Still using my free Pritunl VPN server with a $5/month Digital Ocean droplet, and the speed and reliability are still amazing. So, after a year and a half, I can honestly say this is the best VPN solution I have ever used.
Build Your Multi-User VPN Server for $5 a Month
As I go back and forth between Asia and the U.S. (a lot,) I often use a VPN to make sure I get my fix of my favorite American TV shows on Hulu and Netflix. However, since many U.S. streaming sites have started to crack down on users who access content with a VPN from outside the United States, I have had to start looking for other options.
Now, the way streaming sites are able to block VPN usage is not any sort of amazing technological feat. No, not at all. In fact, all they’re really doing is creating a list of blacklisted IPs known to be associated with VPN services. Once an IP list gets hit, then you’re done – no more access. This means VPN services have to always rotate their IP pools, which can get very expensive for them after a while.
The workaround, of course, is to simply access the streaming sites with a dedicated IP address that no one else uses. Some VPN services provide this type of service, but it’s expensive; too expensive to suit me. So, I decided to create my own VPN service. I’ve been meaning to get around to doing it for a while now; but, I never did because I thought it would take a lot of time. Surprisingly, though, I was able to complete the whole thing — from start to finish — in less than an hour. Actually, maybe it was closer to half an hour; I wasn’t really keeping track.
Creating Your Own VPN Service is Really Simple
When it comes to creating your own VPN, there is no reason to reinvent the wheel, so to speak, as many options for VPN servers already exist. And since the best VPNs are based on open source software anyway, it’s best to choose the source installation for those – OpenVPN.
Even with OpenVPN based server installations, there are several choices. You can opt to use the standard OpenVPN server included with many Linux server repositories, the OpenVPN Access project, or something more esoteric like SoftEther; all of which are excellent. The variation I chose to use, though, is Pritunl (pronounced Pre-Tunnel.)
Pritunl comes in two flavors — free and enterprise — and is an extremely powerful and easy-to-use VPN server platform. Unless you’re planning on creating a commercial VPN service that has many customers accessing many different servers, or a company that needs to support a very large network of users, the free version is more than enough for most personal use scenarios. As I need only to access the VPN with a single, dedicated IP address, the free version is perfect for me.
While there are a few different options for creating your own free, or very low-cost, VPN service available, there is not a lot of good documentation on how to actually get one up and running. Therefore, I thought I would create a post detailing what I did to not only create my VPN service, but also include the steps I took to ensure it was safe and secure. So, without further ado, here’s how to create your own multi-user VPN service for $5 per month.
Part 1 – Creating the Hosting Account and Installing Pritunl
Step 1 – Go to the Digital Ocean website. Create an account and verify it, and then deposit $5 into your account via PayPal or with your credit card (Disclaimer: if you use the above link, I will get $10 credit for my own Digital Ocean account, but then so will you! So, it’s a win-win.) Again, here is the link – Sign Up for Digital Ocean and We Both Get $10 Credit!
Step 2 – Make sure you’re logged into your Digital Ocean account, and then click “Droplets” on the top menu bar. Click the “Create” button.
Step 3 – Click “Distributions” under the “Choose an Image” label, and then select the “Ubuntu” option. Under “Choose a Size,” select the “$5/mo” server option.
Step 4 – Scroll down to the “Choose a Datacenter Region” section of the page. Select the server location closest to the area from which you will connect. If you’re creating a VPN you want to use with American video streaming sites such as Netflix or Hulu, make sure you select either the New York or San Francisco region option.
Step 5 – In the “Select Additional Options” section, enable the “Private Networking Option,” and then click “User Data.” In the box below labeled “Enter user data here…”, paste all of the following code.
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.2.list
echo "deb http://repo.pritunl.com/stable/apt trusty main" > /etc/apt/sources.list.d/pritunl.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv EA312927
apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A
apt-get --assume-yes update
apt-get --assume-yes upgrade
apt-get --assume-yes install pritunl mongodb-org
service pritunl start
Step 6 – Add your SSH keys to secure your installation. If you’re not sure how to add your SSH keys, see my post on How to Set Up a Digital Ocean Ubuntu Server in 5 Minutes. You can find instructions for using a program called PuTTY to create and install your private SSH keys there.
Step 7 – Enter a catchy name in the “Choose a Hostname” field, and then click “Create.” That’s it. Just wait for a minute and your new VPN server will be about 95% complete. The script you entered in the “User Data” field will download and install Pritunl on your new Ubuntu server automatically. It doesn’t get any easier than that.
