We may earn affiliate commissions for the recommended products. Learn more.

How to make your own VPN server


Whether you’re protecting your Internet traffic from prying eyes, accessing region-locked content, or remotely using your home network, a VPN can be a great solution to lots of common networking issues.

But what if you don’t want to give up your traffic to a third-party provider? What if you need the flexibility of accessing your own home network from afar? Luckily, there's a solution: by hosting your own VPN server, you can retain more control over your VPN setup.

When you make your own VPN server, you can host the server either in the cloud or on your own router (if it’s supported). We’ll cover both options in this article.

Secured Internet traffic with NordVPN
With NordVPN, you can lose all the hassle and enjoy a nearly limitless browsing experience with market-leading encryption, lightning-fast connection speed, a geographically-diverse server fleet, and more.
cybernews® score
4.9 /5

Why create your own VPN?

With such a wide range of VPN services already available, setting up your own server might seem like a waste of time. However, there are quite a few advantages to the DIY approach:

  • Fewer points of trust. With a paid VPN service, you pass all of your traffic through a third-party service operator and their cloud or network provider. When you set up your own server, you cut out the middleman—your data is private between you and whoever provides your server.
  • Lower cost and fewer limitations. In exchange for some setup time and being limited to a single region, making your own VPN server is cheap. Some cloud providers even offer fully-functional server hosting for free or provide significant sign-up credits. If you have a compatible router, setting up a VPN server on your router costs nothing.
  • Access to your home network. If you set up your VPN server on your home router instead of in the cloud, you’ll be able to use your home connection. From printing on your personal printer to accessing files on your NAS, anything that works from home will work while connected to the VPN. You can travel and still have access to your digital resources at home.
  • A good learning experience. Although you can set up your own VPN with relatively little computer knowledge, the process will introduce you to lots of concepts and technologies that are common in IT.

Are there any disadvantages?

While setting up your own VPN server can be extremely beneficial, there are some situations when this idea might be a poor choice:

  • If you use a VPN to access region-locked content around the globe. If you rely on your VPN provider having lots of available servers in different countries, a homemade VPN server is inferior. Commercial VPN operators can subsidize the cost of running servers in so many places by having lots of customers.
  • If you aren’t willing to dedicate the time to set it up. While modern tools have made the process easier, there’s no doubt that setting up a VPN isn’t for everyone.
  • If you don’t want to be on the hook for security. Even though today’s automation solutions help, you’re ultimately still responsible for securing your server and VPN solution. You’ll need to make informed decisions on security-related issues.

Setting up your own VPN server

To create your own VPN for personal use, you have a few specific hosting options:

  • Run the software on a cloud virtual private server. All cloud providers, from titans like Amazon Web Services to smaller operations like Vultr, offer cloud-hosted servers called VPSs. This approach allows you to select a city with a data center in which to host your VPN.
  • Use your home router’s VPN server functionality. If you have a router with the feature built-in or with the ability to use third-party firmware, you only need your router. With this approach, you can even access your home network remotely. At the same time, this option isn’t useful while you’re at home.
  • Other solutions like hosting on dedicated physical machines. Enterprises commonly have dedicated VPN servers on their internal networks to allow employees to securely work from home. For home use, this solution is overkill: your router can do the same thing. However, you could have a second network that you want to access remotely (maybe for remote tech support at an older relative’s house). In this case, you can follow many of the same steps for creating a cloud VPN server but with a spare desktop or single-board computer left on 24/7.

In the following sections, you’ll learn how to set up a VPN in the cloud and on a router.

