Setup your personal VPN in the cloud, free for a lifetime
In the past 2–3 decades, Technology and the Internet have provided us with communication access, access to knowledge at our fingertips, and so much more, something we never had before. This results in us having to be extra careful with security on the internet. Post-Snowden era, the need for privacy has increased a lot for us, and one of the most common services to protect your internet privacy is using a VPN or a Virtual Private Network
A VPN is a digital tool/service, that lets you connect your personal device to another computer somewhere on the globe, through a private tunnel, and lets you access the internet through that computer as if their computing devices were directly connected to the private network. VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal data. The encryption takes place in real-time.
There are multiple VPN services that you can get online, both paid and free. But, there’s a common primary concern in all of them, i.e., the servers that they use for VPN services, are managed by them. That means, that even though your browsing history and identity are hidden from your ISP or public, the people who manage those servers have complete access over that, and it’s up to their discretion to log them. Many top VPN services out their promise that they do not collect user’s browsing data, but it’s just their word against the world, and you can never know for sure whether they’re telling the truth or not. Plus they charge a hefty amount for their services, which you’re might or might not willing to pay.
So, what is the solution? Above, I mentioned that people who control those VPN servers have full access to your data. So, if you were able to host the VPN on your own server, that would mean that no person, other than yourself, could access that data, right? That’s exactly what we’re going to do in this blog, and trust me, once you set it up, you’ll have your own personal VPN, for all your devices, and you won’t have to pay a single dime for it, for a lifetime!!!
In the modern era of cloud computing, getting your own Virtual Private Server (VPS) is easy as clicking a button. But, before that, you might ask what is a VPS. A VPS/Instance/Compute is basically a computer, that’s sitting at a remote place in large data centres, among thousands of other servers just like it, and you can rent it, use it, pay for what you use, and then dump it. It’s simple as that. There are some major players in the Cloud Computing field, like Amazon AWS, Microsoft Azure, Google Cloud and Oracle Cloud. These provide a plethora of on-demand services, but what we’re most interested in is the basic VPS service, and it’s provided by all of them.
Now, the title says that you can set up a VPN for free for a lifetime, but for that, you’ll need a VPS that you can rent for free. Now, among the 4 major cloud providers mentioned above, only two of them, i.e., Google Cloud and Oracle cloud provide at least one instance free for a lifetime, or according to them, in their Always Free plan. The other two also provide free compute instances, but that’s only for the first year after signing up on their platform.
Another area where it might cost you, other than the instance itself, is the bandwidth consumed by the instance. This is directly proportional to your VPN usage, i.e., if you use 100 GB of data while connected to your VPN in a month, 100 GB of bandwidth will be added to the bill, even if the instance itself is free. This is where Oracle Cloud shines for us, as it allows a whopping 10 TB of bandwidth for free per month in its Always Free tier. Compare that to Google Cloud, which only gives 1 GB of network bandwidth. So, with a VPS free for a lifetime, and 10 TB of bandwidth per month, which you’re not likely to run out of even if you have 10 devices connected to the VPN, that consume 30 GB per day!!!
Please note that even if I’m suggesting Oracle Cloud to set up your VPN, you’re free to go for the cloud provider of your choice if you’re willing to pay for it or if you have trust issues with Oracle. You will need to do a similar setup as it’s being done in the Oracle Specific section, according to your own cloud provider. I’ll make sure to link relevant resources for other cloud providers wherever I can, at the end of each section.
Then you can follow the General section, no matter what your cloud provider is. I’ll also provide relevant information whenever there are any fundamental differences between Oracle Cloud and other cloud providers.
Let’s Start
Before creating a VPS on Oracle Cloud, you’ll need to create an account on the platform. You can go to https://signup.cloud.oracle.com/ to create an account. There are two primary things to note here:
- Oracle cloud requires a valid credit card during the signup. This is different from other cloud providers, on whom you can sign up with a debit card too. If you don’t have a credit card, you can use a service like https://privacy.com/ that’s available in your country to create a temporary credit card. If you’re living in India, you can also use the Paytm Payments Bank international card during sign-up (That’s how I signed up 😛).
