How to Make Your Own VPN (And Why You Would Want to)

The guide starts at 11:25
TIMESTAMPS
00:00​ Introduction
01:28​ Everything wrong with the VPN services
05:50​ What are the alternatives?
07:39​ VPN services vs. Self-hosted VPNs
08:58​ Choosing a VPS provider
10:43​ My choice of the VPS provider
11:25​ Creating an account (The tutorial starts here)
11:45​ Creating a VPS
12:37​ Generating SSH keys
13:46​ Updating the packages
14:07​ Creating a non-root user
15:04​ Configuring SSH
17:14​ Installing and configuring OpenVPN
20:50​ Installing mosh
21:14​ Two-factor authentication
23:53​ Automatic updates
25:11​ Conclusion

starts at 0:00

Exactly, no matter what a VPN provider says, you have to trust them when it comes to storing and sharing your logs. If they can profit or have to protect themselves, they with share them with other companies.

Wolfgang, your content is phenomenal. Thank you for your generosity. I hope I can find the cash to donate to your channel soon because you've pieced together some concepts that I understood only in the abstract. Thank you.

Been doing it on my own for quite a while now, but with your hints I just took it to a new level of customization. Great video!

15:48 "I personally prefer to use the port 69." I see you are a man of culture

Hey, thank you for this. I saw this on google but no one makes a tutorial. Glad I saw this today on my recommendation. Gonna finish this tutorial and will sign up with your link. Thanks again

I love that you posted the timestamps. Makes this video so much more useful! Thanks!! I "liked" the video.

Thank you for the in-depth explanation, prior to even starting the setup tut. No unexpected surprises halfway through the process. This is a refreshing compared to many various installation/setup tuts I have reviewed in the past. I have subscribed. Thanks again!

All the TH-cam ads being for VPN services is hilarious. Nice video!

Hello Wolfgang,
I want you to know that i appreciate your in depth knowledge and have deep respect for you that you take the time to share the results of the hard work that you do in order to educate the MANY MANY people that simply have NO CLUE! Thank you.
Mike S.

Thanks for sharing such an interesting content for free and with so much clarity. You deserve a lot more subscribers than people sharing their gaming sessions...

"I know you guys are lazy and are not going to do that" - Fuck I really DO need a VPN he knows me too well.

Hi Wolfgang,
Thank you for sharing this information. Assuming that everything you've said is true, both the loss of privacy and not knowing who to trust is a bigger issue that most of us realize.

This video actually had some very useful info aside from the VPN FUD at the beginning. I'm very thankful for pointing me to an alternative VPS provider that can do terraform and ansible so I don't have to constantly suck on AWS' teat.

Excellent video! Finally someone who explains this thoroughly and also shows how to improve everything. Thank you! I'm gonna give it a try. I just want to also mention that in Linode's Master Services Agreement and in their Privacy Policy they state that personal data (including network logs) are all maintained on their servers and may be presented to law enforcement if there is a court order etc. These will be used in case of suspicious criminal activities. So unless I'm reading this wrong, they do state that information is kept on their servers. So don't go and try something bad now ;)

i really appreciate the amount of effort you put into making this tutorial and showing how serious you are about privacy

I appreciate your honesty, you sum up pro's and cons and if you are sponsored, you mention it, if you see another video which explains the same thing you do but better, you are man enough to admit and mention it and give credit where it's due. You also have a very clean info page with timestamps and more and are quite humble(with self-promotion). Good lad

I once followed a tutorial to install AnsibleVPN and although the install process was so long, I was never able to get it to work. Your video on the other hand, is straight to the point. I followed the video from 17:16 to 20:51 and was able to get OpenVPN working on my EC2 instance in less than 10 minutes. Thanks a ton!

11:16
shocked when I saw you have the same wallpaper as myself.. subbed because you have good taste in wallpapers..
valuable info as well
keep it up

Really good tutorial, I was one of the many that viewed the original and thought it good. But this was great and I saved it in my linux folder for those moments I want to set something up like this. And the steps for openvpn and mosh etc was great too thanks!

