How to Build Your Own Rock-Solid and Secure Multi-User VPN Server for $5 a Month

Update

Feb 26, 2018 @ 5:35 PM

Still using my free Pritunl VPN server with a $5/month Digital Ocean droplet, and the speed and reliability are still amazing. So, after a year and a half, I can honestly say this is the best VPN solution I have ever used.

Build Your Multi-User VPN Server for $5 a Month

As I go back and forth between Asia and the U.S. (a lot,) I often use a VPN to make sure I get my fix of my favorite American TV shows on Hulu and Netflix. However, since many U.S. streaming sites have started to crack down on users who access content with a VPN from outside the United States, I have had to start looking for other options.

Now, the way streaming sites are able to block VPN usage is not any sort of amazing technological feat. No, not at all. In fact, all they’re really doing is creating a list of blacklisted IPs known to be associated with VPN services. Once an IP list gets hit, then you’re done – no more access. This means VPN services have to always rotate their IP pools, which can get very expensive for them after a while.

The workaround, of course, is to simply access the streaming sites with a dedicated IP address that no one else uses. Some VPN services provide this type of service, but it’s expensive; too expensive to suit me. So, I decided to create my own VPN service. I’ve been meaning to get around to doing it for a while now; but, I never did because I thought it would take a lot of time. Surprisingly, though, I was able to complete the whole thing — from start to finish — in less than an hour. Actually, maybe it was closer to half an hour; I wasn’t really keeping track.

Creating Your Own VPN Service is Really Simple

When it comes to creating your own VPN, there is no reason to reinvent the wheel, so to speak, as many options for VPN servers already exist. And since the best VPNs are based on open source software anyway, it’s best to choose the source installation for those – OpenVPN.

Even with OpenVPN based server installations, there are several choices. You can opt to use the standard OpenVPN server included with many Linux server repositories, the OpenVPN Access project, or something more esoteric like SoftEther; all of which are excellent. The variation I chose to use, though, is Pritunl (pronounced Pre-Tunnel.)

JeffGrundy -001

Pritunl comes in two flavors — free and enterprise — and is an extremely powerful and easy-to-use VPN server platform. Unless you’re planning on creating a commercial VPN service that has many customers accessing many different servers, or a company that needs to support a very large network of users, the free version is more than enough for most personal use scenarios. As I need only to access the VPN with a single, dedicated IP address, the free version is perfect for me.

While there are a few different options for creating your own free, or very low-cost, VPN service available, there is not a lot of good documentation on how to actually get one up and running. Therefore, I thought I would create a post detailing what I did to not only create my VPN service, but also include the steps I took to ensure it was safe and secure. So, without further ado, here’s how to create your own multi-user VPN service for $5 per month.

Part 1 – Creating the Hosting Account and Installing Pritunl

Step 1 – Go to the Digital Ocean website. Create an account and verify it, and then deposit $5 into your account via PayPal or with your credit card (Disclaimer: if you use the above link, I will get $10 credit for my own Digital Ocean account, but then so will you! So, it’s a win-win.) Again, here is the link – Sign Up for Digital Ocean and We Both Get $10 Credit!

JeffGrundy -002

Step 2 – Make sure you’re logged into your Digital Ocean account, and then click “Droplets” on the top menu bar. Click the “Create” button.

JeffGrundy -003

Step 3 – Click “Distributions” under the “Choose an Image” label, and then select the “Ubuntu” option. Under “Choose a Size,” select the “$5/mo” server option.

JeffGrundy -004

JeffGrundy -005

Step 4 – Scroll down to the “Choose a Datacenter Region” section of the page. Select the server location closest to the area from which you will connect. If you’re creating a VPN you want to use with American video streaming sites such as Netflix or Hulu, make sure you select either the New York or San Francisco region option.

JeffGrundy -006

Step 5 – In the “Select Additional Options” section, enable the “Private Networking Option,” and then click “User Data.” In the box below labeled “Enter user data here…”, paste all of the following code.

