Notice! This page is old and the script is out of date. You can find a good community supported setup script here.
A VPN (virtual private network) server sits between you and the internet. This means anyone looking at your activity does not see your identity, but that of the server. We will set op an OpenVPN server for our private use.
In essence I'll show you how to set up a VPN server using these steps:
- Buy a $5/month server
- Configure the server to act as a VPN
- Connect to the VPN server you created Stuff you need to know:
- Anyone who has a basic understanding of the internet can do this
- This takes between 5 and 30 minutes depending on you
- This server will use AES-256 encryption and has no bandwidth limitations
Buying a VPS
Creating an account
A VPS is a Virtual Private Server, not to be confused with a VPN which is a Virtual Private Network. In essence:
- A VPS is a server, so a computer you hire in a datacenter
- A VPN is a server configured to act as a connection for you
A VPS costs $5/month. You will be billed per second used, so if you cancel your server after a day, you will pay next to nothing. No contracts. I recommend using Digital Ocean as your VPN provider. Simply:
- Go to DigitalOcean
- Create an account
- Either use the big form on the front page
- Or use the 'sign up' button in the right top corner
- Fill in your payment details (remember, you can cancel any time and you are billed per second)
Creating a server
Digital Ocean (DO) calles their VPS servers droplets. We are going to spin up a droplet:
- Log into your client panel
- Click 'create droplet'
- Give it any name (no spaces)
- Choose the $5/month option
- Select Amsterdam as your VPS region (better net neutrality laws)
- Select Ubuntu 15.04 x64
- IF you use SSH keys input them as well. If you have no idea what I'm talking about ignore this You will receive an email containing the following:
- Your server IP (a number like 220.127.116.11)
- Your root password (unless you use SSH keys, in which case you won't)
Connecting to your server
First we need to log into your server. This is done through something called an SSH connection. This is just a protocol for logging in.
On Mac computers
- Open your spotlight/search and type 'Terminal'
- Open the terminal (looks like a black screen icon usually)
- In the terminal type "ssh root@your_ip" for example ssh firstname.lastname@example.org
- You will be asked for a password, this is the one that was emailed to you
On Linux computers
- You probably know your way around a terminal already
- Use the same instructions as on a Mac
On Windows computers
You need an extra piece of software to do ssh connections. It's not built in. Sorry.
- Download and install Putty
- Open Putty
- Under 'Host Name' put your IP address
- Set 'Connection type' to ssh
- Press 'Open'
- Now a black screen will open asking for a username. Use 'root'
- You will be asked for a password, this is the password emailed to you
Updating your server
I like starting with an updated server. Latest software and security etc. This is not strictly needed (the script in the next section also does it) but it is a nice exercise in case you have not handled a command line before. Anything you type into the terminal now that you started the ssh connection is a command.
Update your repositories
This is checking if your update sources are up to date. It is step 1 of 2. Type the following:
sudo apt-get update
And press enter. A lot of stuff will start happening. Relax, it's supposed to happen.
Update your software
This is the updating of your actual software. Step 2 of 2 in the update process. Type:
sudo apt-get upgrade
Answer yes when the terminal asks you whether it is ok to install the new software.
Installing the VPN software
I wrote a script to install OpenVPN. This article actually started as a "copy this and then paste that" kind of thing, but it resulted in chaos. Therefore we will do 2 versions, the simple and advanced. What this script does is:
- Install OpenVPN
- Set up a firewall that allows only SSH, 1194 UPD and 443 TCP ports
- Configure 2 connections for the server
- Both using AES-256
- Both using a ta.key handshake
- Generate 2 client files (used by us to connect)
- Configure automatic security updates
If you don't know what you are doing
In your terminal type the following commands, you may copy paste:
- wget -O openvpn.sh <removed this script because it is old, see notice on top of article)
- sudo bash openvpn.sh
- // Input your password if you are asked for it
- Wait until you get a reboot notice, this will take a while