45

How to Setup Your Own VPN Server

How to setup a VPN server

Why Your Own VPN Server

Setting up my own VPN server? That sounds rather complicated and unnecessary, considering a decent VPN, like Hidemyass costs less than $6/month. So, why would I bother setting up my own VPN server?

There are many commercial VPN services you can choose from (Hidemyass and TorGuard); most are inexpensive and easy to use. But running your own VPN gives you benefits most commercial VPN services can’t offer. First, when using any commercial VPN service, you share the server’s resources with other users (i.e. CPU, RAM); as more users connect to a VPN server, the slower it gets. With your own VPN server you don’t share, so you get maximum performance. Next, with any commercial VPN you’ll always wonder whether the VPN provider is spying on you. But that’s never a concern when you use your own VPN. Finally, streaming services like Netflix block IP addresses of commercial VPNs. Running your own VPN server makes it easier to circumvent the block.

Here I will show you how to set up your own VPN server and how to connect to it. This how-to gets a bit technical so make sure you follow carefully.

If the idea of setting up your own VPN seems daunting, you can consider using a commercial VPN service. I recommend TorGuard, for two reasons: their ‘no logging’ policy, and speed. TorGuard hosts their servers on Tier-1 networks, which delivers unbeatable speed, and maximum reliability.

Step by Step Instructions

Choose Your Cloud Server (VPS)

The first thing you need is a Virtual Private Server (VPS). When choosing a VPS avoid the free offers; instead, select a low cost and reliable service like CloudSigma or DigitalOcean, where $5 monthly gets you a VPS with 512MB RAM, 20GB SSD and 1TB bandwidth – enough resources to stream videos or play online games.

The instructions below have been tested on CentOS and Ubuntu. Please report any problems you encounter in the comment section below.

Configure Your OpenVPN Server

  1. First, update your system to the latest version.

    sudo apt-get update && sudo apt-get update -y
    yum install http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm 

  2. Next, install OpenVPN and Easy-RSA. OpenVPN is a robust and highly flexible VPN software that uses all of the encryption, authentication, and certification features of the OpenSSL library to implement virtual private network (VPN) techniques. Easy-RSA is a small RSA key management package based on the openssl command line tool. We’ll use it to generate certificates and manage (private) keys.

    sudo apt-get install openvpn easy-rsa -y
    yum install openvpn easy-rsa -y

  3. We’ll now copy all VPN configuration files to “/etc/openvpn/”.

    # Copy the sample configuration files of OpenVPN and easy-rsa to "/etc/openvpn"cp -r /usr/share/easy-rsa/ /etc/openvpnsudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/ && sudo gzip -d /etc/openvpn/server.conf.gz
    # Copy the sample configuration files of OpenVPN to "/etc/openvpn"
    cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn
    # Copy the sample configuration files of easy-rsa to "/etc/openvpn"
    cp -R /usr/share/easy-rsa /etc/openvpn

  4. OpenVPN uses PKI (Public Key Infrastructure) for authentication. The client must authenticate the server certificate and the server must authenticate the client certificate before a connection can be established. In the following steps we’ll create 3 pairs of certificates and their associated keys. The first pair is for the server and the second pair is for the client. The last pair is the root certificate (also known as CA, or Certificate Authority), and its private key, which will be used to sign server and client certificates. You create the key-pairs using Easy-RSA:

    cd /etc/openvpn/easy-rsa/
    # At the command prompt, enter the following command
    su root
    # Notice the space between . and vars.
    . vars
    # Remove all certificates created previously.
    ./clean-all
    # Build the certificate authority (CA) certificate and key.
    # Pick a unique name as "Common Name". Other fields can be left blank.
    # To leave a field blank, enter "."
    ./build-ca
    # Generate a certificate and private key for the server.
    # Pick a unique "Common Name" such as "server".
    # Enter "." when prompted for a challenge password.
    ./build-key-server server
    # Build Diffie-Hellman parameters for the server.
    ./build-dh
    # create a certificate for the client: 97228.
    # Pick a unique "Common Name" such as "97228".
    # Enter "." when prompted for a challenge password.
    ./build-key 97228
    # Repeat the above command should you need to add more clients.
    
