The simple way to set up our own VPN server, consume the VPN on different devices, we will setup the self hosted VPN together, one click to deploy OpenVPN server, as low as $5 per month.
A VPN is an encrypt and secure tunnel that sends all the requests to the remote server, then all requests will be routed from remote server to public network(the internet).
To sum up, here are top two reasons:
- Secure and encrypt the data to the public network.
- Enable to visit the websites which are blocked in your region.
There are VPN service providers that provide the services, so we can consume it just install their apps on the variety of devices, buy the subscription plan, then we are good to go.
Well, for me, they are little high price, and I am not using VPN that often to put the money worth it. And consider the security, I`d rather like to use my private line, so I was thinking a more highly cost-effective way: set up my own the VPN server, as low as $5 per month.
We will install the OpenVPN server & client, an open source free VPN setup framework.
If you don’t have the technical background, no problem, this tutorial will guide you through it, and we will be in the easiest way to setup the VPN server, it would work on all platforms, MacOS, Windows, Andriod, IOS.
Note: In this article, VPS = Remote Server = Cloud Server = Droplet
Let`s take a glance at what we are going to do, a brief overview of the steps.
- Setup SSH key. We will use the SSH to connect the cloud(remote) server.
- Create the (Droplet) cloud server on DigitalOcean.
- Connect to the VPS in Step 2 by using SSH, install OpenVPN on the cloud server.
- Generate the VPN client’s configuration file, download them in local via sFTP.
- Install the OpenVPN app on our devices (Mac, Windows, IOS or Andriod)
- Import configuration file from Step 4, connect!
A computer that has the network access., it could be Mac, Windows, others.
Valid credit card. Mandatory, the payment method for the cloud service provider.
Step One: Set up SSH key
SSH means Secure Shell, it allows us to connect remote network services securely, and it`s the way how we communicate with our cloud server.
Don’t be panic. there are guides how to set up both on Mac and Windows. we will generate one key pair.
- The public key (on the cloud server side.)
- The private key (on the local side, never share it with anyone.)
During the creation of the cloud server, we will put the SSH public key in it, after the installation, we will run SSH command to connect the server, at this time, public key needs to pair with the private key, enter the password, then handshake, and we also need the SSH to download files from cloud server, it`s so-called “sFTP”, the more secure way than FTP.
For Mac users
Generate the SSH key on Mac is easier than Windows. Please follow this tutorial, after you have done it, please back to here.
For Windows users
Please refer this guide. when you finished this Step “Create an SSH Key Pair”, then please back to here.
Step Two: Create a cloud server on DigitalOcean
In this step, we will set up a cloud server to be used as the VPN server. In DigitalOcean, it also can be called Droplet = Cloud Server.
I would recommend the Cloud server provider – DigitalOcean, it`s easy to use, user-friendly interface and great performance, additionally, by clicking the link from kasonz.com, you will get $10 credit in the account. it means for $5 plan, it`s free for first two months. (Billing FAQ from DigitalOcean)
Register, create a Droplet(Cloud Server) on DigitalOcean.
1, Click the link – DigitalOcean, we will see the home page, let`s directly create an account. After the creation, it will ask us to ‘Confirm your email by clicking the verification link we just sent to your inbox.’
After the activation, logged in, we will see the control panel. we need to add the Payment method, it`s mandatory step to create the cloud server.
Click Profile image -> Setting -> Billing, add the credit card info, Card will be charged hourly for resources used. (Billing FAQ from DigitalOcean) After doing that, the $10 credit will be loaded into the account.
Create a Droplet (Cloud server)
Let`s select the CentOS 7 Version to start (the versions may differ, it wouldn’t be problem, just pick one, CentOS 6 or CentOS 7+ )
Select a plan, let`s select $5 per month plan.
Choose a data center region. We can choose a datacenter which we think it could be fast, base on our location, in the tutorial, I will choose San Francisco 1.
Next, we can ignore the “Select additional option”
Add your SSH keys. This is the important step, on “Step One Set up SSH Key”, we got the SSH key pairs, we will paste the public key into here. Find your SSH Public key – id_rsa.pub (the file name may differ), open it in the text editor, copy all the text.
Back to DigitalOcean page, click New SSH Key, paste the text in the area, give it a name, click Add SSH key button, make sure the checkbox of the newly created SSH Key is selected.
Name the cloud server, create it.
After few seconds, the cloud server will be ready, let`s take a note of the cloud server IP address.
Step Three: Cloud server side configuration
Connect to Cloud Server(Droplet)
In this step, we will use the SSH key connect to the cloud server and install OpenVPN server-side app.
For Windows users how to use SSH connect the server, please refer this guide.