#!/bin/bash

echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" > /etc/apt/sources.list.d/mongodb-org-3.2.list

echo "deb http://repo.pritunl.com/stable/apt trusty main" > /etc/apt/sources.list.d/pritunl.list

apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv EA312927

apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv CF8E292A

apt-get --assume-yes update

apt-get --assume-yes upgrade

apt-get --assume-yes install pritunl mongodb-org

service pritunl start

JeffGrundy -038

JeffGrundy -039

Step 6 – Add your SSH keys to secure your installation. If you’re not sure how to add your SSH keys, see my post on How to Set Up a Digital Ocean Ubuntu Server in 5 Minutes. You can find instructions for using a program called PuTTY to create and install your private SSH keys there.

JeffGrundy -007

Step 7 – Enter a catchy name in the “Choose a Hostname” field, and then click “Create.” That’s it. Just wait for a minute and your new VPN server will be about 95% complete. The script you entered in the “User Data” field will download and install Pritunl on your new Ubuntu server automatically. It doesn’t get any easier than that.

JeffGrundy -008

Step 8 – Well, this one isn’t really a step. But, after you create your Digital Ocean “droplet” – D.O. speak for server – note the IP address, as you will need it to complete the installation and configuration of your Pritunl server.

Part 2 – Configure the Pritunl VPN Server

Step 1 – Open your web browser and enter the IP address of your new Digital Ocean server in the address bar. At the end of the IP address, add “:443” (include the colon.) After you finish, the IP address should look like this “111.222.333.44:443” (without the quotes.) Of course, your IP address will be different. Press “Enter” and you should see the Pritunl initial configuration page in your browser window:

JeffGrundy -040

JeffGrundy -009

Step 2 – Return to your Digital Ocean account, and then click “Droplets” on the top menu. Click the name of your D.O. server in the Droplets list. When the new page appears, click the “Console” link. A new terminal window will open.

JeffGrundy -012

Step 3 – Enter your server Root User password if prompted (you should have received this in an email after you created the new droplet.) If you created and entered SSH keys during setup, then no password is needed.

Step 4 – At the prompt, type the following commands and press “Enter” after each:

sudo sh -c 'echo "* hard nofile 64000" >> /etc/security/limits.conf'

sudo sh -c 'echo "* soft nofile 64000" >> /etc/security/limits.conf'

sudo sh -c 'echo "root hard nofile 64000" >> /etc/security/limits.conf'

sudo sh -c 'echo "root soft nofile 64000" >> /etc/security/limits.conf'

Step 5 – Type the following command and press “Enter”:

pritunl setup-key

After you enter the command, the system will display a key value similar to the following:

c90ea4496a8b4ae9a50142v365afgtrs

Step 6 – Leave the console window open and visible, and then return to the browser window displaying the Pritunl server page.

Step 7 – Type (or copy/paste) the key value from the console window in the “Enter Setup Key” field on the Pritunl server configuration page. Click the “Save” button.

JeffGrundy -013

Step 8 – Enter “pritunl” in both the user and password fields when prompted, and then click “Sign in.”

JeffGrundy -014

Step 9 – Enter a new username and password in the Initial Setup window. If you want to use a domain name with the new server, enter it in the LetsEncrypt Domain field. Click the “Save” button.

JeffGrundy -015

Your Pritunl installation is now configured. Next, we need to set up the actual VPN service and connections.

Part 3 – Configuring the Service and Connections

Step 1 – Click “Users” on the menu at the top of the Pritunl page, and then click the “Add Organization” button. Enter a name for the organization (My Co or anything you want). Click the “Add” button.

JeffGrundy -016

JeffGrundy -017

JeffGrundy -019

Step 2 – Click the “Add User” button. Enter the name of the new user, his/her email address (optional) and a pin number (six digits). Click the “Add” button.

JeffGrundy -020

JeffGrundy -021

Step 3 – Add more users as needed or skip to the next step.

Step 4 – Go to the Pritunl client page. Click the “Install” menu link.