    
    
    cd /etc/openvpn/easy-rsa/2.0
    # Edit the vars script to use the correct path.
    vi vars
    # Change line: export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` to
    export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
    # Back at the command prompt, use the following command to reflect the changes.
    # Notice the space between . and vars.
    . vars
    # Remove all certificates created previously.
    ./clean-all
    # Build the certificate authority (CA) certificate and key.
    # Pick a unique name as "Common Name". Other fields are optional.
    ./build-ca
    # Generate a certificate and private key for the server.
    # Pick a unique "Common Name" such as "server".
    # Enter "." when prompted for a challenge password.
    ./build-key-server server
    # Build Diffie-Hellman parameters for the server.
    # This operation may take a while to complete.
    ./build-dh
    # create a certificate for the client: RobbC.
    # Pick a unique "Common Name" such as "RobbC".
    # Enter "." when prompted for a challenge password.
    ./build-key RobbC
    # Repeat the above command should you need to add more clients.
    
    

  5. Now we’ll transfer 3 files: ca.crt, 97228.crt, and 97228.key from the “/etc/openvpn/easy-rsa/keys/” directory on the server to the client. Create 3 text files on the client with the same names. On the server, use the “cat” command to display the contents of each file. Copy & paste the contents of each file to the corresponding file on the client.
  6. We’ll now edit the OpenVPN server configuration file located in: “/etc/openvpn/server.conf”.

    # Edit the server configuration file.
    sudo vim /etc/openvpn/server.conf 
    # Include the followings settings.
    # Which TCP/UDP port should OpenVPN listen on?
    port 1194
    # TCP or UDP server?
    proto udp
    # Create a routed IP tunnel
    dev tun
    # Point to our ca, cert, key, and dh files.
    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/server.crt
    key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
    dh /etc/openvpn/easy-rsa/keys/dh2048.pem
    # Supply a VPN subnet for the server and clients
    server 10.8.0.0 255.255.255.0
    # Assign the previously used IP address
    ifconfig-pool-persist ipp.txt
    # Redirect all IP traffic through the VPN
    push "redirect-gateway def1 bypass-dhcp"
    # The addresses below refer to the DNS servers from
    # Comodo DNS. Change to Google DNS should you prefer.
    push "dhcp-option DNS 8.26.56.26"
    push "dhcp-option DNS 8.20.247.20"
    # Allow multiple clients to share the same certificate/key files.
    duplicate-cn
    keepalive 10 120
    # Enable compression
    comp-lzo
    # reduce the OpenVPN daemon's privileges after initialization.
    user nobody
    group nobody
    # The persist options
    persist-key
    persist-tun
    # Logging options
    status openvpn-status.log
    log-append  /var/log/openvpn.log
    verb 3
    # Add an extra username/password authentication for clients
    plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
    
    
    # Edit the server configuration file.
    cd /etc/openvpn
    vi server.config
    # Include the followings settings.
    # Which TCP/UDP port should OpenVPN listen on?
    port 1194
    # TCP or UDP server?
    proto udp
    # Create a routed IP tunnel
    dev tun
    # Point to our ca, cert, key, and dh files.
    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh2048.pem
    # Supply a VPN subnet for the server and clients
    server 10.8.0.0 255.255.255.0
    # Assign the previously used IP address
    ifconfig-pool-persist ipp.txt
    # Redirect all IP traffic through the VPN
    push "redirect-gateway def1 bypass-dhcp"
    # The addresses below refer to the DNS servers from
    # Comodo DNS. Change to Google DNS should you prefer.
    push "dhcp-option DNS 8.26.56.26"
    push "dhcp-option DNS 8.20.247.20"
    # Allow multiple clients to share the same certificate/key files.
    duplicate-cn
    keepalive 10 120
    # Enable compression
    comp-lzo
    # reduce the OpenVPN daemon's privileges after initialization.
    user nobody
    group nobody
    # The persist options
    persist-key
    persist-tun
    # Logging options
    status openvpn-status.log
    log-append  /var/log/openvpn.log
    verb 3
    # Add an extra username/password authentication for clients
    plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so login
    

  7. Next, we’ll create a user account for each client so we can authenticate each VPN client by username and password.
    # Create a user account with no home directory and shell access.
    sudo useradd 97228 -M -s /bin/false
    sudo passwd 97228
  8. Next, we’ll make a few changes to finalize the setup: enable IP forwarding, automatically start the VPN service when the system boots, adjust the firewall settings to allow VPN traffic.

