Getting Started Running Your Own VPN Server

Running your own Virtual Private Network (VPN) server is one of the easiest, and indeed recommended, ways to get started using a VPN setup.

Whether you want to connect back to your home while on the road, protect yourself while on public Wi-Fi networks, allow your staff to connect securely to your business network while working remotely, or simply want to learn more about how VPNs work, running your own VPN server is a great way to get started.

We often get people reaching out for advice about how to get started running an OpenVPN server for connecting to with Viscosity, however sadly there has never been a great resource we can point people to. We’ve written this blog post to serve as a starting point for those new to setting up a VPN server. If you’re also new to the concept of VPNs, be sure to also check out our Introduction to VPN guide.

What Do I Need?

To run your own OpenVPN server you only need two things: a device connected to the network that is capable of acting as an OpenVPN server, such as a router or spare computer, and an internet connection.

These days the vast majority of modern home and business routers, as well as many home file and media servers, support acting as an OpenVPN server making it easy to get started. And for those who have a spare computer it’s possible to create an even more powerful and high-performance setup.

Server Setup Guides

We’ve been putting together setup guides for a number of different operating systems and devices. These guides detail the basics of setting up a standard OpenVPN server. They are designed as a starting point for most common OpenVPN server setups.

Guides for Operating Systems
* Setting up an OpenVPN server with CentOS and Viscosity
* Setting up an OpenVPN server with Red Hat Linux and Viscosity
* Setting up an OpenVPN server with Ubuntu and Viscosity
* Setting up an OpenVPN server with VyOS and Viscosity

Guides for Routers and Devices
* Setting up an OpenVPN server with DD-WRT and Viscosity
* Setting up an OpenVPN server with Netgear and Viscosity
* Setting up an OpenVPN server with pfSense and Viscosity
* Setting up an OpenVPN server with Sophos UTM and Viscosity
* Setting up an OpenVPN server with Synology and Viscosity
* Setting up an OpenVPN server with Ubiquiti EdgeRouter (EdgeOS) and Viscosity

However before jumping into one of these guides it’s a good idea to see what type of VPN setup you desire and proceed accordingly. We’ve found most VPN setups fall roughly into one of four categories which are discussed further below.

Accessing a Home Network Remotely

Being able to access your home network remotely can have huge advantages, and using a VPN for remote access ensures that your network and traffic is kept secure. Other techniques, such as port forwarding, may expose your network and its devices. Your VPN setup can be configured to act just like your computer was plugged in at home, or you can limit access to just what you’d like to be available remotely.

Common tasks that a VPN server at home allows you to do include access files on your home computer remotely, access and stream your music collection from home, access home file servers, access home media/video servers (such as Plex), access and stream security camera feeds, and control home-automation devices.

When deciding how to set up a VPN server it’s best starting with your internet router. Many modern home routers support acting as an OpenVPN server. These are typically straightforward to setup and the easiest way to get started. Check with your router’s documentation to see if it supports this functionality, and if so, see if we have a guide for it above. Some routers may not have inbuilt OpenVPN server functionality by default, but support custom firmware projects (such as DD-WRT) which do.

However while home routers are easiest to set up they typically have limited VPN performance due to low-power processors and poor hardware-encryption support. If you don’t have a router that supports OpenVPN, or you are worried about performance, it may be worth considering using a file-server or spare computer instead.

Some home file/media servers support acting as an OpenVPN server, such as Synology servers. Otherwise an old or spare computer can make a great server. Most old computers will have no trouble hosting a high-performance VPN server, and running your own server in this way will offer you much more customisation, flexibility, and stronger security. Check the guides above to see if there is one for your file server or old computer’s operating system (or if formatting the old computer, your operating system of choice).

Accessing a Business Network Remotely

If you’re seeking a way to give your staff or contractors a secure way to access your internal business network from a remote location, then this is the setup for you. A VPN allows businesses to not only provide remote access, but also perform advanced access control and authentication so you can restrict users to certain network areas or services.

Most modern workplace environments are behind an enterprise-grade router or gateway, many of which support acting as an OpenVPN server. Check with the documentation of the manufacturer to see whether this is supported for the device/s in use. Popular router and gateway devices/software that support acting as an OpenVPN server include VyOS, pfSense, Sophos UTM, and Ubiquiti EdgeRouters. If you have a supported device check further above for whether we have a setup guide for it.

