intercepted by bad guys, but we’ve seen researchers prove that it can be done.

Most mobile devices can automatically connect to any familiar looking Wi-Fi network. That’s out of convenience to you, but it’s trivially simple to impersonate a Wi-Fi network. Your phone may be connecting to a digital honeypot without you even realizing it. At minimum, you should use a VPN when connecting via Wi-Fi to keep your data safe, even if your device falls for an attack like this one.

Establishing A VPN Server In Windows 10 Using Openvpn

Install Open VPN

The first step of this method is downloading the OpenVPN installer for Windows directly from the Open VPN website. When you start the installation, make sure to do the custom installation and select EasyRSA 2 Certificate Management Scripts.

Configure EasyRSA to generate certificates and keys

  • Open the Command prompt as administrator
  • Go to C:/Program Files/OpenVPN/easy-rsa
  • Now we have prepared easyrsa for generating certificates and keys.

    Generating certificate and keys

    The next thing we have to do is to create the server and client certificates and keys. For that, execute the following commands one by one. First, build Certificate authority to sign the other certificates and keys.

    1. ./easyrsa build-ca nopass

    Build certificate and keys for server and clients as follows:

    2. ./easyrsa build-server-full server nopass3. ./easyrsa build-client-full Client1 nopass

    Create Diffie-Hellman parameters

    4. ./easyrsa gen-dh

    After executing these steps, you can find the keys, certificate files, and Diffie-Hellman Parameters in the following folders.

    C:/Program Files/OpenVPN/easy-rsa/pki ca.crt and dh.pem

    C:/Program Files/OpenVPN/easy-rsa/pki/private server and client keys

    C:/Program Files/OpenVPN/easy-rsa/pki/issued server and client certificates

    Configure OpenVPN server

  • Make a copy of the client.ovpn file located in C:/Program Files/OpenVPN\/sample-config
  • Edit the file as you required and save it in the config folder.
  • Connect to the VPN server

    Don’t Miss: Private Internet Access Amazon Fire TV

    Option One: Get A Router With VPN Capabilities

    Rather than attempting to do this yourself, you can buy a pre-built VPN solution. Higher-end home routers often come with built-in VPN serversjust look for a wireless router that advertises VPN server support. You can then use your routers web interface to activate and configure the VPN server. Be sure to do some research and pick a router that supports the type of VPN you want to use.

    Use Another Device As A VPN Server

    Create Your Own VPN Server With Outline

    Another way is to turn one of your devices into a VPN server. This might be the best option if your router isnt compatible with OpenVPN. Just choose a device thats kept on all the time because you wont be able to connect to the VPN if it crashes or turns off when youre not home. Youll also need to set up port forwarding on your router so that you can access your VPN through the internet.

    How to make a VPN server on a Windows 10 computer:

    Windows 10 actually has a free, built-in VPN function. However, it uses PPTP, a VPN protocol that is outdated and full of security issues. Instead, I recommend using OpenVPN, which is fast, secure and reliable. Ive provided the basic steps for setting up OpenVPN on Windows 10 below, but you can find detailed instructions on OpenVPNs website.

  • Change firewall settings. Enable port forwarding and inbound connections in your computers firewall settings.
  • Install OpenVPN. Download OpenVPN for Windows and install it. Make sure you check the EasyRSA box on the Enable Components part. Then, install the TAP drivers when it asks.
  • Configure EasyRSA. This needs to be done to request and sign certificates and to create certificate authorities.
  • Generate certificates. Generate the certificate authority and certificates for the VPN server.
  • Build client certificates. Youll need these to connect the client to the VPN.
  • Connect to the VPN server. Use your VPN client to connect to the server.
  • How to make a VPN server on a macOS computer:

    Tip:

    Don’t Miss: VPN For Cellular Data

    Ssh Into Your Instance To Initialize Openvpn

    Once the key is in your users root folder, launch a terminal window. You can do this by using finder and typing in terminal.

