A VPN (virtual private network) server sits between you and the internet. This means anyone looking at your activity does not see your identity, but that of the server. We will set op an OpenVPN server for our private use.
In essence I’ll show you how to set up a VPN server using these steps:
- Buy a $5/month server
- Configure the server to act as a VPN
- Connect to the VPN server you created
Stuff you need to know:
- Anyone who has a basic understanding of the internet can do this
- This takes between 5 and 30 minutes depending on you
- This server will use AES-256 encryption and has no bandwidth limitations
- 1 Buying a VPS
- 2 Connecting to your server
- 3 Updating your server
- 4 Installing the VPN software
- 5 Retrieving your config files
- 6 Configuring OpenVPN on your computer
Buying a VPS
Creating an account
A VPS is a Virtual Private Server, not to be confused with a VPN which is a Virtual Private Network. In essence:
- A VPS is a server, so a computer you hire in a datacenter
- A VPN is a server configured to act as a connection for you
A VPS costs $5/month. You will be billed per second used, so if you cancel your server after a day, you will pay next to nothing. No contracts.
I recommend using Digital Ocean as your VPN provider. Simply:
- Go to DigitalOcean
- Create an account
- Either use the big form on the front page
- Or use the ‘sign up’ button in the right top corner
- Fill in your payment details (remember, you can cancel any time and you are billed per second)
Creating a server
Digital Ocean (DO) calles their VPS servers droplets. We are going to spin up a droplet:
- Log into your client panel
- Click ‘create droplet’
- Give it any name (no spaces)
- Choose the $5/month option
- Select Amsterdam as your VPS region (better net neutrality laws)
- Select Ubuntu 15.04 x64
- IF you use SSH keys input them as well. If you have no idea what I’m talking about ignore this
You will receive an email containing the following:
- Your server IP (a number like 18.104.22.168)
- Your root password (unless you use SSH keys, in which case you won’t)
Connecting to your server
First we need to log into your server. This is done through something called an SSH connection. This is just a protocol for logging in.
On Mac computers
- Open your spotlight/search and type ‘Terminal’
- Open the terminal (looks like a black screen icon usually)
- In the terminal type “ssh root@your_ip” for example ssh email@example.com
- You will be asked for a password, this is the one that was emailed to you
On Linux computers
- You probably know your way around a terminal already
- Use the same instructions as on a Mac
On Windows computers
You need an extra piece of software to do ssh connections. It’s not built in. Sorry.
- Download and install Putty
- Open Putty
- Under ‘Host Name’ put your IP address
- Set ‘Connection type’ to ssh
- Press ‘Open’
- Now a black screen will open asking for a username. Use ‘root’
- You will be asked for a password, this is the password emailed to you
Updating your server
I like starting with an updated server. Latest software and security etc. This is not strictly needed (the script in the next section also does it) but it is a nice exercise in case you have not handled a command line before.
Anything you type into the terminal now that you started the ssh connection is a command.
Update your repositories
This is checking if your update sources are up to date. It is step 1 of 2. Type the following:
sudo apt-get update
And press enter. A lot of stuff will start happening. Relax, it’s supposed to happen.
Update your software
This is the updating of your actual software. Step 2 of 2 in the update process. Type:
sudo apt-get upgrade
Answer yes when the terminal asks you whether it is ok to install the new software.
Installing the VPN software
I wrote a script to install OpenVPN. This article actually started as a “copy this and then paste that” kind of thing, but it resulted in chaos. Therefore we will do 2 versions, the simple and advanced. What this script does is:
- Install OpenVPN
- Set up a firewall that allows only SSH, 1194 UPD and 443 TCP ports
- Configure 2 connections for the server
- Both using AES-256
- Both using a ta.key handshake
- Generate 2 client files (used by us to connect)
- Configure automatic security updates
If you don’t know what you are doing
In your terminal type the following commands, you may copy paste:
- wget -O openvpn.sh https://raw.githubusercontent.com/actuallymentor/openvpn-bash-setup-script/master/setup.sh
- sudo bash openvpn.sh
- // Input your password if you are asked for it
- Wait until you get a reboot notice, this will take a while
If you know what you are doing
The script declares a number of variables:
- vpncipher=”AES-256-CBC” # BF-CBC
The vpnclient names are not interesting. They are just the filenames of your config files. Feel free to change them. The interesting ones are:
- vpncipher, this determines what encruption your connection will use
- My default: AES-256-CBC
- Faster option is blowfish: BF-CBC
- Other options are
- verbosity, this determines how much log information your client will output. Handy for debugging.
- My default: 0, no logging
- You can move this up to 9
For extreme personalization you can edit the server and client variables, though I don’t see why you would.
Retrieving your config files
We have nog configured our server, yay! Now we need to download our configuration files from it. These files are what our computers will use to connect to the server.
On Mac and Linux
Type the following commands into your terminal. This terminal should not be connected to your server, open a new one.
- sftp root@your_server_ip
- Enter your password
- cd /etc/openvpn/easy-rsa/keys/
- get client.ovpn
- get clienttcp.ovpn
If you are a wizard and changed the filenames, make sure to select the correct ones.
Now go find your files in your home folder.
Microsoft doesn’t make life easy. We need to download stuff again.
- Download and install WinSCP
- Open the interface
- Select File protocol SFTP
- Host name: your IP
- User name: root
- Password: the password that was emailed to you
- Browse to /etc/openvpn/easy-rsa/keys/
- Drap the client.ovpn and clienttcp.ovpn to your desktop
Configuring OpenVPN on your computer
This part differs again per system, but I’ve got you covered:
- Set up OpenVPN on Mac
- Set up OpenVPN on Windows
- Set up OpenVPN on Linux
- Set up OpenVPN on iOS
- Set up OpenVPN on Android
That’s it! Don’t forget to share 🙂