How to make your own self-hosted VPN in under 30 minutes



A virtual private network (VPN) is vital to helping you stay secure online, which is especially beneficial in this modern era of smartphones. A VPN encrypts all network traffic to and from your device as it funnels that information through an external server. It also hides your unique home internet protocol (IP) address from all prying eyes, allowing you to stay incognito. Not even your internet service provider (ISP) can tell what sites you visit, only that you’re using a VPN. VPNs can even bypass blocked websites and allow you to watch content from other countries easily.




Unfortunately, not all VPN providers can be trusted, as some keep logs of your entire online browsing history. They can then take that data and sell it to various third-party companies, leading to annoying targeted advertisements or even spam. A few VPN providers may initially have bad intentions. Still, at the same time, certain countries force them to keep tabs on what their users are doing. This is a significant issue since the main selling point of a VPN is to encrypt your network traffic and hide your actual IP address from the public.


Multiple trustworthy VPN providers are available on the market today. However, hosting your own VPN server can further enhance your online security. It lets you control and encrypt your web traffic directly, so you don’t have to worry about third-party companies logging your browsing history. This option may not be the best choice for everyone, but you may want to give it a shot if you don’t trust most third-party VPN providers.


This guide discusses the key benefits and drawbacks of hosting your own VPN while also explaining how to set one up.

For this guide, we set up a remote Linode virtual private server (VPS) running OpenVPN, which costs $5 per month. While you can host your own VPN server from home, you get greater speeds with virtually no downtime using a remotely-hosted VPS. You also don’t have to worry about local hardware failures or device management, simplifying the setup process. And you don’t need experience with Linux or servers. Plus, you can choose from multiple region options, which is helpful for a global audience.


Should I host my own VPN server?

As you might have expected, making your own VPN server has multiple advantages and disadvantages. Here are the main points to remember when deciding if you want to go through with hosting a server or not.


  • You’re in control of your data.
  • It’s usually cheaper or on-par with paying for a VPN subscription.
  • You can use the VPN server for other things, like hosting a website or Nextcloud installation.
  • Websites and services that ban VPNs won’t likely detect your server because it won’t be on an IP block list. This doesn’t apply to Android apps since they can see when a VPN or proxy is currently being used.


  • Anonymity isn’t possible since the VPS host has your name and personal payment information.
  • Your total bandwidth will be limited. Linode gives you 1TB/month, but you effectively get 500GB because the data goes from the origin to the VPN and then from the VPN to you.
  • You won’t get special features that some VPN services provide, like malware and tracker blocking, unless you have the technical knowledge to set them.
  • You can’t easily switch between different countries/locations.

How to set up a Linode VPS

To kick off the initial process of setting up your own VPN server, you’ll create a VPS. This acts as the Linux virtual machine on which your VPN server will run. There are many VPS providers; however, Linode is an excellent option that isn’t too complicated. As such, this is the one we use for our guide to keep things simple. DigitalOcean is another popular option we highly recommend as a great alternative.

To begin working with a Linode VPS, check out the following steps:

  1. Go to Linode’s website and create an account if you don’t have one. (That’s our referral link, which gives us a small credit when you join.) You’ll need to enter your billing information before you can continue.
  2. Go to your dashboard, click the Create button, and select Linode. Or go directly to this link. This is where you’ll pick what hardware your server will have and where it will be hosted.
  3. In the Choose a Distribution box, choose the newest available Ubuntu LTS release, which is 21.04 LTS at the time of this writing.
  4. Choose the region you want your VPN to be located in. If you want to change the location later, contact Linode support.

  5. For the plan, select Nanode 1GB from the list of Shared CPU options. VPNs don’t require much processing power to operate, so this low-spec option should be more than suitable for the task.

  6. Enter a password in the Root Password box. Select a secure and unique combination to keep your account safe and sound.
  7. Click the Create button and wait for the VPS to finish generating and booting.
  8. Now you have a fresh new server ready to run a VPN on!

Log in to the VPS

Your server doesn’t have a graphical user interface (GUI) like Windows or macOS, so there’s no simple way to interact with it visually. It only has a command line. Don’t be scared; these steps are easy to follow. If you’ve ever used a terminal app on macOS, Linux, or Android, you’ll feel right at home going through this process.