Welcome to the comment section! Please read the FAQ before leaving a comment:
Q: How do you know that the VPS doesn't keep the logs? Isn't that the same as trusting a VPN service?
A: Every Internet gateway can potentially log and monitor your traffic. A VPN (be that a VPN service or a self-hosted VPN) doesn't give you extra privacy or anonymity and can potentially monitor your activity. Instead, if you need some extra privacy while browsing the Internet, you should use Tor 06:00 As I mentioned in my last video, VPNs should be used to avoid censorship, geoblocks and DMCA letters, but they won't magically make you more secure and anonymous.
Q: Are you only recommending a VPS as a solution because you were sponsored by Linode?
A: No. I've been using a self-hosted VPN since 2017 and am currently using a VPS from another company. I've also been approached by a several VPN companies that offered to sponsor my videos; I politely refused their offers because such sponsorship will go against my point of view on VPN services. Linode is one of the biggest VPS providers on the market and I'm glad they sponsored this video, however you can always choose another VPS to host your VPN: DigitalOcean, Vultr, Hetzner, etc.
Q: But doesn't a self-hosted VPN make you more identifiable since you're the only user?
A: Unlike a VPN service, on a self-hsoted VPN you get a dedicated IP that isn't shared with any other users. However, a shared IP on a VPN service doesn't give you more privacy: you still use your real IP to connect to it, and your account has a unique identifiable set of keys.
In both cases if a certain government agency were interested in your online activities, it would require requesting logs from the provider, and in case of Linode (or any VPS provider) the authorities would only retrieve connection logs (e.g. when you connected to the VPS from your IP address) - so pretty much the same as with a VPN service. In both cases the authorities can also request logs from the data center providers or hit the service with a FISA warrant if they reside in the US.
Q: Is this tutorial only going to work for Linode?
A: No, this tutorial applies to any KVM- (and possibly Xen-) based VPS. The only part that's going to be different is the process of creating an account, which is pretty easy.

Fantastic video! You do such a great job that even semi-newbies can follow along easily. Thank you for your hard work.

You've actually got so quality stuff on your channel. Keep that up man!

The main reason people look for VPNs is anonimity and the possibility to change connection location and gain the ability to access services reserved only for specific places (ex Netflix). With a self hosted VPN you lose both. Anonimity: basically the same things that your ISP would spy on you, now are spyable by your VPS provider, you're just trusting a different entity. But, as you correctly said, this is a marginal problem, because only source IP and destination IP can be seen, the traffic in between is encrypted. The only thing that changes is that your ISP can only see you are contacting your VPS, and your destinations can see you are contacting them from your VPS. But that VPS can be traced back to your identity, because you're the only owner of that IP address. So we have no anonimity benefit here: in the case the sites you contact want to know who the source IP address belongs to, they can very easily if your VPS provider is complicit. This is more difficult (not impossble) with VPN services ( if they have logs of your real IP) because they have to link the traffic on their system to your real IP and identity manually by looking at metadata, because there are a lot of people using their system simultaneously. And also if the VPN service is, by chance, reliable as they say and they really don't save any logs, then you're anonymous. I don't think VPS providers keep less logs than a VPN service tbh, in this video you're just saying 'meh, I trust VPS providers more then VPN providers', without counting the fact that VPNs grants you the ability to avoid geoblocking by default, and also that the VPN providers base their business on the 'zero logs' policy, and that's not the case for VPS providers.

dude learning a lot here thank you. this is definitely the way

Dry humor, subtle sarcasm, good content including debunking... Gotta love this video man. TY
(learning if you search 'is pee is stored in balls' comes up with yes, was the one of the real highlights)

I was on the fence at first but this turned out to be very informative for a security

