VPN Guide: How to set up your own VPN (2021) | EFANI

Latest news

Discover the latest from our blog

Part 1 – A simple guide on how to set up your own VPN [2021]

vpn

The internet is a challenging place for those who value their privacy. People are (legitimately) concerned about their privacy after the senate voted to allow internet service providers (ISPs) to sell your personal information to advertisers. While protecting your privacy is crucial, this does not need signing up for a VPN service and tunnelling all of your internet activity via VPN servers.

Enough jibber-jabber from me; let’s get on with the guide.

[1] Theoretical understanding

Section (a) – What is a virtual private network (VPN)?

The term VPN refers to a virtual private network that uses the Internet as its transport mechanism while keeping the data on the VPN “secure”.

Section (b) – But what exactly IS a virtual private network (VPN)?

This question can be answered in a variety of ways. It all relies on how your network is set up. The most frequent design is to have a single primary internal network with remote nodes accessing the central network through VPN. Remote workplaces or employees working from home are prominent examples of remote nodes. You can also join two small (or large) networks together to create a single larger network.

Section (c) – So, how does a virtual private network (VPN) work?

Simply put, a VPN is created by creating a secure tunnel between two networks and routing IP via it. Here are some diagrams to help visualize this notion (using IP masquerading):

Figure 1 – IP Masquerading by  Wilson, M.D., 1999. VPN HOWTO

The Client Router is a Linux system that serves as the remote network’s firewall or gateway. The local IP address 192.168.12.0 is used by the remote network. Local routing information on the routers was excluded for the sake of a simplified diagram (Figure 1). The main concept is to use the tunnel to transport traffic for all private networks (10.0.0, 172.16.0.0, and 192.168.0.0).

This is one way of doing things. To put it another way, while the distant network can see the private network, the private network cannot always see the remote network. You must declare that the routes are bidirectional in order for this to happen.

[2] Prerequisites

Section (a) – Keeping uninvited folks out 

A VPN’s security is extremely crucial. Isn’t that why you’re making one in the first place? When setting up your server, there are a few things to keep in mind.

  • Disallow passwords – You don’t use passwords, you disable them totally. SSH’s public key authentication system should be used for all authentication on this workstation. Only those with keys will be able to enter because remembering a binary key that is 530 characters long is very hard.
  • So, how do you go about doing that? It necessitates the modification of the /etc/passwd file. The second field contains either the hash of the password or an ‘x’ indicating that the authentication system should look in the /etc/shadow file. Rather than “*,” you modify that field to “*.” This informs the authentication system that no password exists and that no password should be used.

[3] Myths vs Reality

Section (a) –  A virtual private network (VPN) does not make you “private”

You probably already know what a VPN is, but just in case you don’t, here’s a situation (or a refresher!). You’re engrossed in a film. In a sports automobile on the highway, a criminal tries to flee a crime scene. From the above, a helicopter is chasing the automobile. The helicopter loses track of the automobile as it reaches a tunnel with many exits.

A VPN works in the same way as the tunnel in this movie scene does: it joins multiple routes and merges them into one, and a helicopter can’t see what’s going on inside. I’m sure a VPN service has been recommended to you by a number of people. They usually tell you that a VPN is fantastic because it allows you to access geo-restricted content, bypass China’s Great Firewall, and browse the internet safely.

Governments can spy on you, internet companies can sell your surfing history, and tech giants can amass massive quantities of data to track you throughout the web. Many people believe that VPNs, or virtual private networks, can shield them from snoopers and spies. However, if VPNs attempt to fix a problem, they can expose you to far bigger privacy threats.

VPNs do not protect your privacy or provide anonymity by default. VPNs simply redirect all of your internet traffic away from your internet provider’s servers and toward the VPN provider’s servers.

That raises the question of why you should trust a VPN that claims to secure your privacy better than your ISP. You can’t, and you shouldn’t, rather set up your own VPN.

Section (b) – Should I use a VPN to keep myself safe online?

You have an immediate answer NO. Here is the rationale behind it – many cafes and motels do not devote a significant amount of time to safeguarding their Wi-Fi infrastructure. It implies that a user may see another computer’s user on the local network, much like at home. Furthermore, if a hacker is present in your favorite coffee shop, they may be able to snoop on your internet traffic in order to gather information about you.

Yes, you. You are popular but in a dangerous way! Assume that all of the free VPN apps in the App Store and Google Play are there for a reason. Free VPNs are by far among the worst offenders. If it’s free, you’re the product, as the saying goes. That is to say, they profit from you – specifically, your sensitive data. VPNs, like any free service, are frequently sponsored by advertisements. This entails selling your internet traffic to the highest bidder in order to give you tailored adverts when connected to the VPN. They’ll track your online behaviour, sell it to marketers, place their own adverts on non-secure pages, or steal your identity. Free VPNs should be avoided at all costs. Other free VPN services have been accused of introducing advertisements into the websites you browse.

