Setting up your own private VPN

Key Takeaways:

• Create a VPS (virtual private server) using your preferred provider.
• Use the open source Wireguard VPN - an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances.
• Connect your device and enjoy free and private VPN.

Benefits:

• No subscription required
• Reduce costs significantly by creating a VPS only when requiring a VPN. E.g., spin up a server before you need a VPN for streaming, use it and then delete it when done and you pay only for the hours used since most VPS providers use that kind of pricing.
• Complete privacy.

Downsides:

• a bit of manual setup.

The Problem

I wanted to watch a movie that had become unavailable in the cinemas in my region and I knew that it is still available using a streaming subscription I was already using but again, not in my region, only in the US. As anyone would, I immediately thought of using a VPN service but I didn't want to pay the full month price for a two hour watching experience.

So, I built my own custom VPN with WireGuard. Later that evening, I was able to watch the movie using a custom VPN installation and paying less then 2 cents for it (literaly, $0.018 with Hetzner.de VPS provider).

What follows is the process I went through to implement a solution that I eventually ended up using, instead of the manual steps. The potential is actually huge (not just for streaming), you check out an extensive use case list here: https://github.com/acondura/yopvpn#use-cases.

The Solution

Step 1 - Create your VPS instance with required packages and Wireguard VPN

First off, you need a server where your VPN software (Wireguard, in this case) can be installed. To use our previous streaming example, this has to be placed in a region where you know that it will allow you to stream unrestricted content. If you're in Europe/Asia and you know some movie is available in USA, then choose a VPS provider with USA server locations and create a VPS server in that location.

Choose a VPS provider, like DigitalOcean, Vultr, Linode, Hetzner, etc., you can check out an extensive list here https://www.vpsbenchmarks.com/hosters.

As a specific example, I'm going to use Hetzner as a provider since I'm very pleased with their service and I get a lot of resources for the price:

• add your SSH public key in your account of your chosen VPS provider. You can generate an SSH key pair using command:

  • ssh-keygen -t rsa -b 4096 (and hit Enter and keep hitting the Enter key until it's done)

  • in Windows powershell/MacOS terminal/Linux terminal.
• then upload the file contents of C:\Users\<YourUsername>\.ssh\id_rsa.pub (for Win) (or ~/.ssh/id_rsa.pub for MacOS/Linux) to your VPS account.
• I'm located in Europe so I will choose a server location from the US east coast.
• Server image - latest Ubuntu OS.
• Server type - their cheapest VPS (which is 5 EUR) is more than enough for a VPN.
• Networking - use defaults.
• Leave everything else as default
• After that, click Save or Create server and give it up to a minute to finish setting up.

Step 2 - Connect your device(s)

Connect to your server:

ssh root@SERVER_IP

and replace SERVER_IP with your server's actual IP from your VPS provider.

Once in, run the following commands:

• install docker (details on https://docs.docker.com/engine/install/ubuntu/#install-using-the-conven…)

curl -fsSL https://get.docker.com | bash

• install wireguard server from https://docs.linuxserver.io/images/docker-wireguard/#docker-cli-click-here-for-more-info with two changes: -e SERVERURL=auto and -v ./wg-config:/config. The final command to run should be:

docker run -d \
  --name=wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE `#optional` \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Etc/UTC \
  -e SERVERURL=auto `#optional` \
  -e SERVERPORT=51820 `#optional` \
  -e PEERS=1 `#optional` \
  -e PEERDNS=auto `#optional` \
  -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
  -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
  -e PERSISTENTKEEPALIVE_PEERS= `#optional` \
  -e LOG_CONFS=true `#optional` \
  -p 51820:51820/udp \
  -v ./wg-config:/config \
  -v /lib/modules:/lib/modules `#optional` \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  lscr.io/linuxserver/wireguard:latest

and hit Enter.

Finally, get your client configuration:

cat /opt/wireguard/config/peer1/peer1.conf

Copy and paste the output of that into your WireGuard client and click the Activate button.

Your computer is now ready to use the VPN.