Make your own VPN server to protect your devices from prying eyes
Growing numbers of users concerned about their privacy or annoyed about websites being blocked in the UK are turning to VPNs (virtual private networks). A VPN essentially routes your traffic through a private “tunnel” so snoopers can’t see what you’re browsing. They can make it appear as if you’re based in another country, so you can get around annoying geographic restrictions, and access sites and watch videos not usually allowed in the UK.
You can set up individual VPNs on each of your computers, tablets and mobile phones, but a smarter approach is to create a VPN server you can use to protect every single device on your network. Here’s what you need to do.
Make your own VPN server: What you need
The key component for a VPN server is a computer. This can either be an old PC you no longer use or a cheap computer such as a Raspberry Pi. We’d recommend running this project on a Pi, preferably a Raspberry Pi 3 which costs around £33. These mini computers have all the networking hardware you’ll need built in; use very little power to operate; run silently; and barely take up any room.
We’ll take you through the steps to set this up, but it’s worth noting that the encryption process can take a long time, so you may not want to start this until you know you can leave your computer to get on with the job, possibly overnight.
The project will work just as well on an old PC. You’ll need to install Ubuntu Server as the primary operating system to run PiVPN, so you can follow the same steps as you would for the Pi. If you’re installing the VPN onto a new Pi, you’ll also need the following:
- A microSD card (at least 8GB)
- A screen (TV or monitor)
- An HDMI cable – although you only need this during installation
- An Ethernet cable or Wi-Fi dongle to connect the Pi to your network and the internet
- A USB keyboard and mouse
- A micro USB cable or power supply to power the device.
You can buy kits with all the necessary bits and pieces but there’s a good chance you already have some of the required cables and peripherals lying around at home. If you have an Android phone or tablet, the cable used for charging it will power the Pi just fine.
Your Pi needs to be running the Raspbian Jessie operating system. It doesn’t matter if you opt for the Lite or Pixel version, both work fine.
You’ll also need a copy of PiVPN, which is a version of OpenVPN designed specifically for Raspberry Pi. We have a guide to setting that up below.
Because the Pi will be acting as a server, it will need a static IP address to function properly. Go into your router’s settings (check the manual for how to do this) and look for something like “static DHCP reservation”. The exact location and process for making a reservation will vary depending on your make and model of router, but it’s usually straightforward. If you can’t get a static IP, this guide offers a fairly easy workaround to follow.
Make your own VPN server: Install and use PiVPN
From the Pi (or Ubuntu) Desktop, double-click the Terminal button to open a terminal window. Type PiVPN’s installation command: ‘curl -L https://install.pivpn.io | bash’ and press Enter. All the required code will be pulled from PiVPN, so make sure you’re connected to the internet. This takes a while, so be patient. The installation process will then begin.
Choose a network interface – Ethernet is best. Select it and click Ok. You’ll be asked if you want to use your current network settings as a static IP address. Select Yes, unless you want to enter different details. Select Pi as the user to install the configuration to (or the default user on your Ubuntu installation) and allow unattended security updates.
When this is set up, choose UDP as the protocol, then select the default port (1194). Accept the recommended level of encryption. It will take a very long time to generate a private key. Once that’s done, select ‘Use this public IP’ and select a DNS provider, such as OpenDNS. Reboot the PC when asked to do so.
Make your own VPN server: Add clients and configure PiVPN
When the Pi has rebooted, open Terminal and type “pivpn add”. You’ll be prompted to enter a name for the first client you want to use to connect a device to your new VPN (‘WindowsClient’, for example). Enter a password twice. You want this password to be easy to remember but very hard to guess.
A private key and OpenVPN profile will be generated. Open the File Manager and navigate to the folder where this file has been saved. By default, this is “/home/pi/ovpns”. You can copy this to your OpenVPN client using FTP or via email (remember to completely delete the message afterwards, for security reasons).
In Windows, install and run the OpenVPN client. Right-click its icon in the notification area and select ‘Import file’. Browse to the saved OVPN file, select it and click Open. Next, right-click the icon and select Connect. When prompted, enter the password you created earlier. OpenVPN should connect to your VPN server.
Make your own VPN server: Install Rasbian Jesse
If you don’t already have Jesse on your Pi, go here and download NOOBS – New Out Of the Box Software– to your PC – then unzip the contents to a folder on your Desktop. Connect a microSD card to your computer (using an adaptor if necessary), then drag the contents from the folder to the card. Insert the microSD card into your Pi and power it up. NOOBS will load. When it completes, select Raspbian in the menu and click Install. It will take quite some time for all the files to be copied over but once it finishes, you’ll be able to start using the Pi.
Make your own VPN server: OpenVPN clients
Once your PiVPN is up and running, you’ll need to install OpenVPN clients on all the devices that will be connecting to the VPN. There are lots of different clients available, but here’s a shortlist of the best to get you started:
We show you how to connect your devices to your VPN server in the ‘Add clients and configure PiVPN’ tutorial above.
Make your own VPN server: Port forwarding
Go into your router settings and look for a port-forwarding entry. This may be located under Advanced. Essentially, all you need to do is enter the name of the application or service you’re setting up, and the incoming port (or ports) to use. Choose a protocol type (TCP&UDP, for example) and the IP address to route the request to. If you’re not sure what you need to do, trying Googling the make and model of your router along with ‘port forwarding’ and you should find instructions to follow.
Make your own VPN server: PiVPN commands
If you still have your screen connected, you can type commands into the terminal window in your Raspberry Pi to carry out various actions, such as seeing which clients are connected to your server, creating additional clients, revoking a client profile and more.
The command pattern you need to type is:
pivpn <command> [option], with <command> and [option] replaced by any of the following:
- -a, add [nopass]: Create a client OpenVPN profile, optional no password
- -c, clients: List any connected clients to the server
- -d, debug:Start a debugging session if you’re having trouble
- -l, list: List all valid and revoked certificates
- -r, revoke: Revoke a client OpenVPN profile
- -h, help: Show the help information
- -u, uninstall: Uninstall PiVPN