How to Setup Private VPN Server

By /

SSHMAX.id – The digital age has made online privacy and security a paramount concern. Every time we browse the internet, sensitive data is exchanged — and it’s no secret that hackers, advertisers, and even governments can tap into our personal information. One of the best ways to protect your privacy is by using a VPN (Virtual Private Network). But while third-party VPN services can help, they also come with limitations: the risk of data logging, possible connection slowdowns, and recurring costs.

Setting up your own VPN server gives you complete control over your data and offers enhanced security and privacy. Whether you want to access your home network remotely, protect your data when traveling, or encrypt your browsing activity, a personal VPN server is a powerful tool.

In this guide, we will show you how to set up a private VPN server from scratch. By the end of this article, you’ll know how to configure your server and connect your devices securely, without relying on third-party services.

Why Should You Set Up Your Own VPN Server?

When it comes to internet security, a private VPN server has numerous advantages over using commercial VPN services. Here are the key reasons why you might want to create your own:

1. Complete Control Over Your Privacy

With your own VPN, you can make sure that no one — not even the service provider — has access to your data. This guarantees that your browsing history, personal information, and connection details stay private.

2. No Logging of Activity

Commercial VPN services might log your online activities, even if they claim not to. By hosting your own VPN, you ensure there are no logs being kept, guaranteeing your anonymity.

3. Access to Remote Resources

A private VPN server allows you to securely access files, databases, or services within your home or office network while you’re away. It’s an essential tool for telecommuting or remote access to private resources.

4. Cost-Effective in the Long Run

Although there are initial costs to setting up a VPN server (hardware, software, and network setup), over time, it can be much more affordable than paying for a monthly or yearly VPN subscription.

What You’ll Need to Set Up Your Private VPN Server

Before we dive into the setup process, let’s first review what you’ll need to get started:

1. Hardware

You can run your VPN server on virtually any computer or server. Here are some options:

  • A Dedicated PC: If you have an old computer lying around, you can repurpose it as a VPN server.
  • Raspberry Pi: For a low-cost, low-power solution, you can use a Raspberry Pi to host your VPN.
  • Virtual Private Server (VPS): If you want a cloud-based solution, you can rent a VPS from providers like DigitalOcean or AWS.

2. VPN Software

There are several open-source VPN software packages to choose from:

  • OpenVPN: Known for its high security and wide compatibility, OpenVPN is a popular choice.
  • WireGuard: A newer and faster VPN protocol, WireGuard has gained popularity due to its simplicity and efficiency.
  • PPTP: If you just need a basic setup (with less security), PPTP is an option, though it’s not recommended for sensitive data.

3. A Static IP Address

To allow external devices to connect to your VPN server, you’ll need either a static IP address or Dynamic DNS (DDNS). A static IP ensures that the server’s address doesn’t change over time, making it easier to connect remotely.

4. Internet Connection

A strong and stable internet connection is crucial. The VPN will be encrypting your traffic, so speed and reliability matter.

Step 1: Choose the VPN Software

Choosing the right VPN software is essential to setting up your server. For most users, OpenVPN or WireGuard are the best options. Below, we break down the advantages of each:

OpenVPN

OpenVPN is one of the most flexible and widely-used VPN solutions. It offers robust encryption, wide platform support, and a large user community for troubleshooting. However, OpenVPN can be more challenging to configure for beginners.

WireGuard

WireGuard is a new VPN protocol that promises better performance and simplicity compared to OpenVPN. It uses state-of-the-art cryptography and is designed to be faster and more efficient, especially for mobile devices.

Step 2: Installing Your VPN Software

In this guide, we will focus on setting up WireGuard and OpenVPN for a Linux-based server (Ubuntu), as these are common and accessible choices. However, installation steps are available for Windows and macOS as well.

Installing WireGuard on Linux (Ubuntu)

  1. Install WireGuard:
    • Update your system and install WireGuard: 
      sudo apt update
sudo apt install wireguard
  2. Generate Server Keys:
    • Generate the private and public keys: 
      wg genkey | tee privatekey | wg pubkey > publickey
  3. Configure the WireGuard Server:
    • Create a new WireGuard configuration file, such as /etc/wireguard/wg0.conf, and add the following details: 
      [Interface]
PrivateKey = <Server Private Key>
Address = 10.0.0.1/24

[Peer]
PublicKey = <Client Public Key>
AllowedIPs = 10.0.0.2/32
  4. Enable IP Forwarding:
    • Allow the server to route traffic between interfaces by editing the sysctl file: 
      sudo nano /etc/sysctl.conf
    • Un-comment or add the line: net.ipv4.ip_forward = 1
    • Apply the changes: 
      sudo sysctl -p
  5. Start WireGuard:
    • Start the WireGuard server: 
      sudo wg-quick up wg0

Installing OpenVPN on Ubuntu

  1. Install OpenVPN:
    • Install the OpenVPN package and required utilities: 
      sudo apt install openvpn easy-rsa
  2. Generate Keys and Certificates:
    • Set up the easy-rsa directory and build the necessary keys: 
      make-cadir ~/openvpn-ca
cd ~/openvpn-ca
source vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
  3. Configure OpenVPN Server:
    • Copy the sample configuration file to /etc/openvpn and modify the settings accordingly: 
      sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
sudo gzip -d /etc/openvpn/server.conf.gz
  4. Start OpenVPN:
    • Start the OpenVPN server: 
      sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server

Step 3: Configure Router for Port Forwarding

To allow external devices to connect to your VPN server, you’ll need to configure port forwarding on your router.

  1. Login to your router (usually via 192.168.1.1 or 192.168.0.1).
  2. Locate the Port Forwarding section (usually under Advanced Settings).
  3. Forward the necessary port:
    • For WireGuard, forward UDP port 51820.
    • For OpenVPN, forward UDP port 1194.
  4. Save the settings and restart the router.

Step 4: Connect Your Devices

Now that your server is up and running, you can connect your devices using the VPN client configuration.

OpenVPN Client Setup:

  1. Install OpenVPN on your client device (Windows, macOS, Android, iOS).
  2. Transfer the .ovpn configuration file from your server to the client.
  3. Import the configuration file into the OpenVPN client.
  4. Connect to the VPN.

WireGuard Client Setup:

  1. Install WireGuard on your client device.
  2. Transfer the client configuration file with the appropriate keys.
  3. Activate the VPN using the WireGuard client.

Step 5: Test Your VPN

Once everything is configured, you should test your VPN setup:

  1. Check IP Address: Use WhatIsMyIP to verify that your VPN is masking your IP.
  2. Test Connectivity: Ensure you can access your remote resources (files, databases) securely.
  3. Test Security: Use DNS leak tests to ensure your traffic is securely routed through the VPN.

Conclusion

Setting up your own private VPN server gives you unparalleled control over your privacy and security. With the right tools and steps, you can have a fully functional VPN server running in no time. By following this guide, you can protect your data, access your network remotely, and enjoy the benefits of encryption without relying on third-party services.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top