I am not comfortable connecting to a public or unsecured WiFi (e.g. Starbucks) with my devices. If it is a work device, I will immediately connect to the company Virtual Private Network (VPN) and be comforted by the fact that my traffic is encrypted. Consequently, I have decided that I need the ability to connect to a VPN for my personal devices as well.
This guide will walk you through setting up your own "cloud" Linux VPN Server in less than 30 minutes. I decided to go with DigitalOcean since they offer a very basic $5/month "droplet" virtual machine with 1 CPU core, 512MB RAM, 20GB SSD, and 1TB of combined inbound/outbound traffic.
- If you want to host it on your own hardware at your house, I would recommend setting up a VPN router instead.
- If you are planning on using your VPN connection for any illicit activities (e.g. illegal file-sharing), I would recommend investing in a paid VPN service like NordVPN that offers double encryption and hosts their servers in countries that can/will not prosecute. ***
Once you have created an account on DigitalOcean, you will be able to select "Create Droplet" which will bring up a page with three major categories:
- Choose an Image (Ubuntu 14+ or Debian 8+. If you aren't sure, choose Ubuntu 14.04 x86)
- Choose a Size ($5/mo)
- Choose a Datacenter Region (whatever is closest to you for optimal speeds)
[STEP 2] Configuring OpenVPN on the Server
Once you have connected to the web "Console" of your server, it will ask you for the root password. This password will be emailed to you, and you will be required to change it as soon as you log in. I have written a custom script (GitHub) that performs all the steps of configuring OpenVPN according to the DigitalOcean guides.
wget https://git.io/vaCy8 -O openvpn-droplet
** 3/14 EDIT **
The code above is downloaded directly from GitHub. As a best practice, you should inspect the code before executing it.
If you would prefer to build it manually, it may take a bit longer than 30 minutes but here are the guides that my script is modeled after:
[a] Obtaining certificates from server
Now that we have a working VPN server, we need to download the client1.ovpn (OpenVPN config file) that has our private key to authenticate against the CA and server certificate. The easiest way to retrieve the file is with an SFTP client (Secure File Transfer Protocol) such as FileZilla or SCP. If you currently don't have an SFTP client and aren't very familiar with one, go ahead and download FileZilla.
Now that we have the config file, we need to download an OpenVPN client.
If you are using Mac OS X, once you have installed the OpenVPN client you can simply double-click your config file to launch it. For Windows, you need to paste the .ovpn config file into "C:\Program Files\openvpn\config". Once you re-launch OpenVPN GUI client, it will show up as an option to connect to when you right-click OpenVPN down in the icon tray.