How to Set Up a Private Home VPN: For Both Newbies and Experts
When it comes to staying safe online, you really can’t be too careful. Everywhere you turn there are hackers and bots, data-hungry ISPs and mass surveillance programs launched by government agencies. It can seem like everyone’s trying to get at your data so they can profit from it. Fortunately, if you want to fight back there are several options at your disposal.
By far the easiest to use and most powerful way to protect yourself online is to use a virtual private network. VPNs encrypt traffic that leaves your computer or smartphone, wrapping everything in complex cryptography that keeps prying eyes at bay. By running a VPN your information suddenly becomes unreadable to third parties, allowing you to surf, stream, and shop in peace.
VPNs themselves come in a wide variety of flavors. You can sign up for a service, you can build your own from scratch, you can even deploy middle-measures that give VPN-like functionality without having to spend hours editing configuration files. No matter which method you use, the important thing is your VPN is secure. Follow the tips below to learn several different ways to set up your own home VPN so you can take back your online privacy.
Fast and Easy Method: Use a VPN Service
Building your own VPN can be a pain. You’ll need to have access to an external VPS, be comfortable with the command line, and have an hour or two free to sit down and troubleshoot the entire process. If you aren’t interested in something that complex, there are a number of strong, reliable VPN services that are as affordable as they are easy to use.
Over the years we’ve developed a good sense of what makes one VPN better than another. It’s a unique blend of speed, encryption strength, privacy awareness, and even public reputation. The criteria we used to choose our recommended VPNs is listed below. Keep these at the front of your mind when choosing your own VPN and you’re guaranteed to end up with a great service.
- Zero-logging policy – Data that travels through a VPN’s servers can leave a trail behind. Even if it’s encrypted, it’s possible a government agency or third party could force the VPN to turn over the information. To ensure this never happens, a good VPN service will have a strict zero-traffic logging policy at the minimum.
- Speed – Encryption can make a VPN slow. Worldwide server locations can also introduce a fair amount of lag. To make sure your internet doesn’t crawl to a stop, our recommended VPN services deliver the fastest speeds in the business, plain and simple.
- Software support – In order to take advantage of a VPN, you need to run custom software on all of your connected devices. If the VPN doesn’t have an app for your phone, for example, you won’t be able to use it. Our choices below have software for all modern devices, including, at the very least, Windows, Mac, Linux, Android, and iOS.
- Bandwidth and traffic – Some VPNs, especially the sketchy free VPNs, will limit your bandwidth, throttle your connection, or even block things like P2P networks and torrent downloads. You want unlimited and unrestricted access to the internet, and your VPN should support that.
- Server network size – One of the biggest benefits of a VPN service is gaining access to servers located around the world. The bigger the network, the more options at your disposal. Choice is never a bad thing!
Recommended VPN Service: ExpressVPN
ExpressVPN is one of the fastest and easiest to use VPNs around. The service offers incredible custom software for a wide variety of devices, including Windows, Mac, Linux, iOS, and Android operating systems. These are powered by a network of over 145 servers in 94 different countries, each delivering incredible speed test results to users around the world. This is backed by ExpressVPN’s zero-traffic logging policy, ensuring your online activities remain anonymous and private no matter what.
More ExpressVPN features:
- Strong 256-bit AES encryption, an automatic kill switch, and DNS leak protection.
- Built-in speed test to ensure you’re always getting the fastest connection possible.
- Reliable access to Netflix through the website as well as Netflix apps.
- Unlimited bandwidth and no restrictions on P2P or torrent traffic.
EXCLUSIVE for Addictive Tips readers: Sign up with ExpressVPN for a yearly plan at just $6.67 per month and get 3 extra months FREE! You can also take advantage of ExpressVPN’s 30-day “no questions asked” money-back guarantee, making it a truly risk-free VPN experience.
Recommended VPN Service: IPVanish
Speed and security are two of IPVanish‘s strongest features. The service offers incredible 256-bit AES encryption on all transfers, with zero traffic logs to keep that activity perfectly safe. DNS leak protection and an automatic kill switch ensure your identity is never revealed to the internet at large. You’ll get to take advantage of these features while accessing over 850 servers in 60 different countries, all of which are lightning fast and incredibly reliable.
IPVanish also includes the following features:
- Easy-to-use custom software and apps for all major operating systems and devices.
- Fast and secure servers allow for incredible video streams through Kodi.
- Download torrents with full privacy and anonymity, every time.
EXCLUSIVE for Addictive Tips readers: Get 60% off when you sign up for a year of IPVanish, just $4.87 per month! Each plan is covered by a seven-day money-back guarantee, ensuring a risk-free trial for your new, private internet connection.
Low-Power but Customizable: Raspberry Pi VPN
PiVPN makes it extremely easy to set up and run your own VPN from a Raspberry Pi. In fact, all you really have to do is type one command into the terminal and run it, then you’re technically good to go! Of course, you’ll want to configure things once you get the install in place, then there’s customization and all of that. Still, the Raspberry Pi device is extraordinarily inexpensive (around 35 USD) and can make a capable self-hosted VPN.