When it comes to premium services, you can get internet privacy for (in between) $5 to $20 each month. But first, take a look at their terms of service and  privacy policy. I’ve encountered a lot of VPNs that record your internet traffic, exchange data with government police, and other things. Pay attention to the small print [I mean it!].

Some VPN services claim to preserve your privacy by not storing records or tracking which websites you visit or when you visit them. While this may be true in some circumstances, there’s no way of knowing for certain.

In reality, several VPN companies have stated that they don’t keep any logs, but this has been proven to be incorrect.

[4] Cut to the chase!

When using public Wi-Fi, a home VPN creates an encrypted tunnel for you to utilise, and it can even allow you to access country-specific services from outside the country—all from your Android, iOS, or Chromebook. The VPN would give you secure remote access to your home network. You could even grant other individuals access, making it simple to offer them access to servers you host on your home network.

You might also set up a VPN server on one of your personal computers. However, you’ll want to utilize a computer or device that is always on—not a desktop PC that you would probably turn off when you leave the house. Windows has a built-in means to host VPNs, while Apple’s Server program also has a VPN server option.

Windows has a built-in means to host VPNs, while Apple’s Server programme also has a VPN server option. However, these aren’t the most powerful (or secure) solutions available, and they can be difficult to set up and get running properly.Windows has a built-in means to host VPNs, while Apple’s Server programme also has a VPN server option. However, these aren’t the most powerful (or secure) solutions available, and they can be difficult to set up and get running properly.

Installing a third-party VPN server, such as OpenVPN, is also an option. VPN servers are accessible for almost any operating system, including Windows, Mac OS X, and Linux. All you have to do now is forward the required ports from your router to the PC that will execute the server software.

Section (a) – Windows built-in VPN

Although this option is relatively buried, Windows has the ability to function as a VPN server utilising the point-to-point tunnelling protocol (PPTP). Here’s where to look for it and how to set up your VPN server.

NOTE – Some users who have installed the Windows 10 Creators Update may experience difficulties setting up a VPN server because the Routing and Remote Access Service does not start. This is a known problem that has yet to be resolved through software updates.

Method 1:

Step 1 – To set up a VPN server on Windows, go to Start > Settings > Network Connections.

Step 2 – Go to Network & Internet.

Step 3 – Go to VPN and click on “add a VPN connection”.

Step 4 – Go to https://www.vpnbook.com/, click on PPTP and copy the details in a notebook/ sticky notes

Step 5 – Once you click on “add a VPN connection” you will see a pop up window like this:

You have to click on the VPN provider where you will see Figure (b) and add fields like in Figure (c)

Figure (a)
Figure (b)
Figure (c)

NOTE – wait unless you’re connected or if you run into problems then you may have some problems with your network drivers.

Creating a VPN Server (continued)

Method 2:

Step 1 – To set up a VPN server on Windows, go to Start > Control Panel > Network Connections. To do so quickly, go to Start, type “ncpa.cpl,” and then click the result (or simply press Enter).

Step 2 – To open the full options in the “Network Connections” box, use the Alt key, open the “File” menu, and then select the “New Incoming Connection” option, subsequently.

Figure (a) – before ALT key
Figure (b) – after ALT key
Figure (c) – New Incoming Connection

Step 3 – Select the user accounts that will be able to connect remotely next. Instead of allowing VPN logins from your primary user account, you may wish to create a new, limited user account to boost security. By clicking the “Add someone” button, you can do so. Whatever user account you choose, make sure it has an extremely strong password, as a weak password can be cracked with a dictionary attack.

Click the “Next” button once you’ve chosen your user.

Step 4 – To allow VPN connections over the Internet, select the “Through the Internet” option on the next screen. You’ll probably just see that choice here, but if you have the dial-up hardware, you could also enable incoming connections using a dial-up modem.

Step 5 – The networking protocols that should be enabled for incoming connections can then be selected. You can uncheck the “File and Printer Sharing for Microsoft Networks” option, for example, if you don’t want anyone connected to the VPN to have access to shared files and printers on your local network.

When everything is in place, click the “Allow Access” button.

Step 6 –  After that, Windows configures access for the user accounts you choose, which can take a few moments.

Your VPN server should now be up and running, ready to accept inbound connection requests. Return to the “Network Connections” window and eliminate the “Incoming Connections” item if you wish to disable the VPN server in the future.

Router Setup

If you’re using the Internet to connect to your new VPN server, you’ll need to configure port forwarding so that your router knows to transmit traffic of that sort to the correct computer. Forward port 1723 to the IP address of the machine where you set up the VPN server on your router’s settings page. Check out our tutorial on how to forward ports on your router for additional information.                              

Create a port forwarding rule that passes a random “external port”—such as 23243—to “internal port” 1723 on your machine for optimal protection. This allows you to connect to the VPN server using port 23243 and protects you against harmful programmes that scan for and attempt to connect to VPN servers using the default port.

You might also use a router or firewall to enable only particular IP addresses to connect to your network.

