To my regular readers: This is a nerd post that won’t interest most of you, for which I apologize. However, about half of the connections to this blog come from Google, from people who have searched for a topic that I have written about. This post is mainly for readers from Google who are interested in private VPN servers.
If you are interested in a private VPN server, then you already know why you need a VPN. But why do you need a private VPN? You need a private VPN because:
1. It’s impossible to know to what degree a VPN service can be trusted.
2. VPN providers charge too much. VPN service is cheap to provide. There are free services, such as Windscribe. But you have to wonder how they use a free service to make money.
3. Some highly secure web sites (my bank, for instance) seem to know when you’re using a public VPN. They may refuse to talk with you at all, or they may challenge you with pesky checks such as CAPTCHAs.
4. A private VPN will almost certainly be faster.
5. Assuming you have the know-how, a private VPN lets you control the configuration on both client and server. You can optimize the VPN for the way you use it.
The hurdle to having your own VPN server is not the cost. Virtual private servers have become quite cheap (more about that below). The hurdle is the amount of knowledge you need to install and configure VPN (virtual private network) on a VPS (virtual private server). Anyone who is comfortable with Linux should be able to do it. You need to be adept at working at a Unix command line. You need a decent understanding of how encryption works. And you need a decent understanding of how networks work.
Here’s what you need:
1. A virtual private server running a recent and well-supported flavor of Linux
2. Knowledge of Unix (or Linux), and knowledge of encryption and networking
3. The right software (and knowing how to install it) on your virtual private server, mainly OpenVPN and SSL
You will hit some bumps, and you will have some questions. I found how-to files from Digital Ocean to be particularly helpful (you can Google for such how-to files). My VPS provider (VPSCheap) also had a helpful how-to file in its support section. In this post, I don’t propose to tell you how to set up a private VPN server. I just want to encourage you and get you started.
About virtual private servers: You can Google for where to sign up for a virtual private server (VPS). I use VPSCheap.net. Some very negative reviews have been written about them, but it was clear that the reviewers didn’t know very much. My guess is that many people write negative reviews of VPS services because they’re in over their heads and don’t know how to use a VPS. My VPS (there are many options) includes 1GB of RAM, 20GB of disk, fast and unlimited network access, and Ubuntu 20.04 LTS. It costs $50 a year. It’s assumed with pretty much any VPS that you get root access to the server via ssh. With VPSCheap, I had to open a help ticket after I saw that my newly set up server did not have the full 20GB of disk space. Five minutes after I opened the ticket, I received an email saying that the problem had been fixed (and it had indeed been fixed).
Your private server does not need a domain name. All you need is the bare IP address. For security and anonymity, it’s probably better not to have a domain name pointing to your server. It would be very difficult for anyone (other than your VPS provider) to find how who uses that IP address. An exception is that, when you’re using a VPN, and when you sign in somewhere (such as your bank) with your real name, your bank will then be able to associate your name and IP address. You can be sure that banks log IP addresses. But law-abiding users of the Internet ought not to need to hide from their bank. Those who do use the Internet for shady purposes are using Tor, not a VPN. The VPN is to protect you from snooping and tracking. It won’t hide you from your bank, or from the law.
My requirements for a VPN are harsh, because I connect to the Internet by satellite (HughesNet). Satellites cause latency, and VPNs hate latency and work poorly over satellite. I tried some free VPN services, and some pay-by-the-gigabyte VPN services, but their slow performance over a satellite link made them unusable. With my own VPN server, the performance of OpenVPN is slow, but tolerable. I found that certain configuration changes (on both client and server) helped. Take a look at keep-alive and replay-window if you have similar problems. Also UDP (rather than TCP/IP) is recommended, because UDP will shovel packets down the tunnel without all the back-and-forth control protocols that TCP/IP uses.
An extra benefit of having your own VPS server is that you can use it for things other than VPN. I’m testing the possibility of moving my blog from GoDaddy hosting to a VPS. That would save money. It also would give me total access to, and total control over, the blog’s server. I think I’ve checked off all the requirements, including the necessity of being able to run SSL (HTTPS) using a free, signed certificate. SSL certificates are another item that cost far, far more than they ought to when you buy them from somebody like GoDaddy.
Another extra benefit of having your own VPS server is that you can use it on all your devices. My private VPN service works great on my iPhone (using the OpenVPN iPhone app) and on my Windows laptop. I use OpenVPN as the client on all my devices, including the iMac. There are other client options, such as Tunnelblick. I tested Tunnelblick and hated it. You don’t have to create separate certificates or profiles for each device. Just one will work with OpenVPN clients on all your devices. When I’m at a hot spot with fast WIFI, I find that my VPN server is super fast, even transparently fast.
It sucks that everyone doesn’t have the skill and resources to have a private VPN server, or at least an honest VPN service provider. But the truth is that there are politically powerful interests on the Internet who want us to be vulnerable, because they want to track us and snoop on us, and they want to be able to push advertising at us the better to “monetize” whatever they’re selling. The same thing is true of email. The technology has long existed for encrypted email systems in which identities can be verified by signed encryption certificates and in which spam could virtually be eliminated. But again, there are powerful interests on the Internet (including the government) who want to snoop on us or push advertising at us.
It’s a jungle out there.
Update: All VPN users show know what a WebRTC browser leak is and how to prevent it. Google for those terms to learn more.