To start, either SSH into your Pi or run this command directly from the Pi’s terminal:
$ curl -L https://install.pivpn.io | bash
This will run the PiVPN automated installer, which takes care of most of the technical stuff for you, including cipher key generation. A series of screens will appear, each with a bit of text for you to read or a quick option you need to toggle. Most of it is relative to your network setup, including choosing Wi-Fi over Ethernet and confirming your IP address. The defaults for most of the prompts are perfect for most users, but if you want more detail about each one, see this step-by-step guide.
After the PiVPN installation completes you can pat yourself on the back, as you now have your very own Raspberry Pi VPN powered by OpenVPN! All you need to do now is configure your devices to access the VPN. Start by accessing your Pi and running the following terminal command:
$ pivpn add
You’ll be asked for a name after running this command. Enter something straightforward like client1. This will generate an .ovpn file that you’ll use to tell other devices how to connect to your VPN. First, you’ll need to get a copy of it to your PC, tablet, smartphone, etc. The fastest way to do this is to use an FTP program and copy the file from the following directory:
Now all you have to do is install OpenVPN on your selected devices, copy the client1.ovpn file to the same device, add the profile, and you’re online! If you’re not sure how to do this, follow the sections below to get things set up.
- Download OpenVPN and install it.
- Copy client1.ovpn to OpenVPN’s installation directory and put it in the “config” directory.
- Right click on the OpenVPN desktop shortcut and go to “Properties”.
- Click “Compatibility” then “Change settings for all users”.
- In the next window, check “Run this program as administrator”.
- Launch OpenVPN as an administrator. If it pops up warning messages, accept them.
- Download and install Tunnelblick, the free and open-source OpenVPN client for Mac.
- When the installation asks if you have any configuration files, simply say “No”.
- Afterwards, open a finder window and double click “client1.ovpn”.
- Launch Tunnelblick.
- Click on the icon in the top corner of the screen and choose “Connect”.
- Select the “client1” connection.
Install OpenVPN by using the following command prompt lines:
$ sudo apt-get update $ sudo apt-get install openvpn
Now edit the configuration file you downloaded in the step above:
$ nano client1.ovpn
Uncomment the following three lines by removing the first character:
script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf
Save and close the file. You can now connect to your VPN by using the following command:
$ sudo openvpn --config client1.ovpn
- Install the OpenVPN client for Android.
- Transfer client1.ovpn to your device, either through a USB connection or via cloud storage.
- Run the OpenVPN app and tap the menu button in the top right.
- Choose “Import”, then navigate to the ovpn file’s location and import the file.
- Tap the “Connect” button from OpenVPN’s main menu.
- Install OpenVPN for iOS.
- Connect your iOS device to a computer and copy the client1.ovpn file to OpenVPN through iTunes.
- Disconnect and launch OpenVPN. A notification will appear saying a new profile is available.
- Tap the green plus sign to import your settings.
- Slide the connect button to “on” to use your VPN.
Highly Customizable Method: Make Your Own External VPN
Commercial VPN services offer a ton of features, but the one thing they can’t deliver is complete customizability. Setting up your own VPN on an external server gives you an incredible amount of control over every aspect of a virtual private network. Want stronger encryption? Edit a config file and you’re set. Need to lock out all devices except your own? Not a problem!
The downside to running your own VPN is it takes some time to set up. You’ll need a virtual private server account, which is inexpensive but not free, and you’ll need to be comfortable editing config files and navigating from the command line. Troubleshooting can also be an issue, as even the simplest problems can stump experts and amateurs alike. Overcome this hurdle and you’ll find hosting your own VPN is extraordinarily useful and just as rewarding.
A quick outline on how to set up an external VPN is below. We also have a guide on how to host your own VPN if you want more detail or prefer using Ubuntu instead of CentOS on your server.
How to set up your own VPN:
- Sign up for an account with Digital Ocean.
- In the Digital Ocean dashboard, click “Create” to make a droplet.
- Choose a hostname for your droplet. Anything will do, such as server or yournameVPN.
- Choose a droplet size. The smallest package will do just fine.
- Choose a server location, then select CentOS 7 as your distribution.
- Create the droplet.
- Follow Digital Ocean’s instructions to configure the OpenVPN server. Take your time, this is the longest and most complicated part of the procedure.
Fast and Powerful: Shadowsocks (SOCKS5 Proxy)
Shadowsocks was designed to restore a free and open internet to users in heavily restricted countries such as China, Russia, and throughout the Middle East. Shadowsocks works by using the Socket Secure 5 protocol (SOCKS5), which simply transfers data packets between a host and a server through its own proxy server. There’s even a layer of authentication built into the SOCKS5 protocol that ensures third parties (ISPs, governments, hackers, etc.) can’t intercept your data.
