How to Set Up Your Own Home VPN Easily

Haseeb Awan
calender icon
April 27, 2023

Introduction

The Internet is a challenging place for those who value their privacy. People are (legitimately) concerned about their privacy after the senate voted to allow internet service providers (ISPs) to sell your personal information to advertisers. While protecting your privacy is crucial, this does not need signing up for a VPN service and tunneling all of your internet activity via VPN servers.

Enough jibber-jabber from me; let's get on with the guide to setting up a home VPN.

SIM Swap Protection

Get our SAFE plan for guaranteed SIM swap protection.

Protect Your Phone Now

What is a Virtual Private Network (VPN)?

The term VPN refers to a virtual private network that uses the Internet as its transport mechanism while keeping the data on the VPN "secure".

This question can be answered in a variety of ways. It all relies on how your network is set up. The most frequent design is to have a single primary internal network with remote nodes accessing the central network through VPN. Remote workplaces or employees working from home are prominent examples of remote nodes. You can join two small (or large) networks to create a single, more extensive network.

How Does A VPN Work?

Simply put, a VPN is created by creating a secure tunnel between two networks and routing IP via it. Here are some diagrams to help visualize this notion (using IP masquerading):

The Client Router is a Linux system that serves as the remote network's firewall or gateway. The local IP address 192.168.12.0 is used by the remote network. The central concept is to use the tunnel to transport traffic for all private networks (10.0.0, 172.16.0.0, and 192.168.0.0).

This is one way of doing things. To put it another way, while the distant network can see the private network, the private network cannot always see the remote network. You must declare that the routes are bidirectional for this to happen.

Why VPN is Important?

A VPN's security is extremely crucial. Isn't that why you're making one in the first place? When setting up your server, there are a few things to remember.

  • Disallow passwords - You don't use passwords. You disable them totally. SSH's public key authentication system should be used for all authentication on this workstation. Only those with keys will be able to enter because remembering a binary key that is 530 characters long is very hard.
  • So, how do you go about doing that? It necessitates the modification of the /etc/passwd file. The second field contains either the hash of the password or an 'x' indicating that the authentication system should look in the /etc/shadow file. Rather than "*," you modify that field to "*." This informs the authentication system that no password exists and no password should be used.

SIM Swap Protection

Get our SAFE plan for guaranteed SIM swap protection.

Protect Your Phone Now

How to Set Up a Virtual Private Network (VPN) at Home?

Choosing the device to set a VPN

When using public Wi-Fi, a home VPN creates an encrypted tunnel for you to utilize, and it can even allow you to access country-specific services from outside the country—all from your Android, iOS, or Chromebook. The VPN would give you secure remote access to your home network. You could even grant other individuals access, making it simple to offer them access to servers you host on your home network.

You might also set up a VPN server on one of your personal computers. However, you'll want to utilize a computer or device that is always on—not a desktop PC that you would probably turn off when you leave the house. Windows has a built-in means to host VPNs, while Apple's Server program also has a VPN server option.

Windows has a built-in means to host VPNs, while Apple's Server program also has a VPN server option. However, these aren't the most powerful (or secure) solutions, and they can be challenging to set up and run properly. Windows has a built-in means to host VPNs, while Apple's Server program also has a VPN server option. However, these aren't the most powerful (or secure) solutions, and they can be challenging to set up and run correctly.

Installing a third-party VPN server, such as OpenVPN, is also an option. VPN servers are accessible for almost any operating system, including Windows, Mac OS X, and Linux. You must now forward the required ports from your router to the PC that will execute the server software.

How to run windows built-in VPN

Although this option is relatively buried, Windows can function as a VPN server utilizing the point-to-point tunneling protocol (PPTP). Here's where to look for it and how to set up your VPN server.

NOTE - Some users who have installed the Windows 10 Creators Update may experience difficulties setting up a VPN server because the Routing and Remote Access Service does not start. This known problem has yet to be resolved through software updates.

Method 1:

Step 1 - To set up a VPN server on Windows, go to Start > Settings > Network Connections.

