Why the need for a VPN-Virtual Private Network? The answer is simple, to stay safe online especially on public Wi-Fi networks and also to bypass blocked websites. This way, your ISP would not know the sites you visit because your IP address just keeps bouncing from one location to the other. In reality, using a VPN is like manoeuvring through a path that makes it difficult to trace you. Just to avoid traffic jam or a police checkpoint and hence get to your destination quickly.
As much as this is an excellent choice to have full privacy online it can also be as dangerous as going without a VPN software. Remember I said it's like rerouting your path in real life. Providers of this software are no different from your ISP and can also have a log of the details of its users. This could get more infuriating when these data are sold to third parties or data brokers. Other insecure services also leak connection information leaving you unprotected as you would be without a VPN. So the question is how can you trust your VPN service provider.
Why you need to host your own VPN server
This is another option most people do not know. There are so many VPN choices on the market. You can create yours too and you will legit own how you interact with the internet with no one invading your privacy. It is a little difficult to set up but if you are someone who wants to explore other options you've got, this guide is for you. Creating your own VPN isn't just something you can brag about, it has several benefits too.
- Creation of private networks.
- Enables privacy.
- No latency and almost no internet downtime.
- Bypass blocked websites.
- Total control of your data.
You might be wondering the need for all this. Using your smartphone transmits a ridiculous amount of personal data most of us are unaware of. Even though some of these data are sent over encrypted HTTPS channels, the auto-connect feature of these devices can leave us prone to being data hacked or what I call "data abuse". Connecting through cellular data subjects you to data collection by your carrier. There are disadvantages too should you decide to go with this option.
1. Anonymity isn't possible, why? - your payment information would be hosted in your name and personal other details.
2. You won't get other features provided by VPN software like easily switching between different locations.
Let's create our own VPN
Following this guide, you can set up your VPN using Linode VPS, the Linux virtual machine you are going to host your VPN server. There are popular options to choose from too, like DigitalOcean and UpCloud.
Step 1 - Set up Linode VPS
Create an account from the Linode's website and enter your billing information. After completing that task this is where you pick your hardware server and the platform it will be hosted. Here's where you sign up, Linode can also provide you with other services apart from cloud hosting.
Visit the website
Step 2 - Log in to the VPS
For those of you who haven't used the command line, don't be scared. The steps are pretty easy to follow. Just feel at home and follow.
- Open VPS.
- Click the 'Launch Console' button at the top-right corner. You will see a web-based terminal and a login prompt.
- Type "root"(without quotes), press enter and your root password and enter again.
- You should see a "Welcome to Ubuntu" message. Here is a list of some common and useful terminal commands for Linux and Mac that are helpful.
Step 3 - Set up VPN
To skip the use of command throughout, you can install the OpenVPN road warrior install script. Run this command in the Lish console as this would make everything easy.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Press enter until you get prompted for the port number to use. Enter 443. This is to prevent the network from blocking your OpenVPN ports. When asked which DNS to use press enter and then type your name. The software will set everything up for you.
Step 4 - Download the login info
- Install the ffsend app on your server.
snap install ffsend
- Download Firefox (if you don't have) to use the FireFox Send service. This is used to send encrypted files over the internet.
- Upload OVPN server with a password and this will be deleted from Mozilla's servers once it has been downloaded. Run 'ls' to check the name of the file you generated earlier.
ffsend upload filename.ovpn --download-limit 1 --password
- After running this you will get the 'Upload complete' message. Run this command to get the link.
ffsend history
- Copy the link to your browser and download the file. This can now be shared across all your devices. For safety reasons, keep this file secured.
Step 5 - Connect to the VPN
Now you are ready to try it out. OpenVPN is available for the major operating systems and its open source. For an Android device use, you can use OpenVPN. For Windows/Mac/iOS, go for VPNGate.
Step 6 - Secure the server
To reduce possible security issues, here are some tips. The whole point of this process to get maximum privacy and security so you must be cautious yourself. It's recommended you do these.
1. Enable automatic updates - This saves you the time of always having to log in to occasionally perform updates. Run this to install available updates on the first time.
Then you run this command to install the auto-updater
apt install -y unattended-upgrades
If you are familiar with how Ubuntu works. There is documentation that explains all the configurations.
2. Turn off SSH access - You can use your VPN as remote access, site-to-site VPN (intranet) or Extranet. If the server won't be used for anything else, you should disable remote access via SSH. This will limit login into the server to just the console in the Linode dashboard preventing brute-force login attacks on your server.
First, run this command to disable the SSH server from starting when the server boots up:
Then, stop the currently running server with this command:
systemctl stop ssh.service
3. Set up two-factor authentication - Enable this for your Linode account to deter people from accessing your server. Locate profile on the Linode dashboard to effect these changes. You can also use a third party for this authentication. This is an app of your choice. Google authenticator or anyone you want. Here are some we recommend: andOTP, Authy, FreeOTP Authenticator
4. Manage your VPN - You have now created your own functional VPN server. Linode automatically
runs maintenance anytime it's rebooted. If something is not working, you can always fall to rebooting the server. The reboot button is located at the top right corner of the Linode dashboard in the VPN server option.
For any reason you would want to undo this process, you can easily delete the server.
- Go to Linode dashboard.
- Click the VPN server.
- Select the Settings tab at the top.
- Click delete Linode.