Setting Up Your Own VPN Server with just $5 a month

Your Own Server, Your Own Privacy, Multiple Users

Image by Stefan Coders from Pixabay


In this guide, I will show you how to setup OpenVPN server on a Linux VM hosted on Linode. The cost of the VM is $5 per month (1TB traffic inclusive) but you can get free $100 credit for 60 days from this link. Since this is your own server, you can create multiple VPN profiles for multiple devices or give them to your friend or family to use.

Find a Cloud Server

I was recently looking for a cheap virtual machines (VM) or virtual private server (VPS) solution for running my workloads. The cheapest one (1 vCPU, 0.75GB RAM) on Microsoft Azure is ~ $13/month and it only includes 5GB transfer. It could cost you ~$100/month for 1TB transfer.

Virtual Machine cost from Microsoft Azure Pricing Calculator
Linux VPS plans from a local provider
VM shared plans on Linode Pricing

Create Virtual Machine

Click Create a Linode with the following parameters:

Create a Nanode 1GB VM
The VM is up and running
Log in Linode Server via SSH

Configure System

Update system

Upgrade your system

apt-get update && apt-get -y upgrade

Create User

Create a new user as using root is not a good security practice.

useradd -G sudo -m yourusername -s /bin/bash
passwd yourusername
ssh-keygen -t ed25519
ssh-copy-id yourusername@ip_address

Configure SSH

On your server, edit the file /etc/ssh/sshd_config

nano /etc/ssh/sshd_config
Port 12345
PermitRootLogin no
PasswordAuthentication no
systemctl restart sshd
ssh yourusername@ip_address -p 12345

Disable sudo Password

If you don’t like to enter password everytime you use sudo command then edit the file /etc/sudoers by executing the following command

sudo visudo
yourusername ALL=(ALL) NOPASSWD: ALL

Change Hostname

Edit the file /etc/hostname

sudo nano /etc/hostname
sudo nano /etc/hosts localhost demo-server# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback demo-server
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Create SSH alias

To avoid typing long command to login to server like ssh pacroy@123.456.78.90 -p 12345. We can create an alias for it.

Host demo-server
User yourusername
Port 12345
Hostname server_domain
IdentityFile ~/.ssh/id_ed25519
Server’s domain name from Linode console
ssh demo-server

Install OpenVPN

Execute the Script

In this step, we will use the installation script from

wget -O && sudo bash
Welcome to this OpenVPN road warrior installer!Which IPv4 address should be used?
IPv4 address [1]:
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port should OpenVPN listen to?
Port [1194]: 443
Select a DNS server for the clients:
1) Current system resolvers
2) Google
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]: 3
Enter a name for the first client:
Name [client]: demo-server
OpenVPN installation is ready to begin.
Press any key to continue…

Copy the VPN Profile

You need this file to setup the client.

sudo mv /root/demo-server.ovpn ~
sudo chown pacroy:pacroy ~/demo-server.ovpn

Disable the log

Edit the file /etc/openvpn/server/server.conf

sudo nano /etc/openvpn/server/server.conf
verb 0
systemctl restart openvpn-server@server.service

Setting up Your Client

Download the Profile

Use scp command to download the ovpn file to your local PC.

scp demo-server:~/demo-server.ovpn ./Downloads

Download OpenVPN client

Head to and download client for your device. It supports Windows, MacOS, Linux, iOS, Android.

Drop .ovpn file on OpenVPN client
Import an OpenVPN Profile
OpenVPN client connected

Adding More Clients

If you have multiple devices or you want to create new profile for other users. Do not use the same ovpn profile as the connection will not work well if there are multiple clients connect using the same profile. Instead, create a new client

sudo bash
OpenVPN is already installed.Select an option:
1) Add a new client
2) Revoke an existing client
3) Remove OpenVPN
4) Exit
Option: 1
Provide a name for the client:
Name: client-2

Setup Unattended Upgrades (Optional)

You can configure the server to automatically upgrade and reboot to apply security patches.

sudo apt install -y unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Remove-Unused-Kernel-Packages “true”;
Unattended-Upgrade::Remove-Unused-Dependencies “true”;
Unattended-Upgrade::Automatic-Reboot “true”;
Unattended-Upgrade::Automatic-Reboot-Time “23:00”;
sudo unattended-upgrades — dry-run