Personally I love the movement for personally owned data like your privacy and files. As an enthusiast with multiple industry grade certifications behind me ranging from general certifications in cyber-security & general networking to Cisco university grade diplomas. I don’t care about my own privacy (I know controversial opinion for my field..) however I stand behind this video in more ways then one, he outlines the benefits to self-hosting your own VPN perfectly.
The reason I use VPN’s is to allow much better security within my networks for the company I run. By only allowing OpenVPN’s port past our network firewalls and then encrypting all user profiles substantially it allows me and our employees to access and be on these networks remotely without fear of multiple ports/applications vulnerabilities.
Awesome video, love your other content too!

Thank you for this video WolfGang, I usually rely on typed tutorials but I thought this was so well done that you definitely deserved the full view. Was wondering how you initially got into coding? And how a newcomer may get into it?

This tutorial is amazing and you are really good at teaching !! great job sir !

Love your videos man so informative and honest. Off topic but I seen a video of yours from 2020 and you had longer hair, looked awesome and I want to try it put for myself because of seeing you with it. Thanks for the great videos bro

Thanks for all the hard work and information. I appreciate your dedication.

Excellent stuff thanks, wish I knew enough about coding to set one of these up for myself.

You might need two OpenVPN servers depending on your use case. I use it sometimes for old games that try to find other users on the LAN, so for that you need a bridged interface (tap) rather than the more typical tun, but if you want to use the VPN from your phone, well, the phone clients only support tun. You can run two servers on the same machine without any issues, just with the different config files. You might also need this if you want to reach other devices on your VPN, like some printers. I'm not a fan of scripts like the road warrior one... I would if they were more careful, but my server already runs a bunch of other services and unless these scripts are written super carefully they can mess up other stuff you have running already. I guess they're fine on a fresh VM though. I'm not sure offhand if Wireguard supports a bridged setup.

Thank you so much, man! It was quite difficult to set up through Windows but it worked in the end. I used your affiliate link but, really, this video is worth much more that whatever Linode pays you.

you are doing gods work man thanks for lettings us know

I've never used VPN for "privacy concerns", since I know my data is out there long before anyone was aware of any internet privacy. But i do use a VPN for accessing blocked websites and that is basically the only use for a "public" VPN these days. If you want a "privacy" type of VPN then this video explains perfectly what you want to do and that is have your own VPN on a private server.

looking forward to learning from the rest of your videos. Subscribed!

Nice video. Most VPN subject videos won't dare explain both sides (like covering situations where other tools fit - most vpn videos just say: "you need this, and this alone: It solves everything in the world."). Rare to see honesty on the subject - might actually be the first VPN based video where I've actually seen balance (it can be tiring). Kudos.

Samy K's Evercookie can be used to track Tor users and Snowden revealed the NSA uses Evercookie.

that video from Tom Scott is indeed brilliant, I watched it many times for the entertainment value alone

Hey, you're very close to 100k subs! Congratulations!

Excellent tutorial! Thank you!

Excellent summary.
Don't worry about redundancy in your videos. In case of tutorials it's useful.

One thing of note... If you are using a VPS - Check the Terms Of Service for the hosting/rental company. Many companies have policies against setting up VPNs on there networks for a variety of both technical and legal reasons. Many companies also have a 'One Strike / No Warning' policy when it comes to TOS violations meaning that if there systems team detects a 'banned service' or there legal team gets a DMCA violation / take-down notice. They will take down your node, wipe all of the data (including onsite backups), cancel your hosting/rental account, and notify you via email after... No Refunds. --- TLDR: Lots of providers DO allow you to set up a VPN however, If for some reason a provider doesn't allow a VPN or other services/content to be set up, it will be in the Terms of Service. Because providers don't want to terminate your account, it will usually be written in very plain, easy to understand, language... Just read the TOS and make sure you understand what you can and can not do/run with that provider *before* starting hosting with them.

You are great. I was surprised to see how much knowledge you have gained with this stuff.

