How to create your own VPN servers (step-by-step guide)

Commercial VPN services are handy and convenient, bundling a privacy service into an accessible application-based package. Unfortunately, these providers can be expensive and don’t always offer servers in countries you wish to connect to. With our step-by-step guide, you can set up your own Virtual Private Server (VPS) based in a territory of your choosing, creating your own closed environment that behaves like a remotely located physical server.

While this does require some technical understanding, we have broken things down into digestible steps to help novices navigate the process with a little more confidence. Once you are comfortable with the basics, there is more to learn about OpenVPN servers here.

 

How to build your own VPN server

What you will need

  1. A VPS server with CentOS 6 (32- or 64-bit) installed, and a minimum of 218MB RAM. We may review suitable VPS services in the future, but for this tutorial, we have chosen VPSCheap.net - mainly because it offers VPS plans from $1.99 per month. If you want a more rounded approach, take a look at these comprehensive tips on selecting a VPS hosting provider.

  2. An SSH client - macOS and Linux users have one already, in the form of Terminal. Windows users can download the excellent PuTTy (which we use for this tutorial).

Installing OpenVPN Access Server on the VPS

  1. Open your SSH client and connect to your VPS server using the IP address supplied by your VPS provider.

    PuTTY Configuration

    Terminal users should enter 

    ssh -l user ip.address 

    and enter details when they get the response:

    ip.address/
    /username/
  2. Login as root and enter the password you were given by your VPS provider. Note that in PuTTy the typed password remains hidden, so just type it and hit <enter>.

    Root server login

  3. Before proceeding you should check that tap/tun is enabled. Enter (in PuTTY you can paste by right-clicking): 

    cat /dev/net/tun

    If tap/tun is enabled, you should receive the response:

    cat: /dev/net/tun: File descriptor in bad state.

    Any other response means tap/tun is not enabled. We had to login to our VPS account control panel to enable it.

    login as root

  4. We need to download the OpenVPN Server Access package. Enter:

    wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-CentOS6.i386.rpm (CentOS 6 32-bit)

    or

    wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-CentOS6.x86_64.rpm (CentOS 6 32-bit)

    Downloading OpenVPN server access package

  5. We now need to install the package using the rpm command. Check the line that says ‘Saving to’ (see arrow in above screenshot) to verify package name and enter rpm -i  [package name], such as:

    rpm -i openvpnas-1.8.5-1.centos6 x86_64.rpm

    install package using rpm command

    The output should look as shown above. Make a note of the Admin UI address and Client UI addresses - you will need them in a minute!

    Update 02/20: The instructions for installing OpenVPN Access Server have changed since this article was first written. The following should work, but we have not had the opportunity to test it yet:

    Replace steps 4 and 5 the following commands:

    yum -y install https://as-repository.openvpn.net/as-repo-centos6.rpm
    yum -y install openvpn-as

    Make a note of the Admin UI address and Client UI addresses - you will need them in a minute!

  6. Setup a password. In PuTTy, enter password openvpn, and enter whatever password you want at the prompt (and again to confirm it).

    In PuTTY enter password

    Oops - our password is not very strong, but it will do for the purposes of this example!

  7. Paste the Admin UI address into your web browser (see step 5 above), and enter Username: ‘openvpn’ and whatever password you selected above into the Admin Login (you may need to ‘Agree to end User License Agreement’ the first time you log in).

    >openvpn login

    You should now see the OpenVPN Access Server configuration page.

    openvpn access server is configured

Congratulations, you have installed OpenVPN Access Server on your VPS!

Connect to your VPS using OpenVPN Connect

We now need to set up OpenVPN at your end. OpenVPN Connect is a VPN client that creates a simple OpenVPN connection between your PC and the VPS server, without the need for certificate authentication.

By default, the connection is protected by 128-bit Blowfish Cipher-Block Chaining (BF-CBC) encryption. The Blowfish cipher was created by Bruce Schneier, who has since recommended switching to stronger standards such as AES. However, for most purposes it is fine (and in part two of this tutorial we show you how to change encryption ciphers).

  1. Paste the Client UI address into your web browser (from step 5 above), ensure ‘Connect’ is selected in the drop-down menu, and enter your Username: ‘openvpn’ and password.

  2. You will be prompted to download OpenVPN Connect client.

  3. Install and run OpenVPN Connect as normal, then click the OpenVPN connect icon in the notification bar and select 'Connect to (your client UI address).

    install and run openVPN

  4. Enter username (openvpn) and password.

    openvpn username and password

  5. Click ‘Yes’ at the warning (you need do this only once).

    openVPN warning

  6. You are now connected to you your VPS via OpenVPN.

    The OpenVPN connect icon turns green so you can see whether you are connected at a glance.

    Check out our IP leak test to make sure that everything was working properly, and our IP appears to be that of our VPS.

The pros and cons of building your own VPN server

Pros

Choose your own server locations

Just locate the VPS in the country you wish to access.

Good for unblocking content

As with a regular VPN service, a private VPN server is great for great for accessing geo-restricted services.

Less likely to be blocked

The VPS provides a private IP address. This means the IP address is less likely to be blocked by streaming services which block IPs known to belong to VPN providers (as Netflix and iPlayer do). Do note, however, that these blocks sometimes also extend to all service providers.

Good for defeating censorship

A private IP address makes using your own VPN server a great anti-censorship option as repressive countries also often block IPs known to belong to VPN providers. Many people experience great success at overcoming the Great Firewall of China by setting up their own private VPN servers in countries outside China. Of course, simply using a private VPN server will not defend against other censorship measures such as Deep packet inspection (DPI). 

Protects against hackers when using public WiFi hotspots

As with a regular VPN service, the fact that your data is encrypted between your device and the VPN server means that it is secure when using public WiFi. Even if you accidentally connect to an “evil twin” hotspot, the hackers will not be able to access your data.

Can be cheaper than a commercial VPN

Some VPS providers rent out server space for a very low monthly cost.  That said, there are also some great but very cheap VPN services out there.

Cons

Not suitable for torrenting

Copyright holders will send DMCA notices (and similar) to your VPS provider. Unlike VPN providers who often includes protecting customers from copyright enforcers, VPS providers almost always take a very dim view of piracy. On receipt of a DMCA complaint, then, a VPS provider will probably shut down your account (and very possibly pass on your details to the copyright holder).

Not for the technically faint hearted

Setting up your own VPN server on a VPS requires a fair amount of technical chops. We hope to make the setup process as painless as possible with these tutorials, but it does require a reasonable degree of technical know-how and will require getting your hands dirty with a command line.

Will your own VPN server be more secure?

Using a private VPN server encrypts the internet traffic between your device(s) and the VPN server. The VPN server also acts as a proxy, thus preventing your internet provider (ISP) from seeing what you get up to on the internet.

Unlike commercial VPN services, you control the VPN server. This means that you do not have to trust a third party with your data. This is the main reason that running your own VPN server is often recommended for privacy reasons. You can also choose your own VPN server locations.

Your IP is yours alone

With a VPN service, your IP address is shared by many other users, which makes it very hard to identify which of those users is responsible for which action associated with an IP address on the internet. 

With a private VPN server, on the other hand, you have a static IP address that absolutely belongs to you and you only. This means there is no ambiguity about who did something on the internet using that IP address, which can be easily traced back directly to you.

A VPS is not secure

Virtual private servers are software servers running on shared physical server space. Someone else controls the hardware these virtual servers are installed on, which means that VPS’s should never be considered secure.

If presented with a warrant, for example (or even just an informal request), no server center staff are going to have any scruples against accessing the VPN logs stored on your VPS and handing them over to the police.

DNS

When you use a commercial VPN service, DNS requests are a sent through the VPN tunnel to be handled by your VPN provider (either using its own DNS servers, or leveraging a third party DNS provider but proxying the requests through its servers to protect your privacy).

When using a private VPN server this does not happen by default, and DNS requests will continue to be handled by your ISP. It is possible to set up your own DNS server on the VPS, but that is beyond the scope of this tutorial (although it is something we may tackle in the future).

A simpler option is to change your devices DNS settings to point towards a more privacy-friendly DNS provider such as OpenNIC, but this still requires trusting a third party.

For more information on what DNS is and how to change your DNS settings, please see A Complete Guide to Changing your DNS Settings.

Because of these issues, we reject the claim often made on the internet that a private VPN server is more secure and better for privacy than using a commercial VPN service. It depends somewhat on your threat model, but in many ways using a good no logs VPN service is much better for privacy than using a private VPN server.

Now we have the basics covered, please be sure to check out Part 2 of this guide, where we show you how to change the encryption cipher, build an OpenVPN certificate, create an .ovpn file, and add other users.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

14 Comments

Tom
on April 5, 2020
Reply
Hi Douglas, when trying to reach admin login website getting this error 'SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)' ! Never had this before, but now when run the latest yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm yum -y install openvpn-as CentOS 7 command. Also, a question about tap/tun, in case it is disabled - is it possible to proceed from step 1 to 5 (Installing OpenVPN Access Server on the VPS) successfully, or this will not be the case ? Thanks
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to Tom
on April 6, 2020
Reply
Hi Tom. Well, this tutorial uses CentOS 6, so if you are following it to the letter then you will need the CentOS 6 OpenVPN package. But yeah, it should work minimal changes if you want to do it in CentOS 7. You may find this discussion/a> useful. tap/tun needs to be enabled for OpenVPN to work. As I note in the guide, I was able to enable it through my VPS web admin panel. If this option is not available to you then you'll need to ask your VPS provider about enabling tap/tun.
Iris
on April 3, 2020
Reply
Hi, why the openvpn is error, cannot connect success now
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to Iris
on April 6, 2020
Reply
Hi Iris. That's not enough information for me to work with, I'm afraid. You may find the official Troubleshooter documentation useful for resolving your issue.
Jonh ddoe
on February 29, 2020
Reply
[Link removed to an article on a rival site about NordVPN and ProtonMail's relationship to Tesonet]
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to Jonh ddoe
on March 2, 2020
Reply
Hi Jonh. We have an article on NordVPN's relationship with Tesonet here. Yes, it exists. We have found no credible evidence, however, of any meaningful relationship between Tesonet and ProtonMail/ProtonVPN (Proton might have used Tesonet servers at some point in the past, but so what?). .
John
on February 15, 2020
Reply
i have tried both command but they are no longer working. wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-CentOS6.i386.rpm (CentOS 6 32-bit)or wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-CentOS6.x86_64.rpm (CentOS 6 32-bit)
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to John
on February 24, 2020
Reply
Hi John. Thanks for letting us know. The instructions for installing OpenVPN Access Server have changed since this article was first written. The following should work, but we have not had the opportunity to test it yet: Replace steps 5 and 6 the following commands: yum -y install https://as-repository.openvpn.net/as-repo-centos6.rpm yum -y install openvpn-as CentOS 6 is still widely used in server-land, so this article remains current. But when time permits we will update it to CentOS 8.
Show More Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

Longtime top ranked VPN, with great price and speeds

One of the largest VPNs, voted best VPN by Reddit

Strong presence, no-logs policy