Having light privacy with self-owned private VPN servers for FREE*

Tibin Lukose
May 24 · 3 min read

As we know, trusting the public networks might be hard at some point, we never knew who’s eavesdropping our packets and for what. I will be helping you to configure a simple OpenVPN server with decent bandwidth in the cloud.

  • * At the time when I was writing the article, Oracle Cloud was running a tier called “Alway Free” which allows us to span 2 instances for free.

Get an account from https://www.oracle.com/cloud/ and get it verified by giving your card details.

Choose a region which feels comfortable to be, like specific geo that you need to access service,

Span an ubuntu minimum config instance

Image for post
Image for post

upload or paste your pub-key and create the instance

Once the machine is created, goto

Virtual Cloud Networks (VCN) -> Security List -> Default Security List (Looks similar to AWS, more alike reverse hierarchy )

Create an ingress rule for OpenVPN port

Image for post
Image for post

The protocol should be TCP/UDP which you are planning to configure the OpenVPN, I prefer to use TCP since I am looking more into reliability rather than performance, make your choice.

Yeah, Half did… almost there.

SSH to your new instance (username will be ubuntu, grab the IP from the instance page)

The next part is clean-up the iptables rules (i prefer)

#run as rootiptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F

The hardest part for some may be the OpenVPN configuration/manageability, But I find something specially crafted against this problem from the Github community,
https://github.com/angristan/openvpn-install

This script will let you set up your secure VPN server in just a few seconds,

and by default OpenVPN-install script enables to have secure configurations from known “good” practices

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
#run as root./openvpn-install.sh

for the first time, it will prompt you for the configurations

Image for post
Image for post

For the IP address param, either Instance public IP can be given or any DNS name if you have any,

select the default port (1194 which you opened in security groups)

either TCP/UDP (which you configured in security group)

Once it is done, the script drives you to create a client profile (password and password-less).

Image for post
Image for post

Profile file will be saved in ubuntu home directory, either cat the file-content or SCP to your host machine

Optional

If you wish to have some “control’s” over the VPN like restricting from accessing certain IP’s, you can have your own iptables forward policies which do, like

iptables -I FORWARD -s 10.8.0.1 -i tun0 -d 216.18.168.124/25 -o eth0 -j DROP

Client Installation

https://openvpn.net/client-connect-vpn-for-windows/,

play store
https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en

Import the profile. Done

You can create additional clients and distribute them to your “loved” one’s.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store