How to create your own VPN servers (step-by-step guide)

Instead of relying on a third-party commercial VPN service, it is entirely possible to create your own VPN server. 

This guide show you how to manually set up a VPN server using any commercial VPS service. A Virtual Private Server (VPS) is more or less exactly what it sounds like - you rent some resources on a physical server run by a VPS company, which provides a closed environment that acts as if it was a complete physical remote server.

How to build your own VPN server

What you will need

  1. A VPS server with CentOS 6 (32- or 64-bit) installed, and a minimum of 218MB RAM. We may review suitable VPS services in the future, but for this tutorial, we have chosen VPSCheap.net - mainly because it offers VPS plans from $1.99 per month. If you want a more rounded approach, take a look at these comprehensive tips on selecting a VPS hosting provider.
  2. An SSH client - OSX and Linux users have one already, in the form of Ter
  3. If you want a more rounded approach take a look at these comprehensive tips on selecting a VPS hosting provider.
  4. minal. If you are creating your VPN server using Windows you can download PuTTy (which we use for this tutorial).

Installing OpenVPN Access Server on the VPS

  1. Open your SSH client and connect to your VPS server using the IP address supplied by your VPS provider.


    PuTTY Configuration

    Terminal users should enter ssh -l user ip.address and enter details when they get the response:

    ip.address/

    /username/

  2. Login as root and enter the password you were given by your VPS provider. Note that in PuTTy the typed password remains hidden, so just type it and hit.Root server login
  3. Before proceeding you should check that tap/tun is enabled. Enter cat /dev/net/tun(in PuTTY you can paste by right-clicking).

    If tap/tun is enabled, you should receive the response cat: /dev/net/tun: File descriptor in bad state.
    Any other response means tap/tun is not enabled. We had to login to our VPS account control panel to enable it.
    Any other response means tap/tun is not enabled. We had to login to our VPS account control panel to enable it.login as root

  4. We need to download the OpenVPN Server Access package. Enter:

    wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-CentOS6.i386.rpm (CentOS 6 32-bit)or
    wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-CentOS6.x86_64.rpm (CentOS 6 32-bit)
    You should see the response pictured below.
    Downloading OpenVPN server access package

  5. We now need to install the package using the rpm command. Check the line that says ‘Saving to’ (see arrow in above screenshot) to verify package name and enter:

    rpm -ie.g. rpm -i openvpnas-1.8.5-1.centos6 x86_64.rpm

    install package using rpm command

    The output should look as shown above. Make a note of the Admin UI address and Client UI addresses - you will need them in a minute!

  6. Setup a password. In PuTTy enter password openvpn, and enter whatever password you want at the prompt (and again to confirm it).

    In PuTTY enter password

    Oops - our password is not very strong, but it will do for now!

  7. Paste the Admin UI address into your web browser (see step 5 above), and enter Username: ‘openvpn’ and whatever password you selected above into the Admin Login (you may need to ‘Agree to end User License Agreement’ the first time you log in).


    openvpn login



  8. You should now see the OpenVPN Access Server configuration page.

    openvpn access server is configured

    Congratulations, you have installed OpenVPN Access Server on your VPS!

Connect to your VPS using OpenVPN Connect

We now need to set up OpenVPN at your end. OpenVPN Connect is a VPN client that creates a simple OpenVPN connection between your PC and the VPS server, without the need for certificate authentication.

By default, the connection is protected by 128-bit Blowfish Cipher-Block Chaining (BF-CBC) encryption. The Blowfish cipher was created by Bruce Schneier, who has since recommended switching to stronger standards such as AES. However, for most purposes it is fine (and in part two of this tutorial we show you how to change encryption ciphers).

  1. Paste the Client UI address into your web browser (from step 5 above), ensure ‘Connect’ is selected in the drop-down menu, and enter your Username: ‘openvpn’ and password.


    OpenVPN login screen

  2. You will be prompted to download OpenVPN Connect client.


    download and connect to OpenVPN client

  3. Install and run OpenVPN Connect as normal, then click the OpenVPN connect icon in the notification bar and select 'Connect to (your client UI address).


    install and run openVPN

  4. Enter username (openvpn) and password.


    openvpn username and password

  5. Click ‘Yes’ at the warning (you need do this only once).


    openVPN warning

  6. You are now connected to you your VPS via OpenVPN.


  7. The OpenVPN connect icon turns green so you can see whether you are connected at a glance.


    IP Leak Test


    We popped along to ipleak.net to test everything was working properly, and our IP appears to be that of our VPS.

The pros and cons of building your own VPN server

Pros

Choose your own server locations

Just locate the VPS in the country you wish to access.