    # Enable IP forwarding
    sudo vim /etc/sysctl.conf
    # Uncomment the next line to enable packet forwarding for IPv4
    net.ipv4.ip_forward=1
    # Save and apply changes.
    sudo sysctl -p /etc/sysctl.conf
    # Save the firewall rules to a file
    sudo sh -c "iptables-save > /etc/iptables.rules"
    # Load the firewall rules before the eth0 interface is alive
    sudo vim /etc/network/interfaces
    # add the next line at the end of "iface eth0" section
    pre-up iptables-restore < /etc/iptables.rules
    
    # Enable IP forwarding
    vi /etc/sysctl.conf
    # Change net.ipv4.ip_forward = 0 to:
    net.ipv4.ip_forward = 1
    # Save and apply changes.
    sysctl -p
    # Start OpenVPN server at system startup.
    chkconfig openvpn on
    # Allow our VPN subnet in firewall
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    service iptables save
    
    

  9. (Optional) You can assign your VPN server a DigitalOcean floating IP. A floating IP is a static IP address you can re-map instantly to any VPS, or Droplet. This gives you two major benefits: redundancy, and an extra IP address which is useful when your original IP address is blocked by certain websites. Network traffic between a floating IP and a Droplet flows through the anchor IP that is aliased to a Droplet’s public network interface (eth0). To make your VPN server accessible by its floating IP, make sure your VPN server is configured to listen on its anchor IP. To display your anchor IP, use the following command.
    sudo ip addr show eth0

    Next, update the VPN server configuration file to use the anchor IP. Adjust the firewall to allow traffic using the anchor IP.

    sudo vim /etc/openvpn/server.conf
    # Add your anchor ip after 'local' like the following
    # Which local IP address should OpenVPN # listen on? (optional)
    local 10.10.0.5
    # Adjust the firewall to make OpenVPN traffic go through the anchor IP.
    sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 10.10.0.5
    sudo sh -c "iptables-save > /etc/iptables.rules"
    # Restart the OpenVPN service
    sudo service openvpn restart
    # Check logging messeges
    sudo journalctl --identifier oven-server
    # Fix error: TCP/UDP: Socket bind failed on local address [AF_INET]x.x.x.x:1194:
    sudo vim /lib/systemd/system/openvpn.service
    

Configure Your OpenVPN Client

Your VPN server should now be fully functional and ready to connect with a client (device). To connect a client to the server, first install the OpenVPN software on the client. Next, configure the client to communicate with your VPN server. For a mobile client, install the OpenVPN Connect App; for a desktop computer, download the Tunnelblick App.

Now I will show you how to set up a VPN client on a desktop computer using Tunnelblick.

First, create a folder to contain the configuration files. You can name this folder anything you like as long as it ends with .tblk (so Tunnelblick can access the configuration files). I named my folder NY-97228.tblk to remind me the folder contains the configuration files for VPN user: 97228. The “NY” prefix indicates the VPN server is located in New York.

Next, select the 3 files you transferred from the server to the client in step 5 and copy the files to your .tblk folder. Right click here and save my sample VPN configuration file (config.txt) to your .tblk folder.

Now, open config.txt in a text editor and replace: MY-SERVER-IP, CA-CERTIFICATE.crt, CLIENT-CERTIFICATE.crt, and CLIENT-KEY.key with your own settings by following the comments (lines with a “#” prefix) above each setting. Once you’ve done editing your file, rename it config.conf.

Here is what the sample “config.txt” looks like.

# Sample client-side OpenVPN configuration
# Edit this file by following the instructions here:
# https://vpntips.com/how-to-setup-a-vpn-server/
# Lines starting with ‘#’ or ‘;’ are comments

# Specify that this is a client.
client

# Specify the interface to use. Use the same interface the server uses.
;dev tap
dev tun

# Choose a protocol: TCP or UDP. Use the same protocol the server uses.
;proto tcp
proto udp

# Specify the IP address (or fully qualified domain name)
# and port of the server.
remote MY-SERVER-IP 1194

# Keep resolving the host name of the server indefinitely.
resolv-retry infinite

# No need to bind to a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# Specify the names of your CA certificate, client certificate, and client key.
ca   CA-CERTIFICATE.crt
cert CLIENT-CERTIFICATE.crt
key  CLIENT-KEY.key

# Protect against sMIM attack
remote-cert-tls server

# Authenticate client by username/password
auth-user-pass

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3


Finally, you need to allow Tunnelblick to access the configuration files. To do this, drag your .tblk folder and drop it on the Tunnelblick icon in the menu bar, or on the list of configurations located in the Configurations tab of the VPN Details window.