Using a SOCKS5 proxy can be a great deal faster than other VPN methods, as there’s no encryption involved in the process. You’ll need access to a Shadowsocks server to make it work, which either requires running your own or renting an external service, which can cost five times as much as a VPN. It works extremely well for bypassing site blocks and retaining anonymity, however, and there’s easy-to-use software for desktop operating systems, Android, and iOS devices.
If you’re really concerned about privacy and anonymity, you can also run Shadowsocks along with a VPN. A few VPN services offer SOCKS5 proxy support out of the box, but if you make your own VPN from scratch, you’ll be able to use Shadowsocks without any issues.
Slow but Strong: SSH Tunnel
An older protocol that’s used for VPN-like functionality are Secure Shell tunnels, usually called SSH tunnels for short. This method wraps data in an additional layer of SSH encryption, which is practically unbreakable on its own. SSH is normally used to transfer files securely between a host and a remote server, but if you combine it with a VPN or simply use it for all of your online traffic, you’ll find it has an amazing ability to keep your data private, anonymous, and secure.
The biggest downside to SSH tunnels is speed. SSH wasn’t designed for large amounts of traffic, especially not HD videos or torrent files. If you’re downloading anything more complex than a website, you’re bound to get frustrated. The upside is it’s easy to make an SSH tunnel on Linux and Mac systems (Windows users will have to do some extra work), and you can pair it with a VPN for some of the most powerful data protection possible.
Difficult to Use: SSL/TLS Tunnel
Although it’s not an ideal method to access the internet or to replace a VPN, it’s possible to use an SSL (Secure Socket Layer) tunnel to protect yourself online. This method essentially takes the standard HTTP protocol and wraps a bit of encryption around each packet of data. Websites that use HTTPS (the ones that show a little lock icon in your browser) deploy the same set of technologies, and it works just fine from your end, as well.
The advantage of using SSL encryption is the ability to break through even the most stringent of firewalls. If you’re heading to a country that’s known for its online censorship, such as China, Turkey, or Russia, SSL tunnels can help protect your identity without setting off any red flags. After all, SSL encrypted traffic is extremely common on the web, why would your requests stand out from the others?
The downside to SSL is that it’s a little slower than a good VPN, and it can be a hassle to install and manage. The best way to do it is to download the stunnel software and start the long configuration process. It’s not easy or quick, and you’ll need a fair amount of technical knowledge to pull it off. An alternative is to use a VPN service that offers SSL tunneling through their software. NordVPN is one of the best mainstream VPNs that delivers this feature.
EXCLUSIVE for Addictive Tips readers: Sign up for 2 years of service with NordVPN today to get a special promotional discount of 72% for payments of just $3.29 per month. If you’re not 100% satisfied with NordVPN after your first 30 days of use, get your money back, no questions asked.
Close to a VPN but Not Quite: Web Proxies and Tor
When researching VPNs, you’ll come across a lot of talk about web proxies and the Tor network. Both are great tools to help you stay safe online, but neither is a good replacement for any of the VPNs or encryption methods listed above.
For one, web proxies don’t offer any added security or privacy. They simply take your raw traffic data and bounce it through a new set of servers, giving it a different IP address that lets you fool websites into thinking you’re in a different location. Web proxies are mainly used for accessing streaming videos from other countries. They’re often associated with sketchy providers who collect and sell user information, as well, which means you can avoid them and not miss out on anything useful.
The Tor network is a collection of nodes that function as a relay system for online traffic. By using something like the Tor Browser you can encrypt all of your browser traffic, then send it through the network to make it anonymous and untraceable. It’s a profound piece of technology that’s incredibly useful for anyone who needs to keep their location hidden. Unfortunately, the Tor network is extremely slow, and it doesn’t support things like online videos, Netflix, YouTube, or torrents. For a full rundown of Tor, check out our tips article How to Use Tor: A Guide to Getting Started.
External Threats a VPN Should Protect You From
What are VPNs good for? A wide variety of things! The encryption of VPNs and VPN-like protocols can change the way your data interacts with the web. Instead of sending open, easy-to-intercept, and easy-to-steal information across the internet, VPNs seal everything in an unbreakable encrypted envelope, preventing anyone except authorized parties from accessing the contents. That’s an incredibly useful feature, and it protects you from a host of online threats both large and small, including the ones listed below:
Internet service providers (ISPs) – You pay them money; they give you access to the internet. The relationship should be as simple as that, but far too many ISPs have turned to underhanded methods to exploit their users. Speeds are routinely throttled, for example, and a great number of ISPs log and even sell user information to third parties, all without anyone’s permission. Any VPN solution you deploy should protect against these threats.
Mass surveillance – Governments engage in mass surveillance under the guise of protecting citizens from threats. Data leaks in recent years have shown many governments take the privilege too far, however, and are actively following innocent people, recording their activities, and sharing the information with other governments.
Hackers and bots – The classic image of a hacker stealing information from unsuspecting users isn’t too far from the truth. Both human hackers and automated bots can monitor connections and sniff out valuable data, things like bank account passwords and credit card numbers. Without the encryption power of a VPN, all they have to do is find the code and the info is as good as stolen.