Step 8 – Well, this one isn’t really a step. But, after you create your Digital Ocean “droplet” – D.O. speak for server – note the IP address, as you will need it to complete the installation and configuration of your Pritunl server.
Part 2 – Configure the Pritunl VPN Server
Step 1 – Open your web browser and enter the IP address of your new Digital Ocean server in the address bar. At the end of the IP address, add “:443” (include the colon.) After you finish, the IP address should look like this “111.222.333.44:443” (without the quotes.) Of course, your IP address will be different. Press “Enter” and you should see the Pritunl initial configuration page in your browser window:
Step 2 – Return to your Digital Ocean account, and then click “Droplets” on the top menu. Click the name of your D.O. server in the Droplets list. When the new page appears, click the “Console” link. A new terminal window will open.
Step 3 – Enter your server Root User password if prompted (you should have received this in an email after you created the new droplet.) If you created and entered SSH keys during setup, then no password is needed.
Step 4 – At the prompt, type the following commands and press “Enter” after each:
sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf'
sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'
Step 5 – Type the following command and press “Enter”:
After you enter the command, the system will display a key value similar to the following:
Step 6 – Leave the console window open and visible, and then return to the browser window displaying the Pritunl server page.
Step 7 – Type (or copy/paste) the key value from the console window in the “Enter Setup Key” field on the Pritunl server configuration page. Click the “Save” button.
Step 8 – Enter “pritunl” in both the user and password fields when prompted, and then click “Sign in.”
Step 9 – Enter a new username and password in the Initial Setup window. If you want to use a domain name with the new server, enter it in the LetsEncrypt Domain field. Click the “Save” button.
Your Pritunl installation is now configured. Next, we need to set up the actual VPN service and connections.
Part 3 – Configuring the Service and Connections
Step 1 – Click “Users” on the menu at the top of the Pritunl page, and then click the “Add Organization” button. Enter a name for the organization (My Co or anything you want). Click the “Add” button.
Step 2 – Click the “Add User” button. Enter the name of the new user, his/her email address (optional) and a pin number (six digits). Click the “Add” button.
Step 3 – Add more users as needed or skip to the next step.
Step 4 – Go to the Pritunl client page. Click the “Install” menu link.
Step 5 – Click the button or link that corresponds with the operating system you use (i.e. Linux, Mac or Windows.) Download and save the setup file to your computer.
Step 6 – Run the Pritunl installer on your computer to install the client application.
Step 7 – Return to the Pritunl configuration page in your web browser. Click “Users” on the menu, and then locate your username in the list. Click the “chain link” icon to the right of your username.
Step 8 – In the Temporary Profile Link window, highlight the link in the last field. Right-click the selected text, and then click “Copy.”
Step 9 – Launch the Pritunl client application. Click the “Import Profile URI” link at the bottom of the window. Place the cursor inside the “Enter Profile URI” field, and then press “Ctrl” + “V” on your keyboard. Click the “Import” button. After you click “Import,” your account information appears near the top of the Pritunl window.
Step 10 – Click the “3-bar” menu icon in the upper-right corner of the Pritunl window. Click the “Connect” button. Enter your account pin number, and then click “OK.” Wait a couple of seconds to connect to the server.
That’s it. You’re now connected to the VPN server and surfing the Internet anonymously.
This is a very simple way to set up your own VPN for accessing sites that may be blocked in your area. However, this is not what you would really call a “secure” VPN service because Digital Ocean knows who you are and the IP address you are using. In short, this VPN server is more than adequate for the casual browsing of streaming sites and such. If you want to use a VPN for more diabolical purposes, though, then you better figure out another strategy – cause this one will get you busted for sure.
You can change the DNS server settings in the Pritunl settings window as well. The default DNS server setting uses the Public DNS service from Google, and it should work fine. If you want to use a private DNS service, though, I suggest you take a look at DNSCrypt or other DNS services that do not keep logs or record the sites you visit.
Again, though, if you want a rock-solid VPN for streaming videos, this method works like a charm – and, you will always have your own private IP address that’s not shared with other VPN users. Therefore, sites that are banning VPN services will never know who you are or from where you’re connecting.
Also, read these tutorials on installing the UFW firewall on your server and changing the default SSH access options. Both of these steps will help considerably in locking down and securing your new VPN server.
That’s all for today. Hope you learned something. Leave a comment below and let me know how this tutorial worked out for you. Thanks for stopping by!