A VPN lets you access the internet from a network other than your local one. If you’ve watched Youtube, you’ve doubtless seen ads urging you to pay for a commercial VPN to bypass censorship, improve your privacy, and facilitate torrents, along with a myriad of other benefits. Such ads dramatically overemphasize the privacy benefits of a VPN. Especially when you compare these benefits to the much greater value provided by a personal VPN (more on that later).
In practice, the main benefits are these:
- Obtain a different IP address.
- Hide traffic from your ISP.
- Have a consistent IP address.
That last one is especially useful for remote workers, who may not have a stable IP address that admins can add to lists of approved IP addresses. But how do you know the VPN service itself isn’t spying on you, or stealing your data?
What if I told you that you can enjoy the benefits of a VPN, without resorting to an commercial service that you don’t even trust? As a hacker, you can easily leverage your tech skills to set up your own personal VPN. It’s as easy as running a few commands in your terminal.
Why setup your own VPN
As we hinted at in the intro, VPN ads on sites like Youtube tend to way exaggerate the benefits of VPNs. Here’s a great overview of the specific ways that claims from VPN ads are dishonest: https://www.youtube.com/watch?v=WVDQEoe6ZWY.
You see, big commercial VPNs come with serious drawbacks. Some issues with commercial VPN providers include:
- Sites often detect that you’re using a VPN
- Your ISP might actually be more trustworthy than the VPN company
- A few VPN companies have seedy pasts.
- Most VPN companies log all of your traffic.
For a more complete exploration of issues with commercial VPN services, I suggest this classic writeup on the topic: Don’t use VPN services.
Plus, it’s easy to set up your own VPN that has none of these problems! As a hacker, it’s a chance for you to use your skills for your own benefit. So let’s start with the first step: deciding what VPN software to use for your personal VPN.
Choosing the the right VPN software
On Linux (which we’ll be using for this guide), there are two main competing VPN protocols:
When you research other protocols, you might some older standards like IPsec, but you can basically ignore these as they slowly fade into the history books.
So, WireGuard or OpenVPN. Which should you use for your personal VPN? Just follow this simple formula:
If you care a lot about speed and simplicity, choose WireGuard.
If you prefer a more mature protocol with more features, choose OpenVPN.
For the examples in this article, we’ll use OpenVPN, because you can install it with fewer commands and we don’t want to get too messy. But really, WireGuard is also pretty easy, and you can find equivalent instructions for installing it here: https://www.wireguard.com/install/.
Deploying your personal VPN on Linux
To deploy a VPN, you need a server to deploy it onto! If you run Linux on your PC, you could technically just deploy your VPN right there. But the whole point of a VPN is to browse the internet from a network other than your own! In other words, a personal VPN means you need to own a personal server. As a hacker, you should really have a personal server anyway, so this is a good excuse to get one.
How do you get a personal server? Myriad methods would work, but we’ll go with the easiest and buy a dirt cheap VPS from DigitalOcean. Buy one here: https://www.digitalocean.com/.
Once you’re done creating your droplet (their fancy name for a VPS), you’ll see a screen like this:
Great, now we’ll just need to SSH into the server and install OpenVPN.
$ curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
$ chmod +x openvpn-install.sh
[runs the configuration...]
The configuration file has been written to /root/mac.ovpn.
Download the .ovpn file and import it in your OpenVPN client.
Just like the script says, we should download the file mac.ovpn. This file lets us connect to the VPN from our home computer. You can download the file via something like FTP, but I suggest using SCP, like so:
$ scp firstname.lastname@example.org:/root/mac.ovpn .
mac.ovpn 100% 2763 10.5KB/s 00:00
Our personal VPN is ready, so let’s set up the client. First, let’s see what my IP address is before configuring my Mac to use our new VPN.
➜ ~ curl icanhazip.com
Alright, so the address above is my personal, home IPv6 address from Guatemala. Ideally, we don’t want servers we interact with online to see this address. Furthermore, home addresses change all the time, due to dynamic IP addresses from ISPs.
We can browse from our VPS’s IP address, but we need to configure our PC to connect to the VPN we set up on our DigitalOcean droplet.
Setting up the client
$ brew install openvpn
$ sudo brew services start openvpn
==> Successfully started `openvpn` (label: homebrew.mxcl.openvpn)
Now we should be capable of connecting to our VPN! Let’s see what happens:
$ sudo openvpn mac.ovpn
If things worked, you’ll see lots of confusing looking log output. Ignore that, and open a new terminal to see if our IP address has changed:
$ curl icanhazip.com
Great! When we access the web, our IP address shows up as our server’s IP address, rather than our residential IP address. That means our traffic is routing through the server’s network before going out to the rest of the internet.
We’ve configured our personal VPN!
Learn more about running personal VPN
Getting your PC to run through your personal VPN is just the beginning. You can also route traffic from mobile devices through your VPN. It’s easy, since you can use the same apps that you’d use for a commercial VPN, just point to your servers instead of the provider’s.
Just look for an OpenVPN app for your device (or WireGuard, if you chose that).
I also highly recommend this video on deploying a personal VPN from Mental Outlaw, one of the best hacking content creators on Youtube: How To Create Your Own VPN (and why).
With Linux malware getting better and better at evading detection, ISPs becoming ever more subservient to local governments, and streaming services fracturing into content islands, no one is safe from threats to privacy and security. Your personal VPN takes you one step closer towards safety from these and other digital threats.