To log into your new VPS, you can check out these steps to get started with that:

  1. Once your VPS is open, click the Launch LISH Console button in the upper-right corner of the screen. This opens a web-based terminal, and you’re prompted for a login.
  2. Type root, press Enter, then type your root password. You don’t usually get any visual feedback as you type. That’s completely normal here.
  3. Press Enter once more to confirm your choice.

After you’re logged in, you’re greeted with a Welcome to Ubuntu message. You might find this list of common commands helpful if you’ve never used a Terminal on Linux or macOS before. The next part involves setting up the VPN server, so let’s get started!

Set up the VPN

Now it’s time to dive into the command line interface and start setting up the VPN. Thankfully, this is the easiest step since we use the OpenVPN road warrior install script to get everything running. The script asks for your IP address, what protocol to use, and other info.

To get started, run this command in the console window (that’s the letter O after VPN, not a zero):

wget -O && bash 

Then follow these steps:

  1. Press Enter when you get to the protocol and DNS server.
  2. When asked for the port number, type 443. Many networks block the default OpenVPN ports, so changing it to 443, which is used for HTTPS traffic, can prevent some types of blocks.
  3. Enter your name when asked. The script installs the required software and sets everything up.

Once the script is done, it exports a .ovpn file in the /root/ folder. This file contains your VPN’s connection and login info, which you’ll need to retrieve from the server. It’s also advisable to keep those credentials safe and secure by not sharing them with anyone else.

Download the login info

The easiest way to transfer the .ovpn file to your device is to temporarily start a web server, allowing you to download it using any web browser. Once you finish the download, stop the server and store the .ovpn file somewhere safe.

To start a web server, run the following command:

python3 -m http.server 80

Then follow these steps:

  1. After the server is running, paste your server’s IP address to the appropriate location. You’ll find this on the Linode Summary page in your browser’s address bar. Ensure it doesn’t start with https:// since your server won’t have a security certificate by default.
  2. You’ll see a simple directory listing with a few files for you to choose from. Click the .ovpn file to download it.

If you want to set up a VPN on your smartphone, repeat the same process on that device. Alternatively, you can transfer the .ovpn file from your computer to your phone using your preferred method. For maximum security, we recommend a local offline solution, such as a USB cable connection. You can use cloud-based storage for more convenience, but it’s a slightly less secure option in this case.

After downloading the file, shut down the server to keep your data safe from others. Press the CTRL and C keys on your keyboard simultaneously to end the server. You’ll see an exiting message. If that doesn’t work, reboot your VPS from the Linode dashboard to stop the server.

The OVPN file allows anyone to connect to your VPN server, so make sure it doesn’t fall into the wrong hands! If you think someone is accessing your VPN who shouldn’t be, rerun the VPN setup command. This revokes the existing file permission and generates a new one on the spot. Then, only you have access to the file, as it should be.

Connect to the VPN

Now that you’ve set up your VPN and downloaded the connection file, you’re ready to try it out. OpenVPN clients are available for every major operating system. This guide only covers how to connect using an Android device or a Chromebook with access to the Google Play Store. For Windows, Mac, and iOS, VPNGate has an excellent guide here.

There are a few different OpenVPN clients for Android. We recommend OpenVPN for Android because it works well and is fully open source. Once you download it from the Google Play Store, tap the Import button in the upper-right corner (the box with the downward-pointing arrow) and tap the file location.

Then, locate your .ovpn file. After locating the .ovpn file, tap it to continue, and press the Save button to confirm your changes.

From the main screen, tap the new entry, and you’re connected to your custom VPN server. Chrome OS fully supports Android VPNs, so this app also works for Chromebooks. You’ll see a lock icon next to the Wi-Fi indicator.

Secure the server

Since your VPN is an always-on server that receives and transmits personal data, there are some extra things to consider. You should take a few additional steps to reduce possible server-side security vulnerabilities. To enhance the security of your VPN, we have a few tips.