Superb tutorial sir! Thank you so much for putting that together

It's always good to be critical about any service you're making use of. In the same sense I have two questions about the points you're making in your video:
- If you're using your own OVPN install on some VPS, then all traffic can still be pinpointed to exactly the virtual machine that your running on that server. In affect, you're still rely on that VPS not to disclose the account holder to that VM. I'd say that assumption is at least as "dangerous" (and maybe even more so...) as assuming that VPN providers wouldn't back-trace the user corresponding to some traffic from x months ago. Wouldn't you agree?
- Secondly, at 12:50, you seem to be saying ssh exchanges your pass in plaintext. That's not correct. To verify, I just ran a wireshark capture on my own system. Openssh is using the Diffie-Hellman encryption before your key exchange of the actual ssh connection. Maybe I'm misunderstanding you?
I hope you'll take the time to respond, I'm curious to hear your thoughts.

Thank you for 23:28 , I almost had a heart attack when my server refused to connect. Luckily I had a previous tab that I kept minimised.

I'm a security analyst and it's the 1st time I watch your video and I already like you cause you tell the truth. You've got one more sub!

I just setup an OpenVPN with this. It's really useful. Thanks for the indepth and great video

I have a VPN set up on a VPS for port forwarding. Our home network is behind double NAT, so this is the only way for me to host anything on my PC.

Great video, just wish I understood it more so I could give it a go! 😂

I really appreciate this video. I've been working on getting a reliable and light weight VPN going to access local network resources, and set this thing off without a hitch following your tutorial. Thanks so much for the time and effort into putting this together, helped me a ton and saved a lot of time and headaches along the way! Cheers!

Awesome video, been wanting to do this for some time , just was not confident in doing it safely

seems pretty dope. was originally just gonna buy a vpn but this seems like a way better option.

I certainly hope nobody is getting Linux ISOs from Pirate Bay lol

Needed to see this. Thanks for the update. Already found some info that contridicts your statements. But this is important. It means I'm looking in the right direction, so again. Thank you. Great video.

Literally got an ad for Private IP VPN that used all the same marketing tactics you mentioned, I almost thought it was part of the video for a second XD

Perfect! Finally someone who speaks at the speed of thought instead of raising my blood pressure wishing they would hurry up. Thanks for not digressing and just sticking to the facts. Don't changing anything. I hadn't heard of Linode. I just went there to check it out. I will use it for more than a VPN. Thanks TONS!

This is such a well made video, super informative and visually amazing. Good job!

Thanks a ton, Wolfgang - very helpful,
Roger (now a subscriber)

Great Video! I have a small issue with the vps solution because you still have to give them your personal data and you will be responsible for anything that happens on it. Nonetheless awesome explanation!

I have never known that I can do two-factor authentication with ssh until you post this video.

i prefer this kind of content over gnu/linux ricing
good vid!

This video is hilarious at the beginning and so honest! Great job!~

This is a fantastic video!
Thank you for starting with the clarification, and moving on to creating an at-home VPN.
Also, I like your name. xD

Wolfgang, I've always been a fan of testing one's security by trying to break it. You're a clever guy, so if you pretended you were an ISP and could install sslstrip on the network, had access to Let's Encrypt or your ISP/corporate certificate server, used mitmf to rewrite DNS queries I'm sure you could come up with a way to defeat the coloured padlock (note most padlocks are now grey which tacitly recognises how irrelevant they turned out to be). We're not yet at a point where we can secure a system against a malicious entity (or benevolent state actor, lol) that has physical access to one's system and this is the position we've put ISPs in.

This seems like an all day class crammed into less than 30 minutes.

Amazing video thank you so much. I loved the last part where you added all of these amazing features. I have a question, isn't it a bad practice to have automatic packages updates in your system ?

Outstanding work !!! I really like this !!! Your level of expertise is impressive !!!