That’s it! Now you’ve got your own VPN server. If you encounter any errors during the setup, please let me know in the comment section below.

Got a question? Post it in our forums. We’ll work it out.

Notable Replies

  1. Husman says:

    Thanks for your very helpful article, it worked well from the getgo. I no longer worry about what my VPN provider is or isn't doing with the information they collect about my account cuz I don't have one! Setting up my own VPS was definitely an improvement and worth the time and effort I put into it, but, I'm eager to know more about additional steps I can take to keep me and my activity private. Will you do an article on this subject soon? I've read plenty about this subject but overall I'm more confused now that I was before I started. Your articles are clear and believable compared to others I've read, so pls consider giving us some assistance with what is for many a fairly intimidating subject? Thanks again.
    /husman

Continue the discussion Here

Participants

Comments 45

  1. Hello, I am using an ASUS RT-AC66U that supports open VPN connections. I am currently using ExpressVPN but I have been disappointed with the speeds. I am able to download .ovpn files and easily import them into my router configuration. Using this method that you outlined, would I be able to create a .ovpn that I could import to my router? I am living in China and the commercial VPN’s I’ve been using are so slow. Any help would be appreciated.

    Thanks! Vince

  2. William C. Post
    Author
  3. Hello, I followed all the steps above but when I import the .ovpn file I get “Error reading multiple files referenced by profile: ca.crt, RobbC.crt, RobbC.key . I was also a bit confused on some of the config setup on the server. Any help would be greatly appreciated

  4. Hello,
    Thank you so much for this tutorial. Seems it’s the ONLY thing I have been looking for. I’m planing to use this service to configure a VPN that will allow me to work in some US-based freelance websites.
    However, I am( just like someone has said) not a tech guy and I have one or tow questions I want to pose to you regarding this service:
    1. Should I have a machine running Ubuntu?
    2. I need to have several accounts on the same sight, I’m I able to get get like 5 to 10 different IPs from this service. I mean I want all the accounts to be independent of each other ( log in on different IPs)

    Sorry for my poor English.
    I can wait to hear from you,
    Regards,
    Joseph

  5. Seems that Netflix still detects (and blocks) the use of this solution. I tried it with DigitalOcean, but no success.
    Can anyone else confirm this?

  6. Still trying to get this working on 64 bit CentOS 7 — changes I had to make
    at (4) you need an additional step of
    ==>openssl dhparam -out /etc/openvpn/easy-rsa/2.0/dh2048.pem 2048
    to generate the dh2048.pem file

    at (6), the plugin line should be
    ==>plugin /usr/lib64/openvpn/plugins/openvpn-auth-pam.so login
    rather than
    ==>plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so login

    at (8) – you need to use
    ==>systemctl enable openvpn@server
    rather than
    ==>chkconfig openvpn on

    1. William C. Post
      Author
  7. Hello admin..thanks for your great lecture..
    sorry im newbie in vpn and also sorry for my poor english..

    I wondering having own vpn server where i can share connection with other people in my country for free (example to 100 people)…

    Can i share Vpn connection with other people ?
    thank..hope you can help me answer

    1. William C. Post
      Author

      Yes. There are basically two ways to accomplish what you want. You can create an account (Username/Password) for each user who will connect to the VPN server. This gives you the ability to manage VPN users. An easier approach is to use certificate-based authentication without creating any user accounts. Read this to learn how OpenVPN authentication works.

      1. thank you mr william…:-) great…i will credit to you when my project done one days…thanks …

  8. Hi William,

    I’ve got no idea how to go about setting up my own VPS even after going through your tutorial (Tech is not my forte). However, I’ve been using a VPN service for about 2 years now to access UK betting sites whilst living abroad. Recently some have picked up that the IP address being used is ‘hosted’.

    My question to you is, would setting up my own VPS not only allow me to show a UK IP address, but will it also prevent the IP address used as showing up as a VPN/Hosted service?

    I’ve recently tried a VPN provider that claims to provide dedicated/static IP addresses and yet a particular site is still picking up the IP address as a hosted service.