Step 2 - Go to Network & Internet.

Step 3 - Go to VPN and click "Add a VPN connection".

Step 4 - Go to https://www.vpnbook.com/, click on PPTP and copy the details in a notebook/ sticky notes.

Step 5 - Once you click on "Add a VPN connection," you will see a pop-up window like this:

NOTE - wait unless you're connected, or if you run into problems, you may have some problems with your network drivers.

Creating a VPN Server (continued)

Method 2:

Step 1 - To set up a VPN server on Windows, go to Start > Control Panel > Network Connections. To do so quickly, go to Start, type "ncpa. cpl," and then click the result (or simply press Enter).

Step 2 - To open the full options in the "Network Connections" box, use the Alt key, open the "File" menu, and then select the "New Incoming Connection" option, subsequently.

Step 3 - Select the user accounts that can connect remotely next. Instead of allowing VPN logins from your primary user account, you may wish to create a new, limited user account to boost security. By clicking the "Add someone" button, you can do so. Whatever user account you choose, ensure it has a strong password, as a weak password can be cracked with a dictionary attack.

Click the "Next" button once you've chosen your user.

Step 4 - Select the "Through the Internet" option on the next screen to allow VPN connections over the Internet. You'll probably just see that choice here, but if you have the dial-up hardware, you could enable incoming connections using a dial-up modem.

Step 5 - The networking protocols that should be enabled for incoming connections can then be selected. You can uncheck the "File and Printer Sharing for Microsoft Networks" option, for example, if you don't want anyone connected to the VPN to access shared files and printers on your local network.

When everything is in place, click the "Allow Access" button.

Step 6 -  After that, Windows configures access for the user accounts you choose, which can take a few moments.

Your VPN server should now be up and running, ready to accept inbound connection requests. Return to the "Network Connections" window and eliminate the "Incoming Connections" item if you wish to disable the VPN server in the future.

How to Setup A VPN Router?

If you're using the Internet to connect to your new VPN server, you'll need to configure port forwarding so that your router knows to transmit traffic of that sort to the correct computer. Forward port 1723 to the machine's IP address, where you set up the VPN server on your router's settings page. Check out our tutorial on forwarding ports on your router for additional information.                             

Create a port forwarding rule that passes a random "external port"—such as 23243—to "internal port" 1723 on your machine for optimal protection. This allows you to connect to the VPN server using port 23243 and protects you against harmful programs that scan for and attempt to connect to VPN servers using the default port.

You might also use a router or firewall to enable only particular IP addresses to connect to your network.

How to connect to VPN server?

You'll need your computer's public IP address (your network's Internet IP address), or if you've set up a dynamic DNS service, its dynamic DNS address to connect to the VPN server.

macOS Server for $19.99

Knowing your way around a network shouldn't take you more than a half-hour to set up. And if you don't, this is an excellent opportunity to learn.

macOS Server, Apple's server software, has an easy-to-configure VPN service that gives you encrypted internet access from anywhere while also allowing you to view your files remotely. All you'll need is:

  • A Mac desktop that is always ethernet connected to your network. On Craigslist, you may locate an inexpensive Mac Mini, or you could use an existing iMac if you already have one.
  • macOS Server costs $19.99 and can be downloaded from the Mac App Store.
  • A router with port forwarding and dynamic DNS that you can set up.
  • Because of their integration, Apple's AirPort routers make things incredibly simple, but other routers should function properly.

Step 1 - macOS Server Installation

If you haven't already, get macOS Server ($19.99) from the Mac App Store and install it on the computer, you'll be using as your VPN. If you have an iMac, you could utilize it as a server or use a Mac Mini purchased particularly for that purpose.

This page can be handy.

Please feel free to run the software when installed; it will set up a few variables and then be ready for your use. Also, before we can utilize the VPN, we'll need to set up a few things on your network.

