InfoWorld how-to's

How to roll your own VPN

With free open source OpenVPN and a low-cost VPS, you can have a secure connection from any location

InfoWorld how-to's

Show More

If you need to encrypt traffic from your computer or mobile device, you have many options. You could buy a commercial VPN solution, or you could sign up for a VPN service and pay a monthly fee. Or for less money, you could create your own VPN and gain the use of a Linux VPS (Virtual Private Server) anywhere in the world. This roll-your-own option is made possible through the use of the open source OpenVPN project, Linux, and a few open source client-side applications.

The VPS-based setup described here is designed to encrypt all the traffic from your laptop, desktop, or mobile phone to your VPN server, which then unencrypts that traffic and passes it on to its destination. This can be very useful if you're using the Internet from a coffee shop, a hotel, or a conference and you do not trust the network.

[ Also on InfoWorld: Teach your router new tricks with DD-WRT or OpenWrt. | Get expert networking how-to advice from InfoWorld's Networking Deep Dive PDF special report. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security newsletter. ]

Putting this VPN together is generally the work of only a few minutes, and it requires minimal Linux command-line skills. The only tools you'll need are an SSH client and a VPS.

You can purchase a VPS on a monthly, quarterly, or yearly basis from any number of service providers. Some larger services offer VPS services in several different countries and allow you to choose where your server will run. In most cases, it's best to find a VPS that's located close to where you intend to generate the most traffic; the further away you are, the higher the tunnel latency will be, and the connection may be slower than you'd like. However, if you want your Internet traffic to appear to originate from Switzerland while you connect from New York or Los Angeles, you can do that as well.

This guide will show you how to create your own VPN using a VPS running Debian Squeeze, but the general configuration will work on any number of other distributions.

If you will use the VPS only for the VPN, you don't need significant resources. Many VPS providers offer mini or micro VPS options that have 128MB or 256MB of RAM, a single CPU core, and 5GB of storage. That's plenty to run a VPN for several users. You will want to pay attention to the allowed traffic per month if you plan on pushing lots of data through the connection, however. Some providers offer 500GB or even 1TB of traffic per month. The monthly cost is typically anywhere from $5 to $10.

When purchasing your VPS, make sure it's a hardware-emulated VPS based on KVM or Xen, not a container instance based on Linux-VServer or OpenVZ. We will need access to the TAP/TUN elements of the Linux kernel to create the VPN, and that can be difficult or impossible to access on other forms of virtualization due to their internal architecture. Some providers have implemented ways of providing TAP/TUN devices to their OpenVZ-based VPSes, but this support differs from provider to provider.

Once you've purchased your VPS, you should receive an email with the IP address and root login information. Fire up your SSH client (you can download PuTTY for Windows or use iTerm or native SSH from the Mac OS X Terminal) and make an SSH connection using that IP and root credentials. You'll wind up with a command prompt like so:


Your prompt may look a little different depending on how the provider names the VPS, but the important part is the # at the end. The # signifies that you're logged into the server as root and can make the necessary changes.

1 2 3 4 5 Page 1
Page 1 of 5