    Thanks in advance!

    1. William C. Post
      Author

      Hi Michael,

      Whether you use your own VPN or a paid VPN service, there is no way to guarantee that an IP address won’t get ‘listed’. Remember that most IP addresses are public records; anyone can find out whom an IP address is assigned to by querying it on IP Whois databases.

  9. little confused when I get to step 4 trying to generate certificates. I edited var file saved changes, and the confusion comes when the . var “notice the space between the period” I try to go further and I get:

    Please edit the vars script to reflect your configuration,
    then source it with “source ./vars”.
    Next, to start with a fresh PKI configuration and to delete any
    previous certificates and keys, run “./clean-all”.
    Finally, you can run this tool (pkitool) to build certificates/keys.

    I am using fedora server 22, via ssh

    1. William C. Post
      Author
  10. Fantastic article, man. I have got a question with regards to the routing of all trafic via vpn tunnel.
    Do you know if it is possible to achieve this on client side rather than forcing it through server config?
    I would like to use that feature only for some clients, but not for all of them.
    Thanks

    1. William C. Post
      Author

      In the configuration file for the OpenVPN server, comment out the line: push "redirect-gateway def1 bypass-dhcp".
      In the client configuration file, add the: redirect-gateway def1 option if you want to tunnel all the traffic.

      I believe this will solve your problem; please let us know how it works for you.

  11. how do I bind specific interfaces to the clients?
    for example my server has 8 different ip addresses
    1.1.1.1
    1.1.1.2

    1.1.1.8

    all of them are public IPs on eth0 , eth0:1 eth0:2 etc

    If I connect to my server through the openvpn client and check the ip at icanhazip.com or cmyip.com , I only see the default ip of the server, that is 1.1.1.1 on eth0 . even if I change the openvpn server ip to 1.1.1.2 on the client pc to connect, it still shows 1.1.1.1 at icanhazip.com which means all the traffic is still going through the default server ip.

    the other ips on the server are indeed online, I can check them with curl –interface 1.1.1.2 http://icanhazip.com and it shows the correct ip (1.1.1.2)

    but with openvpn, the client pc always shows 1.1.1.1
    I would like to bind 1.1.1.2 to client pc when it connects to the server.
    How can I do that?

    1. William C. Post
      Author

      Add the multihome option to the VPN server’s configuration file.
      Make sure the server uses the UDP protocol and that you’ve added the nobind option to the client-side configuration file. That should solve your issue, but let me know if you have further questions.

  12. Only problem is OpenVPN is blocked in China making this article completely useless for me =(

  13. Can I set up a vpn on my mobile phone device so I can set it up so I can make an app have the ability to use the vpn such as the whatsapp or vibr app that make calls and texts at all is that possible … Thanks

    1. Yes you can! Many VPN providers offer mobile versions of their software. We particularly like the apps from IPVanish and HMA, both of which are also fast enough to stream, but of course you can also connect to your own VPN from your mobile using OpenVPN. OpenVPN offers both an Android and iOS app. It can be a bit tricky to import the configuration file, but once you are connected all Internet traffic from your mobile device is routed through the VPN and you can use whatsapp, vibr, or any other app of your choosing.

  14. Hi, great tutorial! I am just having some small problems and I have a question. What version of CentOS are you using?

    1. William C. Post
      Author
  15. William, your write-ups are phenomenal. Very detailed, easy to follow instructions. Thank you.

    On this article, I wish you had presented a more balanced view. I think the three biggest reasons people use VPNs are anonymity (ppl don’t know who you are), privacy (ppl can’t inspect your traffic), and freedom from censorship (including geo-blocks). The private VPN give you the last two and, as a bonus, excellent performance.

    When it comes to anonymity though, a private VPN means that the public IP can be tied directly to you once someone asks your VPS provider to identify you. It also means that anyone tracking that public IP on the web is really tracking your individual traffic patterns. A significant benefit of using a large provider that uses shared IPs and no logs is that your individual traffic is better anonymized. If I am in a situation in which my well-being depends on my anonymity online, a private VPN is not a good idea. Anyone watching my traffic will know who my VPS provider is, and can follow that traffic out to the public internet after my VPN server has removed the encryption.

