In recent years, the fundamental insecurity of the internet has driven many to seek ways of protecting themselves and their data online. Businesses have pushed many of them in an attempt to help customers stay secure. There have been browser plugins to help force users to take advantage of SSL encryption on websites where it’s available.
The latest IoT devices are turning to short-range Z-Wave encrypted radio technology to keep attackers out. And email providers have increasingly adopted TLS encryption to protect email while it transits the internet.
For individual users, though, the latest internet security method of choice uses a virtual private network (VPN). Subscriptions for them are now available from countless commercial providers all around the world.
A VPN creates an encrypted tunnel that protects internet traffic between a user’s device and an endpoint server located elsewhere, where it exits onto the public internet. That grants the user a measure of security and privacy and some valuable extra benefits, such as the ability to watch any country’s Netflix library.
That doesn’t mean, however, that commercial VPNs are the only option. It’s becoming increasingly common for internet users (who are tech-savvy or have an adventurous spirit) to set up and operate their own VPN servers for private use. Doing so gives them greater control over where their data goes, who might have access to it, and exactly how it’s secured en route to its destination.
For those interested in setting up their own VPN server, here’s a basic rundown on the steps involved to make the process as user-friendly as possible.
Before deciding to set up a personal VPN server, it’s essential to consider how you plan to use it and what you need it to do. If the primary purpose is to enhance your online security and keep your ISP (or another local network operator) from spying on you, a personal VPN is a good fit.
If you are looking for a VPN to anonymize your traffic or allow you to use services like BitTorrent without anyone tracing the activity back to you, a commercial VPN provider is a better option. With that out of the way — here’s what you need to do to get a VPN server up and running:
To operate a VPN server, you’ll need a machine to run it on that’s available from anywhere you might travel, and that has sufficient bandwidth to handle whatever traffic you send its way. For most people, that means choosing one of the many major cloud providers like Google GCP, Amazon AWS, or Microsoft Azure.
Any of those would make a good fit for a VPN server, but it’s important to look at the pricing details to see how much the traffic you expect to generate will cost you each month. If you’re planning to use your VPN to protect all of your web traffic, it might be worth looking into an unmetered VPS solution instead.
With a cloud provider lined up, the next decision to make is which VPN server type to deploy. Today, most commercial VPN providers rely on software called OpenVPN, which is freely available and open-source. Besides, many major cloud providers have ready-built OpenVPN server instances available, which make deploying one a snap.
It’s also among the fastest VPN protocols available so that it won’t slow down the internet connections of anyone using it. For all-around use, OpenVPN makes a good choice.
There are other options available, too. One is called SoftEther, another open-source project that acts as something of a Swiss Army knife for VPN provisioning. It supports connections using any major current VPN protocols, including OpenVPN, IPsec, MS-SSTP, and L2TPv3.
That means it’s capable of supporting connections from almost every internet-connected device imaginable, which makes it ideal if you need to protect a house full of devices.
By far, though, the best current solution for anyone deploying their own VPN server is Algo. It’s an easy-to-set-up VPN system that supports every cloud provider imaginable and has a step-by-step install process that makes getting it up and running easy enough for a novice to handle.
Better still, it supports connections using the WireGuard protocol, which is a highly-secure and blazing fast protocol that most people expect to be the eventual successor to the widely-used OpenVPN.
The great thing about WireGuard works very well with mobile devices, negotiating unstable wireless signals with ease. That’s something that other VPN systems like OpenVPN struggle with. In many cases, a mobile device with a weak signal can be a nightmare to use with a VPN, with frequent disconnections and pauses for re-authentication.
WireGuard, by contrast, takes less than a second to reconnect when there’s a signal issue, providing a stable and seamless VPN experience no matter where you use it.
With the VPN server up and running, the next step is to collect the information needed to connect devices to it. In the case of OpenVPN, the server installation process will have also created a client configuration file that may be used on any device with a native OpenVPN client available.
In those cases, all that’s required is to copy that file to the device and tell the client software where to find it. Then simply provide the username and password selected during the server installation, and the connection should complete with no issues.
For a SoftEther server, connecting a client can be a little more complicated. The server can generate configuration files for OpenVPN and IPsec clients, so if those are in use, the generated files should be all that’s needed on the client (besides the username and password you’ve set).
If the server is configured to use the native SoftEther protocol, nothing more than the server’s external IP address and the login information is necessary to get up and running.
If the server’s running Algo, the installer will have created configuration files for any device capable of running either the WireGuard client or an IPsec-compatible client. The server’s installer will specify where the files reside, and they’re all that’s needed to connect. Best of all, Algo will even generate a QR code with the required configuration information that makes connecting mobile devices as easy as snapping a picture.
Once the necessary clients are connected, the last step is to check to ensure that all of the device traffic is being appropriately routed through the new VPN server.
The simplest way to do this is to visit a testing site that can scan your connection information. If the results reveal the device’s actual IP address or geographic location, something’s not working correctly. If everything’s right, the test should show the VPN server’s IP address and location and the DNS server information used during the server setup process.
In the case of an issue, retrace the setup steps on the server and client to ensure nothing’s been missed. Chances are; however, everything will work on the first try.
If all went well, the result should be a fast, secure personal VPN server that is capable of protecting as many devices as you need (as long as you’re willing to pay for sufficient bandwidth).
Best of all, the setup is entirely disposable, which means it can be terminated or moved to a new hosting provider at any time. After getting through the setup once, it should be easy for just about anyone to repeat the process as many times as they need or want to.
The best part of all is that everything about the setup is under the direct control of its owner – meaning there’s no third-party to trust. And for the security-minded, there can be no more significant asset.