However if offering access to a large number of users it’s recommended using a dedicated VPN server to avoid performance issues. Encrypting a large number of simultaneous connections places a high demand on a device’s processor, and many routers and gateway devices can start to struggle, resulting in lowered throughput and performance. In these cases a dedicated on-site computer or virtual machine is recommended.

Please refer to our setup guides further above if choosing a dedicated setup. Often a custom setup allows for more flexibility when configuring a VPN server, allowing different back-ends (such as LDAP or Radius) be used for authentication, along with two-factor authentication options, access control rules, and custom routing. We’ll likely be publishing more information about implementing these in the future, so please keep an eye on our blog.

Protecting Your Traffic on Public & Wireless Networks

Public and Wi-Fi networks, such as in a hotel, in a coffee shop, at a conference etc., can be attractive targets for attackers and malicious users who are interested in stealing private data and login credentials. While unencrypted and weakly-encrypted (such as WEP) Wi-Fi networks are thankfully mostly relegated to history, sadly Man-in-the-Middle (MITM) attacks and data sniffing are still very real threats. Indeed, many “free” internet providing networks pay for themselves by harvesting network traffic and selling the data to advertising platforms and companies.

By authenticating and encrypting network traffic between you and a trusted VPN server these kinds of threats are protected against. Viscosity even has obfuscation technology built in to allow VPN connections to establish even when an attacker or network operator is attempting to block VPN traffic.

Setting up a VPN server differs in a key way from a home or business VPN server: instead of just making an internal network accessible remotely you’re instead creating a VPN server to handle all network traffic. This means all network traffic flows through the VPN connection.

A home or business VPN server can be easily set up to handle all traffic — our guides further above cover this scenario. However keep in mind your internet connection’s upload speed is your VPN connection’s maximum download speed, and for home ADSL/VDSL/FTTN connections this is usually quite poor.

An alternative to running your own VPN server at home/work is to run a server in a datacenter. This avoids any performance pitfalls, and a low-cost Virtual Private Server (VPS) is all that is required. This is covered in more detail below.

Being Your own VPN Service Provider

The final common use-case for running your own server is to act as your own VPN Service Provider. A commercial VPN Service run by a provider is typically a paid subscription service that provides you with different VPN servers around the world to connect to. These services provide an easy way to protect your data on local networks, escape restrictive blocking and censorship, as well as offer additional level of anonymity by sharing your public IP address with hundreds or thousands of other users.

However, there are times where you may like to be your own provider. You may prefer that your VPN IP address isn’t associated with the activity of other potentially malicious users using the same VPN server, which can often result in web sites and services blocking or restricting access. You may find you’re able to achieve faster performance when running your own server, or improved latency by setting up a server closer to your physical network location. You may be uncomfortable with the idea of a commercial VPN Service Provider potentially having access to your network traffic. Or you may only need a VPN server for a short period of time. In these instances, you can become your own provider by setting up one or more VPN servers to connect to.

When becoming your own VPN Service Provider it’s recommended any VPN servers your create are hosted in a datacenter to assure performance and accessibility. This can be done cheaply by getting a Virtual Private Server (VPS) with a provider such as Digital Ocean, Vultr, Amazon EC2, etc., rather than needing to go to the expense of co-locating a physical server. At the time of writing typical VPS plans start from around $2.50/month. When signing up for a plan check that the bandwidth and throughput allocations are sufficient for your needs. Also ensure that the VPS server is in the location you desire, whether that means nearby for the lowest-latency possible, or in a particular country or city if seeking to use a VPN to escape censorship or geo-restrictions.

The final step when creating a VPS is to choose the operating system it should run, such as Ubuntu. Once you’ve made this choice, you can follow one of the guides above to complete the setup.

Wrapping Up

We’ll be continuing to add new guides for additional operating systems and devices to our support section, so if your device isn’t listed above be sure to check the VPN Server Setup Guides support category. For more information about running your own VPN server be sure to also check out the Introduction to Running an OpenVPN Server support article.

Finally, if you have any suggestions for server setup guides you’d like to see please don’t hesitate to get in touch with us via email or Twitter.


Originally published at www.sparklabs.com.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.