Pranjal Jain
Posted on January 13, 2021
We have all heard the term VPN in our lives. Especially when we are living in the technology-rich era. But let me tell you how little we are aware of this sector of technology that, In a way, rip our privacy apart.
We all are aware of the big conglomerates create a log of every action we are taking while we surf their platform, And this is a big problem. In the current time, When we hear about privacy being a top priority of a user on the internet, We hear about people/corporations eavesdrop on the digital communication of their users. And to prevent these we switch to multiple solutions like Tor & VPNs.
If we talk about Tor, It is indeed a good solution to the previously discussed problem, Tor is free and open-source, And it is enabling anonymous communication by directing Internet traffic through a free, worldwide, volunteer overlay network. It does sound like tor can be a reliable solution to our problem. But there is a catch, Tor does provide a good cover on the internet, But the speed we get on Tor is comparatively very low, Hence making it less reliable.
Now, If we talk about VPNs, They are also a good solution to our problem, And they do provide good surfing speed, If we compare it to Tor. But then what is the problem here? So the problem here is Log. Almost all of the VPN services create a log of network traffic for individual, which directly contrasts to privacy. And that's not all, These logs are often shared with the Personalised advertisement providers to strengthen the user profile, And fill them with ads.
According to this article on pcmag
Seven VPN services that claim to never log user traffic have been found doing just that—and they leak that information on the internet, according to security researchers at vpnMentor.
(Credit: vpnMentor)
Each of the affected providers also claims to offer “no-log” VPN services, meaning detailed user traffic is supposedly never recorded. However, the exposed server indicates this was far from the truth. “In some cases, illicit sites were accessed from countries where viewing such content is an illegal and punishable activity,” vpnMentor said.
After all these, One thing is sure that, VPNs for different providers cannot be trusted.
So what do we do now?
Isn't it a great idea to create our own VPN?
won't we need expensive servers at multiple locations?
How about we give it a try and then come to some conclusions...
First step
As always the prerequisite
- A Laptop
- An Internet Connection
- A Linode Account
That is indeed a tiny list.
Head over to Linode
Open the dashboard and click the "Add a Linode" Button to create a server.
While configuring the server
Keep in Mind
- OS - Ubuntu 20.10
- Region - Where you want your VPN to be located. I went with Newark, NJ
- Linode plan - Nanode 1GB
- Add a label to make it unique
Mine was
Wolfpack
- Add a root password
Lastly enable the Private IP checkbox
Now if you look at the price, 5$/month not that expensive.
Once your Linode has booted up, Check your configuration
Copy the command to connect to the server
which would be like ssh root@xx.xx.xx.xx
And after copying this paste it to your terminal if you're on macOS or use putty if you're using windows.
Here I am using macOS to demonstrate.
After entering the SSH connect command the terminal would ask
The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
ECDSA key fingerprint is SHA256:bSw0bqbSw0bqbSw0bqbSw0bqkj4/OZ3OZ3dP+/e2e2M.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type 'Yes' and press enter/return
And after writing yes you will see root@localhost:~#
in the terminal that means you're connected to the server.
Update
The first thing is to update the services and applications on the server. We can do that by using
apt-get update && apt-get upgrade -y
After the OS is updated. We can move to the next step which is setting up a new non-root user so that the server is secured.
We can do that by executing
useradd -G sudo -m wolf -s /bin/bash
And we can set a password using the command
passwd wolf
After typing the password twice, Your new user will be added.
Now open a new terminal to test your new user, Without closing the previous terminal window.
In the new terminal, Type
ssh wolf@xx.xx.xx.xx
Now it will ask for the password so enter the password which was set for the new non-root user(wolf).
And you should be connected to the server with the new user.
Don't yet disconnect the previous terminal window as it is logged in using the root user so if we face any problem we can use the previous terminal window to make changes.
Use your non-root user terminal as a default terminal, for now, keep the root terminal as a backup.
Now we will configure SSH to disable root login
In your terminal type to edit your SSH configuration file
sudo nano /etc/ssh/sshd_config
In the file look for #Port 22
and change it to Port 69
What this will do is, It will be hidden from the SSH scanners, Although it will enough for security.
Remember to remove the '#'
Now look for PermitRootLogin yes
and change it to PermitRootLogin no
Now no one can log in to the server as the Root user, But using sudo
Root privileges can be provided.
Installing OpenVPN
If we talk about this step
This could be a very long step
But This script makes the whole step very simple.
Nyr / openvpn-install
OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
With this command, we download the script
wget https://git.io/vpn -O openvpn-install.sh
And we have the file openvpn-install.sh
downloaded
And by running
sudo bash openvpn-install.sh
After running this command you will need to enter your password
And then you need to answer these question
Which IPv4 address should be used?
1) 50.116.58.32
2) 192.168.152.198
IPv4 address [1]: 1
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]: 1
What port should OpenVPN listen to?
Port [1194]:
Select a DNS server for the clients:
1) Current system resolvers
2) Google
3) 1.1.1.1
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]: 3
Enter a name for the first client:
Name [client]: WolfpackVPN
OpenVPN installation is ready to begin.
And congratulations
The client configuration is available in: /root/WolfpackVPN.ovpn
Just remember to keep the answer choices similar, You can change the Name for the first client. And set the DNS you want.
Now we move the file from the root directory to the main directory with the command.
sudo mv /root/WolfpackVPN.ovpn .
now we need to download the WolfpackVPN.ovpn
file to our machine. We can do this by using sftp service.
Open a new terminal and type
sftp wolf@xx.xx.xx.xx
After entering your password you will be connected to the sftp server. Now with this command, you will get the file on your macOS.
get WolfpackVPN.ovpn
Once you've downloaded the file on your macOS. Download Tunnelblick on mac from Tunnelblick
Set it up
You will find the file with the Tunnelblick symbol
And on importing it to Tunnelblick and then connecting to it you will see this window.
Viola! You're connected to your OWN VPN server.
And doing a quick speed test...
We can see that we are getting a decent speed of 21 Mbps Download and 24 Mbps Upload & we can see we are connected to Server(s) New York, US | Newark, US
Hence our VPN Works with a good speed that too at 5$.
If you're stuck anywhere do leave a comment.
Happy Hacking!
Posted on January 13, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.