Your own VPN on 10 minutes
A VPN or Virtual Private Network is a service that allows you to connect to the internet through an encrypted tunnel in order to keep your privacy and security in check.
When you are using a VPN not only black hat hackers cannot sniff on your data, but your ISP (internet service provider) cannot either! It’s a great way to keep your sensitive data hidden from unwanted looks. Another pro of using a VPN is that your home/phone IP address is hidden and the only IP visible is your VPN's server one.
But, as Led Zeppelin sang once… “Not all that glitters is gold”. And neither are VPNs. Some of the drawbacks are the price, the speed decrease and it isn’t 100% safe, but that’s better than surfing the web naked and exposed. We have two options then, either register in an external VPN provider such as ExpressVPN, NordVPN, and so on. Or pull up our own VPS server with a VPN installed 🤓.
Setting a server
Our first step is setting up a server on Digital Ocean by creating a droplet with the following configuration:
- Image: Ubuntu 20.04 (LTS) x64
- Plan : Shared CPU, Basic
- Server: 6$/month one or 12$/month (depending on the use)
- Datacenter Region: The closest to our home
- Authentication: Prefered ssh keys, but password would be ok too
- One single droplet
- Tag: VPN
- Create Droplet!
Now we want to assign a floating IP. If you tap on the droplet, you’ll find the “Floating IP: Enable now” option underneath the header’s name, and we will proceed by assigning it to our droplet.
In a few minutes, the droplet will be up and we’ll be able to ssh into it by going to our terminal and running the following command, and entering the password afterward.
For this, we will run this script that will update our server, install docker and docker-compose
#!/bin/bash# Updating server
apt-get update # Installing dependencies
apt-get install -y curl vim
# Installing Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh # Installing Docker-compose
curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
Let’s create a directory to save all the files that we will use
mkdir myVpnServer && cd myVpnServer
Now let’s create a docker-compose file
touch docker-compose.yaml && vim docker-compose.yaml
We will paste then the OpenVPN docker container configuration from kylemanna:
Let’s initialize the configuration files and certificates. It will ask you for a password that you’ll need to fill, and then several questions that we can skip with the enter button.
docker-compose run --rm openvpn ovpn_genconfig -u udp://<your-server-ip>
docker-compose run --rm openvpn ovpn_initpki
In case you aren’t running as root, you’ll have to change the file permissions to allow you to execute it.
sudo chown -R $(whoami): ./openvpn-data
Then, let’s run the container.
docker-compose up -d
But we are not done yet! We have to generate a client’s certificate:
export CLIENTNAME="your_client_name"# with a passphrase (recommended)
docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME
And now let’s retrieve the client configuration with embedded certificates and download it so we can add it to our OpenVPN desktop app.
docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
A “.ovpn” file will be created on the folder. Now we want to download it using scp. We will open another terminal and will copy this file from the server to our own computer:
scp root@<floatin_ip>:/root/myVpnServer/<ovpn_name>.ovpn ~/Desktop
We are almost done 🤓! Now we will open the OpenVPN app, import the file, and drop our downloaded “.opvn” file on the desktop to the app. When connecting you have the option of saving the password so it won’t ask you every time or to write it whenever you connect.
Write the password and wait for the connection
And there it is! Your own VPN server! Congratulations :)