Step 2 - Configure Port Forwarding

Port forwarding, which must be configured at the router level, is required to connect to your VPN. If you have an Apple AirPort router, you're in luck: macOS Server will take care of this for you when you set up your VPN. You may skip this section and instead follow the directions when they appear later. To begin, type your router's IP address into a web browser to gain access to its admin panel.

Then, select the port forwarding settings and forward the following ports to the IP address of your macOS Server:

UDP 500 - ISAKMP/IKE;

UDP 1701 - L2TP; and

UDP 4500 - IPsec NAT Traversal.

Step 3 - Configure Dynamic DNS

Instead, you'll need to configure dynamic DNS on your router, providing you with a web address that you may use to connect to your home network from away.

Step 4 - Turn on the VPN service

Return to your macOS Server and open the macOS Server application. Go to the VPN area of the website. Type the Dynamic DNS address you set up above (or your ISP's static IP, if you have one) in the "VPN Host Name" field. In that box, create a unique "shared secret": the longer and more random it is, the more secure your connection will be. For usage on other devices, copy this secret.

Everything else on this page is purely optional and geared toward more advanced users. You can assign a block of local IP addresses for connected devices using Client Addresses. DNS settings allow you to specify which DNS servers linked devices utilize. Routes, however, allow you to specify the connection path followed by connected devices.

When you've finished configuring everything, click the vast On/Off switch in the top-right corner. Your VPN will be activated.

Eventually, there's a button labeled "Configuration Profile." This will create a file you can send to iOS and macOS devices to rapidly configure a VPN connection, sparing you and other users the time and effort of typing out the Shared Secret and setting things.

How to Set Up a Virtual Private Network (VPN)?

It's time to connect to your VPN from a different device now that it's been set up. You can't connect locally; it'll only work if you're not connected to your home network. To test things, I used my neighbor's Wi-Fi, but you could also disable Wi-Fi on your phone and connect using your data connection instead.

On a Mac, the simplest method is to establish a Configuration Profile on the server that hosts your VPN connection, then open that Profile. This will set up your Mac to connect to your VPN with only a username and password.

If that isn't an option, you can always do it manually. To create a new network, go to System Preferences > Network and click the "+" button in the bottom-left corner. Select "VPN." Choose "L2TP over IPSec" as your VPN type, and then call it whatever you want. Select "Create".

Use your static IP or dynamic DNS address as the server address and the primary account on your macOS server as the account name. After that, go to "Authentication Settings."

Enter your Shared Secret and, if you want to avoid typing it in every time, your user password.

You should be able to connect to your VPN at this point! If your device supports L2TP, you can connect from iOS, Windows, Linux, and Android. All you'll need is:

  • Your IP address or dynamic DNS address
  • The VPN protocol used is L2TP with IPSec.
  • Your Confidential Information
  • A username and password are required.

VPN Myth vs Reality

A virtual private network (VPN) does not make you "private"

You probably already know what a VPN is, but if you don't, here's a situation (or a refresher!). You're engrossed in a film. In a sports automobile on the highway, a criminal tries to flee a crime scene. From the above, a helicopter is chasing the automobile. The helicopter loses track of the automobile as it reaches a tunnel with many exits.

A VPN works the same way as the tunnel in this movie scene does: it joins multiple routes and merges them into one, and a helicopter can't see what's happening inside. I'm sure a VPN service has been recommended to you by several people. They usually tell you that a VPN is fantastic because it allows you to access geo-restricted content, bypass China's Great Firewall, and browse the Internet safely.

Governments can spy on you, internet companies can sell your surfing history, and tech giants can amass massive quantities of data to track you throughout the web. Many believe VPNs, or virtual private networks, can shield them from snoopers and spies. However, VPNs can expose you to far more significant privacy threats if they attempt to fix a problem.

VPNs do not protect your privacy or provide anonymity by default. VPNs simply redirect all your internet traffic away from your internet provider's servers and toward the VPN provider's servers.

That raises the question of why you should trust a VPN that claims to secure your privacy better than your ISP. You can't and shouldn't instead set up your own VPN.

Should I use a VPN to keep myself safe online?

You have an immediate answer, NO. