Setting Up Your Own VPN Server with just $5 a month

Your Own Server, Your Own Privacy, Multiple Users

Image for post
Image for post
Image by Stefan Coders from Pixabay

TL;DR

In this guide, I will show you how to setup OpenVPN server on a Linux VM hosted on Linode. The cost of the VM is $5 per month (1TB traffic inclusive) but you can get free $100 credit for 60 days from this link. Since this is your own server, you can create multiple VPN profiles for multiple devices or give them to your friend or family to use.

Find a Cloud Server

I was recently looking for a cheap virtual machines (VM) or virtual private server (VPS) solution for running my workloads. The cheapest one (1 vCPU, 0.75GB RAM) on Microsoft Azure is ~ $13/month and it only includes 5GB transfer. It could cost you ~$100/month for 1TB transfer.

Image for post
Image for post
Virtual Machine cost from Microsoft Azure Pricing Calculator
Image for post
Image for post
Linux VPS plans from a local provider
Image for post
Image for post
VM shared plans on Linode Pricing

Create Virtual Machine

Click Create a Linode with the following parameters:

Image for post
Image for post
Create a Nanode 1GB VM
Image for post
Image for post
The VM is up and running
Image for post
Image for post
Log in Linode Server via SSH

Configure System

Update system

Upgrade your system

apt-get update && apt-get -y upgrade

Create User

Create a new user as using root is not a good security practice.

useradd -G sudo -m yourusername -s /bin/bash
passwd yourusername
ssh-keygen -t ed25519
ssh-copy-id yourusername@ip_address

Configure SSH

On your server, edit the file /etc/ssh/sshd_config

nano /etc/ssh/sshd_config
Port 12345
PermitRootLogin no
PasswordAuthentication no
systemctl restart sshd
ssh yourusername@ip_address -p 12345

Disable sudo Password

If you don’t like to enter password everytime you use sudo command then edit the file /etc/sudoers by executing the following command

sudo visudo
yourusername ALL=(ALL) NOPASSWD: ALL

Change Hostname

Edit the file /etc/hostname

sudo nano /etc/hostname
sudo nano /etc/hosts
127.0.0.1 localhost demo-server# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback demo-server
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Create SSH alias

To avoid typing long command to login to server like ssh pacroy@123.456.78.90 -p 12345. We can create an alias for it.

Host demo-server
User yourusername
Port 12345
Hostname server_domain
IdentityFile ~/.ssh/id_ed25519
Image for post
Image for post
Server’s domain name from Linode console
ssh demo-server

Install OpenVPN

Execute the Script

In this step, we will use the installation script from https://github.com/Nyr/openvpn-install

wget https://git.io/vpn -O openvpn-install.sh && sudo bash openvpn-install.sh
Welcome to this OpenVPN road warrior installer!Which IPv4 address should be used?
1) 139.162.54.189
2) 192.168.169.11
IPv4 address [1]:
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]:
What port should OpenVPN listen to?
Port [1194]: 443
Select a DNS server for the clients:
1) Current system resolvers
2) Google
3) 1.1.1.1
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]: 3
Enter a name for the first client:
Name [client]: demo-server
OpenVPN installation is ready to begin.
Press any key to continue…

Copy the VPN Profile

You need this file to setup the client.

sudo mv /root/demo-server.ovpn ~
sudo chown pacroy:pacroy ~/demo-server.ovpn

Disable the log

Edit the file /etc/openvpn/server/server.conf

sudo nano /etc/openvpn/server/server.conf
verb 0
systemctl restart openvpn-server@server.service

Setting up Your Client

Download the Profile

Use scp command to download the ovpn file to your local PC.

scp demo-server:~/demo-server.ovpn ./Downloads

Download OpenVPN client

Head to https://openvpn.net/download-open-vpn/ and download client for your device. It supports Windows, MacOS, Linux, iOS, Android.

Image for post
Image for post
Drop .ovpn file on OpenVPN client
Image for post
Image for post
Import an OpenVPN Profile
Image for post
Image for post
OpenVPN client connected

Adding More Clients

If you have multiple devices or you want to create new profile for other users. Do not use the same ovpn profile as the connection will not work well if there are multiple clients connect using the same profile. Instead, create a new client

sudo bash openvpn-install.sh
OpenVPN is already installed.Select an option:
1) Add a new client
2) Revoke an existing client
3) Remove OpenVPN
4) Exit
Option: 1
Provide a name for the client:
Name: client-2

Setup Unattended Upgrades (Optional)

You can configure the server to automatically upgrade and reboot to apply security patches.

sudo apt install -y unattended-upgrades apt-listchanges bsd-mailx
sudo dpkg-reconfigure -plow unattended-upgrades
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Mail “mail@example.com”;
Unattended-Upgrade::Remove-Unused-Kernel-Packages “true”;
Unattended-Upgrade::Remove-Unused-Dependencies “true”;
Unattended-Upgrade::Automatic-Reboot “true”;
Unattended-Upgrade::Automatic-Reboot-Time “23:00”;
sudo unattended-upgrades — dry-run

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store