Enable automatic updates

The first thing to do is enable automatic package updates, which allows your server to stay secure on its own. This also keeps you from manually logging in occasionally to install the updates, making your life a lot easier in the future.

First, run this command in the web-based terminal to install any updates that are available for your server:

apt update && apt upgrade -y

Once that’s done, run this command to install the automatic updater:

apt install -y unattended-upgrades

Now you’re all set! From here, your server automatically checks for and installs updates, with minimal (if any) downtime to your VPN. If you get a message like unattended-upgrades is already the newest version, it was previously installed in the system image provided by Linode.

Turn off SSH access

If you aren’t using your server for anything else, disable remote access via SSH. This prevents anyone, including yourself, from logging in to the server remotely. You can only sign in using the console via the Linode dashboard, which also helps prevent brute-force login attacks on your server.

First, run this command through the web-based terminal to disable the SSH server from starting when the server boots up:

systemctl disable ssh.service

Then, stop the server that’s currently active with this command:

systemctl stop ssh.service

Now that remote access to your server has been completely disabled, it’s only accessible from the Linode console and nowhere else. If you want to revert to the default settings at a later date, run the following commands in the web-based terminal:

systemctl enable ssh.service

systemctl start ssh.service

Set up two-factor authentication

The final step in securing your VPN server involves enabling two-factor authentication (2FA) for your Linode account. Doing so makes it more difficult for someone to access your server without your permission.

To enable 2FA on your Linode account, check out these steps:

  1. With the Linode dashboard open, click your profile icon in the upper-right corner, then select Login & Authentication.
  2. Turn on the toggle under Two-Factor Authentication to enable the feature.
  3. Scan the 2FA code with your app of choice, including Google Authenticator and Authy.

A unique code will be required every time you log in to Linode, so don’t lose access to the device that has your authenticator app. Otherwise, you might have difficulty logging into your account. Always make backups when possible.

How to manage your VPN

Congratulations, you now have your own functional VPN server! For the most part, you’re all done, but there are a few final things to consider. For starters, you still need to install the OpenVPN client on your other devices, which allows them to access your VPN server. And even if your server is rebooted (when Linode performs maintenance, for example), the VPN will automatically restart. You might even choose to add or remove custom profiles for your server if needed, but that’s entirely up to you.

How to troubleshoot common problems

If something isn’t working, rebooting your server might be the single fix that makes everything better.

  1. Go to your Linode dashboard, then click the VPN server.
  2. Click the Running button in the upper-right corner, and select Reboot. This command tells your server to perform a system restart, allowing it to shut down safely and start back up in a fresh new state.

How to add or remove VPN profiles

You already have your first OpenVPN profile for yourself, which is linked directly to the .ovpn file. However, you can create even more profiles to let other people access your VPN should you wish to do so. And for administrative purposes, you always have the power to remove a profile later if you want to revoke someone’s access.

To get started, just rerun the VPN setup script in the web-based terminal:

wget -O && bash

You’ll see a series of options. Type the number for the one you want and press Enter. The script walks you through the action, so the setup process should be straightforward.

How to delete your VPS

If you decide you don’t want your own VPN anymore, delete the server with just a few quick clicks. To get started with that, do the following:

  1. Go to your Linode Dashboard, then click the VPN server.
  2. Select the Settings tab at the top.
  3. Press Delete Linode.
  4. Your server is completely removed and no longer accessible by you or anyone else.

Hosting your own VPN isn’t very difficult once you know what to do

If you don’t want to rely on or trust third-party VPN providers, hosting your own server might be right up your alley. Doing so can make your life a lot safer by putting you in charge of your data, which ensures it stays secure. At the same time, you’ll have to be more aware of how much bandwidth you’re using in most cases. As mentioned earlier, hosting your own VPN server is not for everyone. Still, it makes for a fun learning experience. You can always circle back around to the idea in the future.

In case you’re interested in learning more about VPNs, we have a guide on what a VPN is and why you should use one on your smartphone. We talk about how a VPN works, a few modern security protocols, and some key areas where it can’t fully protect you online.

Source link


Please enter your comment!
Please enter your name here

Share post:



More like this