Connecting to Your VPN Server

You’ll need your computer’s public IP address (your network’s Internet IP address) or, if you’ve set up a dynamic DNS service, its dynamic DNS address to connect to the VPN server. Follow method 1 Figure A to C for this.

Section (b) – macOS Server for $19.99

If you know your way around a network, it shouldn’t take you more than a half hour to set up. And if you don’t, this is an excellent opportunity to learn.

MacOS Server, Apple’s server software, has an easy-to-configure VPN service that gives you encrypted internet access from anywhere while also allowing you to view your files remotely. All you’ll need is:

  • A Mac desktop that is always ethernet connected to your network. On Craigslist, you may locate an inexpensive Mac Mini, or you could use an existing iMac if you already have one.
  • macOS Server costs $19.99 and can be downloaded from the Mac App Store.
  • A router with port forwarding and dynamic DNS that you can set up.
  • Because of their integration, Apple’s AirPort routers make things incredibly simple, but other routers should function properly.

Step 1 – macOS Server Installation

If you haven’t already, get macOS Server ($19.99) from the Mac App Store and install it on the computer you’ll be using as your VPN. If you have an iMac, you could utilise it as a server, or you could use a Mac Mini purchased particularly for that purpose.

This page can be handy.

Please feel free to run the software when it has been installed; it will set up a few variables and then be ready for your use. Also, before we can utilise the VPN, we’ll need to set up a few things on your network.

Step 2 – Configure Port Forwarding

Port forwarding, which must be configured at the router level, is required to connect to your VPN. If you have an Apple AirPort router, you’re in luck: macOS Server will take care of this for you when you set up your VPN. You may skip this section and instead follow the directions when they appear later. To begin, type your router’s IP address into a web browser to gain access to its admin panel.

Image by Justin Pot via Howtogeek

Then, select the port forwarding settings and forward the following ports to the IP address of your macOS Server:

UDP 500 – ISAKMP/IKE;

UDP 1701 – L2TP; and

UDP 4500 – IPsec NAT Traversal.

Step 3 – Configure Dynamic DNS

Instead, you’ll need to configure dynamic DNS on your router, which will provide you with a web address that you may use to connect to your home network from away.

Step 4 – Turn on the VPN service.

Return to your macOS Server and open the macOS Server application. Go to the VPN area of the website.

Step 5 – Turn on the VPN service.

Return to your macOS Server and open the macOS Server application. Go to the VPN area of the website. Type the Dynamic DNS address you set up above (or your ISP’s static IP, if you have one) in the “VPN Host Name” field. In that box, create a unique “shared secret”: the longer and more random it is, the more secure your connection will be. For usage on other devices, copy this secret.

Everything else on this page is purely optional and geared toward more advanced users. You can assign a block of local IP addresses for connected devices using Client Addresses. DNS settings allow you to specify which DNS servers linked devices utilise. Routes, on the other hand, allow you to specify the connection path followed by connected devices.

When you’ve finished configuring everything, click the huge On/Off switch in the top-right corner. Your VPN will be activated.

Image by Justin Pot via Howtogeek

Eventually, there’s a button labelled “Configuration Profile.” This will create a file that you can send to iOS and macOS devices to rapidly configure a VPN connection, sparing you and any other users the time and effort of typing out the Shared Secret and setting things.

Time to ACT!!

How to Set Up a Virtual Private Network (VPN)

It’s time to connect to your VPN from a different device now that it’s been set up. It’s worth noting that you can’t connect locally; it’ll only work if you’re not connected to your home network. To test things, I used my neighbor’s Wi-Fi, but you could also disable Wi-Fi on your phone and connect using your data connection instead.

On a Mac, the simplest method is to establish a Configuration Profile on the server that hosts your VPN connection, then open that Profile. This will set up your Mac to connect to your VPN with only a username and password required.

If that isn’t an option, you can always do it manually. To create a new network, go to System Preferences > Network and click the “+” button in the bottom-left corner. Select “VPN.” Choose “L2TP over IPSec” as your VPN type, and then call it whatever you want. Select “Create”.

Image by Justin Pot via Howtogeek

Use your static IP or dynamic DNS address as the server address, and the primary account on your macOS Server as the account name. After that, go to “Authentication Settings.”

Image by Justin Pot via Howtogeek

Enter your Shared Secret and, if you want to avoid having to type it in every time, your user password.

You should be able to connect to your VPN at this point! If your device supports L2TP, you can connect from iOS, Windows, Linux, and Android. All you’ll need is:

  • Your IP address or dynamic DNS address
  • The VPN protocol used is L2TP with IPSec.
  • Your Confidential Information
  • A username and password are required.

Conclusion

If you submit sensitive information to an unencrypted website or download malware by accident, a VPN will not protect you. In other words, a VPN protects you while you’re in transit from one site to the next, but it won’t protect you from acts you take after you are at your destination.

P.S We hear you, you want a VPN set up for your Android and iPhone or iPad? Keep an eye out for part (2) of this guide.