    1. William C. Post
      Author

      I’ve been on cloud 9 because you said my write-ups are “phenomenal”. The only other person who used that word on me was my girlfriend, in the morning, 2 years ago 😀

      What you said makes certain sense. When you use a private VPN, your activities will be tied to a single IP – yours. This limitation doesn’t diminish the usefulness of private VPNs for securing network traffic and bypassing geo-fences, but it does make it a poor choice when real anonymity is required. When anonymity is crucial, I suggest you use Tor, which was developed for that exact purpose.

      VPN can be used to protect anonymity as well, but you shouldn’t bet on it, because it’s impossible for a VPN to offer true anonymity. Here are the 3 most conspicuous reasons:

      • VPN providers may claim they never log, and promise to never turn any data over to the police, but the law doesn’t work that way.
      • Without retaining some user information, a VPN provider can’t conduct any investigation if a crime was committed using their service.
      • Many countries have passed data retention laws requiring providers, like ISPs, to keep records of their users’ activity for a certain period of time. In many countries, the same law also gags the service provider from telling you that your identity was revealed. In a post-Snowden world we can reasonably assume big brother’s caring gaze is unavoidable.

      For a more in-depth look at how VPNs support anonymity, be sure to read my upcoming article. Subscribe to my newsletter to be notified when it’s ready.

  16. Excellent tutorial but I am a linux newb so it is going to be a lot of trial and error for me.

    I do have a quick question though. Instead of using a VPS, would it be possible to host the server myself? I really don’t want any bandwidth limitations and I have a pretty new Dell just sitting around looking for something to do.

    1. William C. Davis Post
      Author

      If you choose to host the server yourself, you need to figure out how to get an IP address in the country where you want to virtually reside. For example, if you want to watch the US version of Netflix, make sure you have a US IP.

      1. If I use a VPS like Digital Ocean and create the server, am I able to get an IP address for another country, say England if I live in the US? Pardon my basic question however I am very new to the VPN world and have been looking at several VPN services. This looks like a much better option but I’d like to make sure I can access programming from England, one of the main reasons I want a VPN.
        Thanks.

        1. William C. Post
          Author

          Hi Jeff:

          Yes, of course you can get an IP address from another country. If you want an IP address from the UK, select the data centre from “London” when creating your Digital Ocean VPS, as shown in the image below.
          Digital Ocean VPN server regions

          1. Thank you for the response and for this entire tutorial. I appreciate the time and effort you have put into this.

          2. William C. Post
            Author
  17. Hi mate, why is taking so long with ./build-dh ….. already 30 min, with OVH vps , cent6 32bit,1gb ram 1vcore. 10gb hdd …i use your tutorial step by step.

    1. William C. Davis Post
      Author

      It can take a while especially for 2048 bit long DH parameters. It takes roughly 40 mins on a DO box with 512 RAM

    2. Miguel, works for you I have 3 vps in ovh and none of them work, connect, (i dont have dnsleaks) and netflix still geo detects me

  18. Hi there, and thanks for the info.

    You write that when you use someone else’s VPN, one cannot be sure that the VPN provider isn’t spying on you. Then, you instruct to go look for a VPS provider in order to install your own VPN on the server which they provide you. So, just to be sure, no trust/security issues there? Once you connect to your remote VPN, the VPS provider will only be able to see encrypted traffic which they will be unable to decode?

    1. William C. Davis Post
      Author

      No, there is no guarantee the VPS provider can’t access data stored on the VPS. However, some VPS providers allow you to encrypt your VPS; you will be asked for the “key” to decrypt the disk when you boot your system. The VPS provider has the ability to see what website you’re visiting and can decode your traffic if SSL is not used. It’s helpful to actually read the “Terms of Use” and the “Privacy Statement” of your VPS provider so you know who will have access to your data how’s being protected.

    1. William C. Davis Post
      Author

      Just checked out transfer.sh and it looks awesome. Love the fact that you can encrypt the files before the transfer. Thanks for the tip 🙂

  19. Got mine setup and running. Here is the result from speedtest. Do you guys get faster connection speed? 

  20. … it was a lot of work… After spending 2 hours working on my VPS, I finally made it work. It is amazing how fast the speed is when comparing with other commercial VPN services; It is about 5x faster than HMA and 4x faster than PIA. Without some knowledge of Linux, I don’t believe many can set it up.

    1. Joel Post
      Author

Leave a Reply

Your email address will not be published. Required fields are marked *