Create your own VPN in the cloud

  1. Figure out which cloud platform you’re going to use. Since all we need is a virtual private server (VPS), nearly any provider will work. For the purposes of this guide, we’ll be using Google Cloud Platform—they offer a $300 free trial credit to new customers and some convenient beginner-friendly features. However, nearly every step works with AWS, Azure, or any number of smaller providers.
  2. Sign up and claim any applicable credits. For GCP, you’ll need a valid credit card to verify that you’re a unique human, although you won’t be charged.
  3. Open Google Cloud Shell in the upper-right corner of Cloud Console. You’ll use Cloud Shell as a remote environment to provision your virtual machine.
Activate Cloud Shell option on Google Cloud Shell
  1. Using the Git version control system, download Algo (a suite of VPN setup tools) into your Cloud Shell. Type "git clone" https://github.com/trailofbits/algo.git and press Enter. This command downloads Algo and unpacks it into a new folder. Use "cd algo" to change directories into where Algo was downloaded.
Interface of Cloud Shell Terminal
  1. Create a project and service account to house the resources needed for the VPN server by executing each of the following commands. Type or paste each one and press Enter afterwards:
  • PROJECT_ID=${USER}-algo-vpn
  • BILLING_ID=”$(gcloud beta billing accounts list –format=”value(ACCOUNT_ID)”)”
  • gcloud projects create ${PROJECT_ID} –name algo-vpn –set-as-default
  • gcloud beta billing projects link ${PROJECT_ID} –billing-account ${BILLING_ID}
  • gcloud iam service-accounts create algo-vpn –display-name “Algo VPN”
  • gcloud iam service-accounts keys create configs/gce.json \
  • –iam-account algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com
  • gcloud projects add-iam-policy-binding ${PROJECT_ID} \
  • –member serviceAccount:algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com \
  • –role roles/compute.admin
  • gcloud projects add-iam-policy-binding ${PROJECT_ID} \
  • –member serviceAccount:algo-vpn@${PROJECT_ID}.iam.gserviceaccount.com \
  • –role roles/iam.serviceAccountUser
  • gcloud services enable compute.googleapis.com
  1. Run sudo apt install -y --no-install-recommends python3-virtualenv to install a Python tool required for Algo to work.
  2. Paste this command to install Algo’s other dependencies:python3 -m virtualenv --python="$(command -v python3)" .env && source .env/bin/activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt. You’ll see lots of output, most of which you can ignore unless you see errors.
  3. Next, use the nano text editor (or another editor like vim, if you know how to use it) to edit Algo’s configuration. Type "nano config.cfg" and press Enter.
Nano Text Editor
  • Most of the time, the default options will suffice. That said, read all of the comments up until the “advanced” section to make sure that the choices make sense for your situation.
  • Pay special attention to the users you set up initially. By default, these are the only user accounts that will be created; you won’t be able to add more after your server is running.
    • If you know you want to add more users later, be sure to select “yes” when you receive a prompt asking “Do you want to retain the keys (PKI)?” later on.
  • Save and exit by pressing control-X, followed by Y for “yes, I want to save”, followed by Enter.
  1. Type ./algo -e "provider=gce" "gce_credentials_file=$(pwd)/configs/gce.json" to start the setup wizard.
  2. Choose a name for the server. The default, “algo”, is fine.
  3. Choose whether you want to use “Connect on Demand” on iOS devices and Macs. This feature allows you to automatically use a VPN whenever you’re connected to the Internet. It can be a hassle for some use cases, so the default is "No." You’ll need to make the choice twice: once for cellular networks and once for Wi-Fi.
  4. Now, decide whether you want to add users later on. The default is “No”, which improves security at the expense of flexibility.
  5. Choose whether you want automatic ad blocking while connected to the VPN. This is a convenient feature.
  6. If you won’t use SSH tunneling or don’t know what it is, choose “No” for the next option.
  7. Choose the region where you’d like your VPN server to be hosted.
  8. Wait a while. If everything works, you just created your own VPN! Congratulations.

How to set up your own VPN on your router

No two routers have the same firmware with all the same options, so it’s hard to provide universal steps. Here are some general guidelines:

  1. Search Google for your router’s model and add “VPN server”. If your router supports this out of the box, you’ll likely see a help article. If not, see if your router is compatible with third-party firmware like OpenWrt.
  • Most routers can’t create VPN servers. If this is the case, you’ll need to try another approach like a cloud-hosted server.
  1. Open your router’s configuration page, usually at the first IP address in your internal network. Try 192.168.0.1 and 10.0.0.1 in your web browser.
  2. Enter the Administrator password for your router.
  3. Find the correct page with VPN configurations and create a server. Follow your router or firmware’s instructions to set the correct options.
OpenWRT OpenVPN client

For more information, read our full guide on how to install a VPN on your router here.

Connecting to your own VPN server

Now you’re done with the hard part of setting up your VPN server. From here on out, the process is somewhat similar to using a commercial VPN provider.

  • If you set up a VPN server in the cloud with Algo, follow their instructions to connect using your devices. It’s usually as simple as installing an app and scanning a QR code. Here’s how you can display QR codes from your Cloud Shell instance:
    • After setting up the server, run /usr/bin/python -mSimpleHTTPServer 8080. Afterwards, in the upper-right corner of the Cloud Shell window, click Web Preview, then Preview on Port 8080. You’ll see a new tab open with a list of links. Click configs, then your server’s IP address, then WireGuard, then the appropriate .png file.
  • Connecting to your router’s VPN depends on the tunneling protocol you used. If you went with OpenVPN, you’ll need software installed on your client device. Keep track of the usernames and passwords you selected when you set up the server.

Comments

jaywalker
prefix 2 years ago
great article, Jack!
Akarsh Rajput
prefix 2 months ago
Very good article
Leave a Reply

Your email address will not be published. Required fields are markedmarked