Open the Terminal, enter following command. The IP address (red), replace it with yours, press Enter
Then it will say ‘Are you sure you want to continue connecting (yes/no)?‘ Enter yes, press Enter to continue.
It will ask the passphrase for the key, which is the password you set during SSH key pair creation.
Enter the password, press Enter. Now we are on the server.
Install OpenVPN server-side app
There is one-click installation script can save us a lot of efforts, so we don`t need to follow the complex procedures from the official document.
Enter the following command, the installation will begin automatically.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Later, it will ask you some questions, let`s use the default option by pressing Enter.
- Protocol [1-2]: 1
- Port: 1194
- DNS [1-6]: 1
Here, it needs to be noted: the client name.
We are generating the client configuration files for clients, the clients mean our devices, I would recommend generating each client file for our each device, so we can easily to manage them.
The name of the client file is not important. We can name it whatever we want, for example.
- kason-mac for MacOS
- kason-win for Windows
- kason-andriod for Andriod phone
In the following example, I set the client name to client-mac, so I want to use it on my Mac.(the client name is just for the management purpose, it doesn`t mean it cannot be used on other platforms)
Which protocol do you want for OpenVPN connections? 1) UDP (recommended) 2) TCP Protocol [1-2]: 1 What port do you want OpenVPN listening to? Port: 1194 Which DNS do you want to use with the VPN? 1) Current system resolvers 2) Google 3) OpenDNS 4) NTT 5) Hurricane Electric 6) Verisign DNS [1-6]: 1 Finally, tell me your name for the client certificate Please, use one word only, no special characters Client name: client-mac //name your client name
Press any keys to continue. The installation and preparation process really begins. it may take few minutes at the first time.
Write out database with 1 new entries Data Base Updated Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.cnf An updated CRL has been created. CRL file: /etc/openvpn/easy-rsa/pki/crl.pem 321 Created symlink from /firstname.lastname@example.org to /usr/lib/systemd/system/openvpn@.service. Finished!
Finished, the client configuration file(*.ovpn) is ready under the root folder, later on, we will use SFTP method download them to local, your computer, but before that, let`s generate more client files. Run the same command.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Enter 1 to add a new user, press Enter to the next, set the client name, this time I will set the name to client-windows, press Enter to finish it.
The same way to add other users` client files, so we will get:
Note again, the client name is not important, just help you to easily remember and distinguish, it`s just the best practice: one client file for one device.
All the files located under the server root folder. until here, we are done with the server side. let`s download the *.ovpn files, and import them the devices.
Step Four: OpenVPN on clients side
Download *.ovpn files to local.
To download the files from the cloud server those we generated in the previous step, we will use SFTP client, a file transporting tool between the local disk and the cloud server disk. FileZilla is one of most popular (S)FTP client application.
Download FileZilla, after installation, let`s create a new site it which is our cloud server.
(You can also follow the guide here to setup FileZilla)
In the site manager, create a new site, fill the information.
Change the IP address to yours.
The key file would be the Private Key (it may ask us to convert the key file to FileZilla format, just click ok to continue.)
Click connect. it will prompt to enter the password. The password is the same one that we use the SSH connection to the cloud server.
After we connected the cloud server, it should automaticity list files from root directory, we will also see the *.ovpn files.
Let`s download the *.ovpn files to local, select all of them, drag and drop to the left side panel of FileZilla, the left panel presents our local directory. move them to a local folder, for example, the desktop. Or you can simply open the context menu(right-click menu, choose Download)
At this time, the *.ovpn files had been saved on our local computer.
Install the OpenVPN Connect app
it depends on which devices you want to use the VPN. Since I have a Windows PC, MacBook, iPhone, and Android tablet, fortunately, OpenVPN supports all major platforms.
OpenVPN client for Windows:
After installation OpenVPN for Windows, Import the *.ovpn file, click connect.
OpenVPN client for MacOS:
Tunnelblick – Free software for OpenVPN on OS X and MacOS
After the installation, click on any *.ovpn files, it will automatically import to Tunnelblick, then click Connect.
OpenVPN client for Andriod:
Import the *.ovpn file to the app, click Connect. There is a guide on the App shows how to do this.
OpenVPN client for IOS:
Download from Apple AppStore, the app is not available in some countries, you may need register a US apple id, download from US AppStore.
Use the iTunes import the file to App. Back to the app, click connect.
I am satisfied with this speed and performance on DigitalOcean, now I`m running the $10/Month Plan, as it`s hosting two websites on it.
On DigitalOcean, Easily resize the landscape(CPU, Ram, Disk) to higher or lower plan.
It may happen occasionally that take a longer time to connect the server, but overall it`s still impressive. Watching the 1080p video on YouTube without lag.
Hopefully, this tutorial does help, Thanks. If you like it, please share thistutorial with other people.
If you have any questions & concerns, please leave a comment below.