- During the signup process, you’ve to select your primary region, in which you can avail of the Always Free services. This is again different from other cloud providers, in which you can avail of free services from any region. So choose the region that’s closest to your location, as it’ll provide the highest speed and lowest speed possible.
Creating an Instance
Once you’re signed up and signed in to your oracle account, you’ll be greeted with the homepage of the cloud console, which will look something like this.
One the top search bar, search Instances, and then click on the Instances link.
Then, click on the Create Instance button.
The instance creation wizard will open up. Name your server whatever you want. I have named it vpn-server.
Now, in the Image and Shape section, click on the Edit button, and then on the Change Image button. This will open up the Image selection tray. Wait for a few seconds for the images to load up, and then select Canonical Ubuntu and the OS version as 20.04 only.
Now, in the Add SSH keys section, click on the Save Private Key button to download the Private key for your server, which will enable you to access it. Note that without this key file, you won’t be able to access the server. So keep it safe and secure.
Once that is done, you can leave everything else to default and proceed with creating your instance. Your screen should look something like this.
Give it a few minutes to set up your instance. Once done, your instance should be in a Green/Running state.
For people who’re not using Oracle Cloud, the process of instance creation can be found on google. I’ve also linked the resources for some of them below.
One primary thing to take care of is to always select a Ubuntu 20.04 image/AMI/OS when launching an instance, as it comes with WireGuard installed and with minimum fuss.Instance creation on Amazon Web Services (AWS)
Setting up Firewall Rules
When you launch an instance on the cloud, it is generally protected by a set of firewall rules that restrict access on how one can communicate to the instance from an external source. For your VPN server, we’ll be using a modern Open Source VPN library, WireGuard. It requires us to allow incoming connections on our instance on port 51280 using UDP protocol. So, we’ll enable that for our instance.
In the search bar on the top of the dashboard, search for Virtual Cloud Networks, and click on the same in the results.
In the list of VCNs, click on the first and only one VCN available in your account, which was created automatically when you created the instance.
In that, on the left sidebar, click on Network Security Groups.
Now, click on Create Network Security Group button, give your NSG a name (something like vpn-sg), and click on Next.
Now, here we have to add two rules.
- One Ingress rule to allow incoming connections on port 51280 using UDP protocol.
- One Egress rule allowing our VPS to connect to the public internet.
In the Create Network Security Group wizard, fill up the fields according to the image below.
Now that your NSG has been created, go back to your VCN, and click on Security Rules on the left sidebar.
In that, click on your Default Security List, and then on Add Ingress Rule button. In the newly opened modal, fill up the values according to the image below, and click Add Ingress Rules.
https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address#reserve_new_static . Now, at last, go again to your instance page, and in there, you will see something like this is on right.
Here, you have the Public IP address of your server. Copy it as it’ll be used when we will log in to the server.
Apart from that, we also have the Network Security Groups part. Click on Edit, choose your newly created NSG from the drop-down, and click on Save Changes. It should now look something like this.
Congratulations, if you have reached this part, that means you have your instance setup and you’re ready to install the VPN on it and connect to it from your devices.
If you’re not using Oracle Cloud, you’ll need to enable port 51820/UDP ingress for your instance in your cloud provider-specific firewall. Again, I’ve linked the relevant resources for that below.
Customizing Firewall rules in Google Cloud Platform (GCP)
Customizing Firewall/Security rules in Amazon Web Services (AWS)
All the steps from now on are independent of the Cloud Service Provider. So even if you’re not using Oracle Cloud, but have set up the instance and firewall rules in your cloud provider, you can easily proceed to the next steps.
One important thing to make note of here is that in most of the cloud providers, the public IP address of a VPS is ephemeral, i.e., it can change after the instance reboots. To prevent that, the cloud providers have a concept of Reserved IPs/Elastic IPs, through which you can reserve a permanent public IPv4 address for your instance. Oracle Cloud provides a static IP address by default for the first two instances, so we don’t have to worry about it. But if you’re using any other cloud provider, you can find the instructions for the same from the links below.
Assigning Static IP on Azure VM
