This article targets developers who'd need their VPN:
- For confidentiality (especially when working with public wifi)
- If company resources are restricted to IP whitelists
- For any other reason
Have a good reading =)
Why using a VPS to create a VPN
I identified 3 main ways to get a vpn with a static IP:
- π°π° Subscribe a VPN with static IP option. This option can be great if beyond the fixed IP and confidentiality aspects, you want to be able to be behind an IP of the country of your choice. It's the easiest and most powerful way, but... also the most expensive. Note that static IPs are only available in paying VPN (at least today, in March 2023), so normally they don't make money with your personal data, like some free VPN.
- π§ Install your own personal VPN server at home, like on your favorite Raspberry pie zero. Given the consumption of such a device, it's very probably the least expensive way. But you are limited to your up bandwidth, so if you're not fibered, you'll feel it.
- β€οΈ What I chose and what I'll present here is installing OpenVPN on a VPS (Virtual Private Server). It's a bit more technical, but very fast if you have the right guidelines. I prefer this solution to the 2 other ones, because small VPS are enough and clearly less expensive than VPN, because I'm not fibered and because it's more reliable.
Prerequisites
- A device with a terminal and
sshandscpinstalled - An OpenVPN client installed on the machine you want to use a vpn.
First step: subscribing a VPS plan
There are many VPS providers. I personally chose the german Netcup for its competitive prices, and for the absence of commitment (I can stop when I want).
Here is the subscription page: https://www.netcup.eu/vserver/vps.php
VPS 200 G10s is clearly enough to make our VPN. It has:
- Processor: 2 vCore
- Main memory: 2 GB
- Hard disk: 40 GB SSD (RAID10)
- Unthrottled traffic: 80 TB / month (80 000 GB per month!)
Second step: admin access
Once the order is maid (yes, there is no payment step), a confirmation email will be sent, followed by a few more a few minutes later.
The most important mail will contain your customer number and password, to access the administration part:
we are pleased to welcome you as a customer at netcup. Enclosed you will find your access data to the netcup CCP (customer control panel).
There you have the possibility to maintain your data and products, as well as to view past invoices.
Your access data to the CCP are as follows:
Customer number: 123456
Password: blablabla
So don't forget to note:
- your customer number (only digits)
- your password
- the link to administrate Netcup VPS: https://www.customercontrolpanel.de/rechnungen.php
- the link to technically administrate the VPS: https://www.servercontrolpanel.de/SCP/Home
- the ip of your VPS
- the initial root password (to be changed in the next part)
Third step: root password configuration
First, for security reason, the root password must be changed via the admin interface. Access it via: https://www.customercontrolpanel.de/rechnungen.php
We can see our VPS listed, in the Products section:
Then by clicking on the π, the URL to admin panel is displayed:
It's always https://www.servercontrolpanel.de/SCP/Home but just in case you lose it, this way you know where you can find it.
Once there, we can start the configuration of the server (it's very fast):
- General > give a nickname to your server (optional but i recommend it)
- Control > click on Shutdown (ACPI). required to set a new root password
- Access > change the root password and NOTE IT
- Control > restart the server
β οΈ Do not even try to use the terminal available on the General tab, you'll probably never be able to simply enter your password, because of the poor keymap support. To access it we'll open a real SSH terminal.
Fourth step: ssh access
Open your favorite terminal with ssh installed and run this command (of course adapt it to your server).
ssh root@YOUR_IP
# To the question "Are you sure you want to continue connecting (yes/no/[fingerprint])?", press enter
Then enter the root password you created in the "Third step"
Here we are.
Fifth step: user creation
For security reasons (if you are interested you can check here), it is recommended to run your programs as non-root user.
Here is how to create a user named "admin" (feel free to set the name of your choice of course):
# user creation
useradd admin
# password creation
passwd admin
# here create a password for admin
# set user as sudoer
usermod -aG sudo admin
# Create his home directory
mkhomedir_helper admin
Sixth step: OpenVPN installation
For security reasons (if you are interested you can check here), it is recommended to run your programs as non-root user.
Here is how to create a user named "admin" (feel free to set the name of your choice of course):
# use your non-root user
su - admin
# download OpenVPN installer
wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O debian-11-vpn-server.sh
# make it executable
chmod -v +x debian-11-vpn-server.sh
# execute it
sudo ./debian-11-vpn-server.sh
# Then simply press enter multiple times until you get this message:
# "The configuration file has been written to /root/mydesktopclient.ovpn.
# Download the .ovpn file and import it in your OpenVPN client."
Seventh and ultimate step: Connection of OpenVPN client
Exit the server (exit command multiple times), then let's use scp command to retrieve mydesktopclient.ovpn file on your PC/mac/whatever:
scp admin@YOUR_IP:/home/admin/mydesktopclient.ovpn .
# enter here the password you created for admin (not root, just in case)
Open your OpenVPN client (install it if you don't have it yet), select the File tab > Browse > select your mydesktopclient.ovpn file.
Confirm by clicking on Connect, and π we are done!! π
To create a new client .ovpn file
If you want to share your vpn with someone, instead of sharing your .ovpn file you can create a new one easily:
Connect to the server with ssh:
ssh admin@YOUR_IP
# admin password
And run the installer:
sudo ./debian-11-vpn-server.sh
# admin password
# What do you want to do?
1
# Tell me a name for the client.
# => enter here a name matching this new client
# Do you want to protect the configuration file with a password?
1
Then proceed like in the "Seventh step" to retrieve the file, and share it.
π Thanks for reading
Top comments (0)