Setting Up Your Own VPN
A VPN is a virtual private network. It is virtual because one creates a virtual tunnel between your computer and a server to exchange data. It is private because it is supposed to require a username and a password to be accessed and it is a network because it links more devices to one or more servers all over different locations. A VPN helps you surf the web anonymously for two reasons:
- the websites you visit, see the VPN serverâs ip, not yours.
- VPN basically encrypts all the traffic before ISP (internet service provider) can intercept it.
There are free versions and paid ones. But still the VPN provider can read your traffic. So you have to trust someone one way or another. What if you could set up your own VPN instead ? It would be totally free and totally (really ?) secureâ¦
A WORLD OF POSSIBILITIES
When you set your mind on the idea of creating your own virtual private network, a world of different possibilities comes to you. Reading on, youâll encounter some technicalities but the detailed explanation of softwareâs installation is left to other articles you can find on the web. This article wants, in particular, to help you discerning what is the best choice for you. The following list is used as a guideline:
- VPN on a cloud
- VPN on a NAS
- VPN on a router
- supported routers
- flashing DD-WRT
- flashing OpenWrt
- flashing TomatoUSB
- VPN on a personal computer
- VPN on a Raspberry Pi
VPN ON A CLOUD
Hosting a VPN on a cloud is becoming a very common practice. Installing softwares like Algo and Streisand on your laptop, give you the possibility of creating servers on cloud services like Amazon EC2, Azure, Digital Ocean, Google, Linode and Rackspace Cloud. The basic process is creating an account on one of the above cited cloud providers (there are free and paid versions), installing the particular software you need (it requires a little configuration but nothing very hard) and youâre done. In the following lines, Iâll explain in details the process of installing Streisand and Algo.
Streisand is a software that allows you to create an Ubuntu 16.04 server on a variety of cloud providers like Amazon, Google and many more. More than this, Streisand installs on your server a lot of anti-censorship tools like Stunnel, Tor, sslh, OpenVPN, OpenSSH, Monit, L2TP/IPsec, Shadowsocks, UFW. Installing Streisand is easy and requires only few commands in your terminal:
sudo apt-get install python-paramiko python-pip python-pycurl python-dev build-essential
sudo pip install ansible markupsafe
Sudo pip install boto
(To install the python libraries for Amazon EC2 youâll find the commands for every other provider on streisandâs page on github.)
git clone && cd streisand
Next you can follow the terminal-wizard choosing the provider, the location of the server, the name of the server and so on. At the end of the procedure, an HTML file will be generated, with the instructions to connect to the server through SSL or Tor. Now youâre done with the installation and you can enjoy the navigation through your brand new VPN.
Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
To install algo on your personal computer, write the following commands in your terminal:
sudo apt-get update && sudo apt-get install \
python -m virtualenv env && source env/bin/activate && python -m pip install -U pip
python -m pip install -r requirements.txt
Open config.cfg in a text editor and choose the list of users in the users list.
In the Algo directory run
As you can see, Algo does not support a Tor bridge which is the reason why I prefer Streisand for the moment.
Now you can follow the wizard. At the end of the procedure you will see the subsequent message:
VPN ON A NAS
A NAS (Network Attached Storage) is basically a storage system that has all the key features of a small server. It often has a linux based operating system on it and it usually can be accessible by operating systems of all kind. A NAS can be linked to one or more hard disks. Connecting to the NAS gives many people all over the world the possibility to access the data stored in it. You can implement a VPN on your NAS, using it as a real server.
VPN ON A ROUTER
Many routers support the creation of a VPN, many others donât. On the routers that are not supported, you can flash a new firmware that
- drastically improves your routerâs performances
- gives you the possibility of creating a VPN on your router
Here is the key question: why should you install a VPN on your router? The answer is that having the VPN installed on your router, gives you the possibility of connecting any devices you want having them fully covered with your VPN with a single account. Said this, there are many custom firmwares that you can flash into your router. The most famous are:
There are also many routers that come with this custom firmwares pre-installed. Some VPN vendors also sell routers of this genre.
VPN ON A PERSONAL COMPUTER
All the existent operating systems offer the possibility of installing a VPN server software. The con of this option is that your pc may not be always on, so the VPN wouldnât be always accessible. Anyway it is much cheaper than buying a NAS.
VPN ON A RASPBERRY PI
At this point of my article youâve certainly understood that you can install a VPN on every computer-like device…So why donât you try with a Raspberry Pi ? You shouldnât trust a public Wi-Fi when using your credentials on a bank site, instead it would recommendable using a virtual private network residing, for example, on your Raspberry Pi. Setting up a VPN on a Raspberry Pi is a little bit complex, Iâll try to explain the key concepts of the installation procedure in the most user-friendly manner, but for an in-depth tutorial I invite you to read the numerous specific articles youâll find on the web. So the key concepts are:
- Raspberry Pi model B.
- NOOBS (new out of the box software), an easy OS installer.
- Raspbian, the official supported operating system for Raspberry Pi.
- Open VPN, the open source software which will give life to your VPN.
- Change your Raspberry Piâs default username and password to something strong (this is fundamental to achieve the security you need for your VPN).
- Generate keys with Easy_RSA. You do this because you donât want your VPN address to be accessible by anyone. In this way, only the authorized devices can access your VPN.
- Build the CA certificate. The CA (certificate authority), is the organization that checks if a website declares a false identity. When you visit your bankâs site and you sign in with your account, the site presents to you a certificate validated by the CA. Only in this way you can be sure youâre visiting exactly your bankâs site and not a phishing site. In this case you are the certificate authority of yourself.
- Static IP on the local network. We want our Raspberry Pi to have always the same IP, being always easily accessible. We achieve this, modifying the etc/network/interfaces file on Raspbian.
- Portforwarding on your router. We want the routerâs firewall to allow a connection between the external network and the internal one, through the UDP port 1194.
- Generate keys for all the client devices. I recommend generating a different one for each device, or youâll not be able to connect with every device at the same time.
Now that we briefly looked over all the possibilities you have when youâre creating your personal VPN, itâs time to punctuate some important considerations. Setting up a VPN with the methods explained, protects you from showing your activity to your ISP, gives you the possibility of accessing data stored on the server from all over the world and guarantees protection from censorship. For what concerns anonymity, I must warn you, setting up a VPN on a laptop, on a Raspberry Pi, on a NAS, on a router or on any other device located in your home WILL NOT GRANT YOU ANONYMITY. So you may think that the cloud solution is the best one, because it lets you connect to a virtual server pretending to be located in any location you want.
To be sincere, even this option is not really reliable. In fact in order to use Algo or Streisand, you have to create an account with Amazon, Azure on any other provider; during the registration process youâll be asked for a lot of personal informations and many security checks and identification processes will be applied. So even if the server is virtually untraceable, it is related to your personal account. Itâs not that easy to create an anonymous Amazon accountâ¦but itâs still not impossible (if you know how to do it). Donât think to use this kind of VPN to hack or do anything illicit. For this kind of purposes, just for the pleasure of discussing, the paid versions like HMA, NordVPN and so on, are often preferred. Youâll be thinking that there âstill remains the problem of the provider spying on my activityâ…and youâre right, but fortunately Tor comes in help. If you first connect to Tor and then to your VPN provider, the VPN server will only see the Tor ip, not yours.
Concluding, always remember: if you do something stupid enough to anger people with enough resources, thereâs no hope for you to remain anonymous. Anonymity is a fact of not carrying out a stupid action, more than worrying about how to hide that action.