We all face the need for a proxy at one time or the other during our day-to-day Internet lives. To bypass the college firewall, access that websites which is not available in your country, to stream Netflix or other region specific streaming services and the list goes on. So, the question comes now is why should we create our own VPN service when you could buy from a service provider. The simple answer is it is economical to do it on your own if you wish to spend an 30 minutes of your weekend. You can also use the entire port speed of the server to yourself. Also, it feels good to have your own VPN server without having to depend on anyone else!
Let’s start by looking at what we need to implement this project. We would need a VPS with Ubuntu installed from a provider that allows private VPNs on their servers and Nyr’s OpenVPN auto-installer script for Debian based systems. This will get you started.
I recommend NanoVZ for various reasons. They offer 128MB (this is more than enough for our VPN server), 3GB HDD and a Gigabit link with 500GB bandwidth a month for just $3.80 (3 EUR) a year. Pretty cheap, isn’t it? Now, the reason why I prefer this to LowEndSpirit is because of the Gigabit port.
Go to NanoVZ Website and signup for this server.
After successful payment, you will receive your order confirmation, payment receipt and server information. Look into the email carefully. You will see something like –
This service doesn’t come with a dedicated IPv4 address, one of the cost-cutting strategy, thereby keeping their operating costs minimum and offer you a VPS at such a low price. However, you will share an IPv4 address with many other clients on their server. You will get 20 ports of the public IPv4 address NAT’ed to your internal IP address and a port specifically mapped to your SSH port on internal IP.
Connecting to your VPS via SSH
In order to configure your server to run OpenVPN server, you first need to login into the server via SSH. Here comes the need of the SSH port on external IP that is mapped to your VPS. Download a program like PuTTY and login into [Public_IPv4]:[Mapped_Port]. In the above case, I will login into [Masked_Public_IP]:15100.
TUN and TAP are virtual network kernel devices in computer networking. For the OpenVPN server to work, we need to enable these for our server. To do this, you will have to login into your SolusVM panel, again, whose details are given in the email that you received with your order.
Installing OpenVPN Server
This is a fairly simple task. I would first recommend updating your server to the latest packages before beginning with configuring your server for VPN.
Go ahead and run the update command –
Once that is done, you just need to run the Nyr’s auto-install script for OpenVPN.
wget git.io/vpn --no-check-certificate -O openvpn-install.sh; bash openvpn-install.sh
The installer will ask you for the IP on which OpenVPN has to listen to. Give your internal IP address here. Check the email for this IP.
Then it will ask you to furnish the port number. Make sure the port number you give here is in the range of ports NAT’ed for you. In my case it is 15101 to 15120.
The installer will now ask if you would like to enable port 53 also. I would recommend this as a no because you will anyway not be able to use this port as it is not NAT’ed directly from the outside world.
Now enter the client certificate name that you want to store it as. This is like the username you want to access the server with. If you plan to share this with friends and family members, name the certificates accordingly to be able to identify each user.
That’s all it needs. Just hit Return key to proceed. It takes a while to finish the installation and certificate generation. Get yourself a small break!
It then asks for the external IP and since we are NAT’ed, we need to give the external IP provided by NanoVZ in the email.
That’s it. Your certificate will be available at /root/[certificate_name].ovpn. Download this certificate using any SFTP program like WinSCP and use it with your favorite OpenVPN Client. I will do a write-up on comparison between various OpenVPN clients soon.
Let me know how it goes!