Correction: You say using a clear text password is a bad idea because it isn’t encrypted in transit. It IS in fact encrypted in transit and a hacker would NOT be able to see it over an infected network. However I do still recommend an ssh key as it is a much better option for many different reasons.

I got an ad on a Vpn called ipvanish and the first words where "The internet is tracking everything you do!"

i can watch your videos all day your voice is so Calming, one of the best channels on TH-cam

What are you, a genius. Like you showed me so many linux related, I never knew I could do sftp instead of scp command @20:00. And your explanation is smooth. Just one thing, your terminal command were disappearing within a seconds, I had to pause and slow down video to 0.25x sometimes. Anyway superb. Thanks

Ima be honest. I have no interest in having a vpn, but this was very informative and entertaining.

Seems to me that Linode (or whatever VPS service you pick) can log your traffic. So if someone tracks your traffic to your VPS, the company that runs the VPS can tell them the identity of the person who was renting that IP address. So, it doesn’t really seem particularly anonymous.

Very nice with the only you can access the folder then , when opend deleted on Linux. And the full set up mate 👌

I love the way you talk, it's very relaxing

I only download the highest quality *linux isos*

How you can be sure that ISP of your server doesnt keep logs of all traffic in dc?

Excellent information, thanks! Subscribed.

Like very much how you explain! Many businesses leaders could learn from you. I, definitely a subscriber now

Isn't providing your details with the vps provider a vulnerability? Shouldn't you pay for these things anonymously?

6:47 The fact that he recorded himself actually searching this up is hilarious XD

Really useful and informative thank you!

Hey Wolfgan, really love your video!
Is it then possible to use the vpn with multiple pc or just with one?

I have no idea how to do anything I just watched. Still interesting though

I've Been Waiting This, Thanks !!
But How Can You Trust These VPS Servers,isn't it the same as trusting vpn servers?
Many Thanks

You are a man of great humor ( 3:18 & 6:46 😂😂😂) and knowledge. Love to hear your take on Qubes OS.

I would suggest establishing a firewall before creating the VPN. Do it as part of the server set up/configuration.

Great tutorial and I’m a linode fan myself. However, I would recommend a VPS provider outside of the 14 eyes territory to heighten privacy if VPN is the main objective. . Otherwise great content

imagine using openvpn in 2020
this post was made by wireguard gang

It's an excellent guide... and he offers a little tutorial in some great remote server security techniques that are worth learning. It took me some time to realize that the openvpn-install script includes a feature for adding clients to the vpn server... thus making this a multi-client option - running the same .ovpn script on multiple hosts is problematic to say the least.

Wow, I didn't even know you could do this!!! it's like seeing a new world!!!

There are a few thing he got wrong:
ISPs only have access to your IP address and the destination like he said, but that's still valuable information since third party cookies are often blocked and the only other good identification method that's left is fingerprinting. I know out of second hand that ISPs sell mapping files legally in eurpe. The IP addresses and the time can be used to connect your accounts on different platforms.
There is a difference between the https encryption (128 bits) and aes-256 (256 bits). 256 is practically impossible to crack, while 128 is just still very resource intense to crack.
A self hosted VPN does not really make you anonymous, if your the only person using it and the server can be traced back to you. The anonymity with a VPN comes from multiple people using the same server (and IP address).

"I know you guys are lazy and you're not gonna do that" 😂😂😂 this guy knows his audience too well.

I have benefited greatly from this video. Thank you!

10:25 I'm in Switzerland and I _might_ use BitTorrent a lot without a VPN. I have never been contacted by any copyright authorities nor have I heard of something like that happening to someone else. In Germany, however, the threat of receiving an "Abmahnung" from copyright lawyers with an invoice for a substantial sum is very real.
And regarding "strict copyright laws": in Switzerland we have the legal right to make personal copies of any published work and share them with close family and friends. You can legally copy a book or a movie and give it to your mother. You can even hire a third-party to copy it for you.