JeffGrundy -022

JeffGrundy -023

Step 5 – Click the button or link that corresponds with the operating system you use (i.e. Linux, Mac or Windows.) Download and save the setup file to your computer.

JeffGrundy -024

Step 6 – Run the Pritunl installer on your computer to install the client application.

JeffGrundy -025

Step 7 – Return to the Pritunl configuration page in your web browser. Click “Users” on the menu, and then locate your username in the list. Click the “chain link” icon to the right of your username.

JeffGrundy -026

Step 8 – In the Temporary Profile Link window, highlight the link in the last field. Right-click the selected text, and then click “Copy.”

JeffGrundy -028

Step 9 – Launch the Pritunl client application. Click the “Import Profile URI” link at the bottom of the window. Place the cursor inside the “Enter Profile URI” field, and then press “Ctrl” + “V” on your keyboard. Click the “Import” button. After you click “Import,” your account information appears near the top of the Pritunl window.

JeffGrundy -029

JeffGrundy -030

JeffGrundy -031

JeffGrundy -032

Step 10 – Click the “3-bar” menu icon in the upper-right corner of the Pritunl window. Click the “Connect” button. Enter your account pin number, and then click “OK.” Wait a couple of seconds to connect to the server.

JeffGrundy -033

JeffGrundy -034

JeffGrundy -035

JeffGrundy -029

JeffGrundy -037

 

That’s it. You’re now connected to the VPN server and surfing the Internet anonymously.

Final Thoughts

This is a very simple way to set up your own VPN for accessing sites that may be blocked in your area. However, this is not what you would really call a “secure” VPN service because Digital Ocean knows who you are and the IP address you are using. In short, this VPN server is more than adequate for the casual browsing of streaming sites and such. If you want to use a VPN for more diabolical purposes, though, then you better figure out another strategy – cause this one will get you busted for sure.

You can change the DNS server settings in the Pritunl settings window as well. The default DNS server setting uses the Public DNS service from Google, and it should work fine. If you want to use a private DNS service, though, I suggest you take a look at DNSCrypt or other DNS services that do not keep logs or record the sites you visit.

Again, though, if you want a rock-solid VPN for streaming videos, this method works like a charm – and, you will always have your own private IP address that’s not shared with other VPN users. Therefore, sites that are banning VPN services will never know who you are or from where you’re connecting.

Also, read these tutorials on installing the UFW firewall on your server and changing the default SSH access options. Both of these steps will help considerably in locking down and securing your new VPN server.

That’s all for today. Hope you learned something. Leave a comment below and let me know how this tutorial worked out for you. Thanks for stopping by!

Jeff

 

5 thoughts on “How to Build Your Own Rock-Solid and Secure Multi-User VPN Server for $5 a Month”

  1. Pingback: One Month Review of Pritunl VPN Server - Jeff Grundy

  2. Nice guide but while DO is very cool and relatively easy the bandwidth allotment are pretty stingy. 1 or 2tb per month would not go far at all.

    1. Hi Nnyan, and thanks for the comment. Yeah, I see your point. Still, I believe 1 or 2 TB is plenty for many users. I stream videos all the time with my Pritunl VPN and have never ran into any issues. DO is still not charging (as of this date) for bandwidth overages. They say they are still just monitoring overages at this point. I stream mostly TV shows and not full length movies. But since I stream everyday with the VPN, it’s fine for my own personal needs. Now, if you want the VPN for torrenting, then of course that bandwidth will get ate up pretty fast. Again, though, thanks for the comment.

  3. Nice story. Using this service for a little while myself too. Had some thoughts if it was all secure enough but after your story I do feel a bit more secured by this solution. Thanks!

    1. Hi Tom, and thanks for the comment. I appreciate it. Yes, Pritunl works well, and I have been very pleased with the service. I have it connected to a domain that I will let expire soon, though. Just have too many. So… we’ll see how easy it is connect the server to a new one. Keeping my fingers crossed. Glad you’re enjoying Pritunl and for the comment. Thanks again.

Join the Discussion

This site uses Akismet to reduce spam. Learn how your comment data is processed.