    Once the window opens type the following command to log into the server using your instances Elastic IP. Replace the bold parts below with your instances information.

    ssh -i YourKey.pem openvpnas@YourElasticIP

    If your situation is anything like mine, your key file has unlimited ownership access privileges and youll receive a nicely printed WARNING. This means youll have to run an extra command, which Ive listed below. You will be asked for your password to complete the command.

    sudo chmod 600 ~/YourKey.pem

    Chmod 600 changes privileges of the file to rw- or in other words, the user only can read and write to this file. This is good, because you should be the only user with access to this file as admin.

    After running those commands, you should successfully be able to login. When you do, you should see this OpenVPN License Agreement.

    Scroll all the way down and hit Enter to agree.

    Why Ssl Certificate Matters

    There is a great amount of literature on the internet that talks about SSL certificates and what do they do, so I wont repeat them. In my own words, I want an SSL cert on my VPN server because that is the only way I know I am actually connecting to my server. Without SSL certificate, attackers can setup their own machines to impersonate my server, which allows them to sniff, track or even intercept my internet traffic once again, that defeats the purpose of using VPN.

    Don’t Miss: Sdp Vs VPN Reddit

    Difference Between Pkcs#11 And Microsoft Cryptographic Api

    PKCS#11 is a free, cross-platform vendor independent standard. CryptoAPI is a Microsoft specific API. Most smart card vendors provide support for both interfaces. In the Windows environment, the user should select which interface to use.

    The current implementation of OpenVPN that uses the MS CryptoAPI works well as long as you don’t run OpenVPN as a service. If you wish to run OpenVPN in an administrative environment using a service, the implementation will not work with most smart cards because of the following reasons:

    • Most smart card providers do not load certificates into the local machine store, so the implementation will be unable to access the user certificate.
    • If the OpenVPN client is running as a service without direct interaction with the end-user, the service cannot query the user to provide a password for the smart card, causing the password-verification process on the smart card to fail.

    Using the PKCS#11 interface, you can use smart cards with OpenVPN in any implementation, since PKCS#11 does not access Microsoft stores and does not necessarily require direct interaction with the end-user.

    Modify The Instances Storage

    VPN Setup Tutorial – SoftEther / OpenVPN [Run your own VPN with an Open NAT type]

    After selecting the protection and navigating to the next page, you should see Step 4 storage.

    I prefer adding storage to my server since most operations that exist within a system utilize memory to function and you can still utilize the EC2 instance for other purposes if you wish, as long as there is enough storage. For this reason, I changed the size to 50Gb, as the default size is 8Gb.

    Next, select a different volume type using the drop down, choosing General Purpose SSD since were doing average operations on the machine. Lastly, uncheck the delete on termination box, meaning that to delete the snapshot of storage, you must manually delete it.

    Note: Changing the storage properties can affect the price of the selected tier, although AWS is still incredibly inexpensive.

    Read Also: How To Change Your Netflix Country Without VPN

    How To Set Up And Use A VPN

    A VPN is one of the simplest ways to protect your privacy online. Best of all, installing and using a VPN app is easy. Whether you’re working from home because of COVID-19 or you’re using unsecured Wi-Fi in a coffee shop, this is how to do so safely!

    It might sound paranoid to say you should use a virtual private network as often as possible, but there are real threats to your privacy. Whenever you connect to the internet, your internet service provider has access to everything you send and has been given the green light from Congress to sell your anonymized information to advertisers. If Coronavirus has forced you to start using public Wi-Fi, unscrupulous individuals can attempt to intercept your web traffic. Out on the wide-open internet, advertisers can track your movements between websites and discern your location by peeking at your IP address. And don’t forget what three-letter government agencies may be up toit’s scary out there!

    The fact is that the internet was created for easy information exchange, not user privacy, anonymization, or encrypted communication. While HTTPS goes a long way toward protecting your information, it doesn’t guard against all ills. Unless and until a new, more private internet comes togetherdon’t hold your breathusing a VPN is the easiest way to make sure that you’re sharing as little information as possible.

    Previous articleIs Avg VPN Worth It
    Next articleHow To Use VPN At Home

    More articles

    Popular Articles