Virtual Private Networks (VPNs) are essential tools for privacy, security, and even convenience. Whether you’re using a public Wi-Fi network at a local coffee shop or traveling internationally, a VPN could prevent your sensitive data from being eavesdropped on.
While commercial VPN providers are a dime a dozen these days, hosting your own VPN could be a better solution in many cases. Here’s why self-hosting a VPN is a good idea, how you can get one up and running within a couple of hours.
Why Self-Host a VPN?
The primary advantage to hosting your own VPN is privacy and security. While almost every commercial provider claims to have your back by deleting logs and securing their infrastructure, their claims are not always true. By hosting your own VPN, you have complete control over the data retained by the VPN software and can delete it at will.
Discount VPN operators may also sometimes be bogged down by overwhelming user activity, forcing you to manually reconnect to a different, less congested network. Your own VPN server, on the other hand, is reserved almost exclusively for your personal use. All in all, shared VPNs offer a less-than-ideal user experience that can mostly be overcome with a self-hosted VPN solution.
About the only downside to hosting your own VPN is that you will be limited to a single geographic region—that is, wherever your server is hosted. However, this is only a problem if you need to bypass certain geo-blocks, such as news websites and video streaming services. For all other VPN-related use cases, a single region works just as well.
Choosing a Cloud Server Provider
The first step to setting up a self-hosted service of any kind is to zero in on a cloud server provider. While Google, Microsoft, and Amazon all provide free cloud servers, their offerings are impractical for a VPN. This is because they offer paltry allowances for bandwidth, storage, and region selection.
On the other hand, discount server providers such as VirMach and RackNerd offer similar low-end hardware but much better allowances on the bandwidth front. Since you’ll be effectively browsing the internet and downloading files through the server’s internet connection, it’s worth paying a few bucks to have a higher cap.
For the VPN, we’ll be using Wireguard—a relatively new VPN protocol that is far more resource-efficient than its counterparts. Since it is extremely lightweight, you won’t need more than 256MB of RAM and a tiny CPU core. In other words, the cheapest of the cheapest servers will do the job just fine.
LowEndBox, a popular provider aggregation website, routinely features such servers for around $1 per month. Just ensure that the price includes a public IPv4 address and 500GB to 1TB of monthly bandwidth, depending on your requirements.
Regardless of which provider you choose, the fundamental approach is the same. Grab your server’s public IPv4 address and connect to it via SSH. A handful of providers like DigitalOcean and Linode even let you access the server via a console session right in your browser.
The first time you connect to your new server, you may be prompted to update the operating system and any pre-installed software to their latest versions. Do this by executing the following commands, one by one:
sudo apt updatesudo apt upgradeThe second command may take some time to wind up, but once it completes, you should be ready to install and set up WireGuard on the server.
Installing Wireguard
Since WireGuard can be a bit tricky to install and configure, we recommend using an open-source script that automates this process for you. The WireGuard-Install GitHub repository contains one of the most popular WireGuard installation scripts. Running it is rather straightforward and requires you to enter just two commands.
Log onto your server via SSH again and enter:
curl -O https://raw.githubusercontent.com/angristan/wireguard-install/master/wireguard-install.sh
Once the script has been fetched from the GitHub repository, make it an executable:
chmod +x wireguard-install.shThen, tell the server to execute it:
./wireguard-install.shIf the above commands fail for some reason, you likely do not have curl installed on your server. To remedy this, install curl from the command line, then repeat the previous commands to complete the WireGuard installation.
sudo apt install curlAfter installing WireGuard, follow the on-screen prompts to complete the installation process. The default values will work fine since we’re running a fairly standard Ubuntu-based server. Press Enter at each prompt to continue until WireGuard is successfully installed.
Once the installation is complete, you will be asked to “enter a name for the client.” A client is any device that will connect to the WireGuard server in question. Your desktop computer, laptop, smartphone, and tablet are all individual clients. For these devices to connect simultaneously, you’ll need to add each one of them as a client.
Enter a descriptive name that lets you keep track of your clients and press Enter to continue, Once again, you can proceed with the default values for the remaining prompts.
In the end, your client configuration file will be saved in your user’s home directory. Additionally, WireGuard will print a QR code that you can simply scan on your devices. This saves you the hassle of manually copying over a config file from your server to your smartphone, for instance.
Connecting to Your VPN
On Android and iOS, download the WireGuard app from the respective app stores. Then, add a new configuration and select “Scan from QR code.”
For your computers and other clients that do not have a camera, you will need to copy over the configuration file manually. Since the SSH service is already enabled on your server, initiate a file transfer over SFTP from your computer. You may need a third-party application to do this, depending on your operating system. Of course, you can always transfer it using a USB cable connection, USB flash drive, or otherwise.
Once you’ve downloaded the config file, point your WireGuard client to it. On Windows, for instance, all you need to do is click on the button that says “Import tunnel(s) from file.”
And that’s it! You can now connect to your VPN server whenever you want. To create additional clients, simply run the script as many times as you need.
Apart from your server’s bandwidth limitations, there’s no real limit to the number of clients you can connect. This is in stark contrast to most commercial VPN providers that impose a cap of six or fewer simultaneous connections.
Image Credit: W Alan/Unsplash