Good for unblocking content

As with a regular VPN service, a private VPN server is great for great for accessing geo-restricted services.

Less likely to be blocked

The VPS provides a private IP address. This means the IP address is less likely to be blocked by streaming services which block IPs known to belong to VPN providers (as Netflix and iPlayer do). Do note, however, that these blocks sometimes also extend to all service providers.

Good for defeating censorship

A private IP address makes using your own VPN server a great anti-censorship option as repressive countries also often block IPs known to belong to VPN providers. Many people experience great success at overcoming the Great Firewall of China by setting up their own private VPN servers in countries outside China. Of course, simply using a private VPN server will not defend against other censorship measures such as Deep packet inspection (DPI). 

Protects against hackers when using public WiFi hotspots

As with a regular VPN service, the fact that your data is encrypted between your device and the VPN server means that it is secure when using public WiFi. Even if you accidentally connect to an “evil twin” hotspot, the hackers will not be able to access your data.

Can be cheaper than a commercial VPN

Some VPS providers rent out server space for a very low monthly cost.  That said, there are also some great but very cheap VPN services out there.

Cons

Not suitable for torrenting

Copyright holders will send DMCA notices (and similar) to your VPS provider. Unlike VPN providers who often includes protecting customers from copyright enforcers, VPS providers almost always take a very dim view of piracy. On receipt of a DMCA complaint, then, a VPS provider will probably shut down your account (and very possibly pass on your details to the copyright holder).

Not for the technically faint hearted

Setting up your own VPN server on a VPS requires a fair amount of technical chops. We hope to make the setup process as painless as possible with these tutorials, but it does require a reasonable degree of technical know-how and will require getting your hands dirty with a command line.

Will your own VPN server be more secure?

Using a private VPN server encrypts the internet traffic between your device(s) and the VPN server. The VPN server also acts as a proxy, thus preventing your internet provider (ISP) from seeing what you get up to on the internet.

Unlike commercial VPN services, you control the VPN server. This means that you do not have to trust a third party with your data. This is the main reason that running your own VPN server is often recommended for privacy reasons. You can also choose your own VPN server locations.

Your IP is yours alone

With a VPN service, your IP address is shared by many other users, which makes it very hard to identify which of those users is responsible for which action associated with an IP address on the internet. 

With a private VPN server, on the other hand, you have a static IP address that absolutely belongs to you and you only. This means there is no ambiguity about who did something on the internet using that IP address, which can be easily traced back directly to you.

A VPS is not secure

Virtual private servers are software servers running on shared physical server space. Someone else controls the hardware these virtual servers are installed on, which means that VPS’s should never be considered secure.

If presented with a warrant, for example (or even just an informal request), no server center staff are going to have any scruples against accessing the VPN logs stored on your VPS and handing them over to the police.

DNS

When you use a commercial VPN service, DNS requests are a sent through the VPN tunnel to be handled by your VPN provider (either using its own DNS servers, or leveraging a third party DNS provider but proxying the requests through its servers to protect your privacy).

When using a private VPN server this does not happen by default, and DNS requests will continue to be handled by your ISP. It is possible to set up your own DNS server on the VPS, but that is beyond the scope of this tutorial (although it is something we may tackle in the future).

A simpler option is to change your devices DNS settings to point towards a more privacy-friendly DNS provider such as OpenNIC, but this still requires trusting a third party.

For more information on what DNS is and how to change your DNS settings, please see A Complete Guide to Changing your DNS Settings.

Because of these issues, we reject the claim often made on the internet that a private VPN server is more secure and better for privacy than using a commercial VPN service. It depends somewhat on your threat model, but in many ways using a good no logs VPN service is much better for privacy than using a private VPN server.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

4 Comments

  1. haseeb

    on August 26, 2019
    Reply

    i love this article. sir, you are awesome.

  2. mehrdad

    on February 19, 2019
    Reply

    Hi What VPN is very very safe

    1. joo replied to mehrdad

      on February 21, 2019
      Reply

      Mehrdad, I would suggest looking at either NordVPN or ExpressVPN, airVPN is also a highly secure service.

  3. simon

    on February 18, 2019
    Reply

    Thanks, helped me to get around a problem - two points: 1) when installing, I couldn't get "rmp -ie.g." to be recognised - removing this command and proceeding directly with the "rpm -i" command worked perfectly. 2) if you already have openvpn installed and just need to update it, use "rpm -U" along with the new updated file - this worked perfectly for me and restarted my VPN service which I suspect had stopped operating due to a very old version of openvpn.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: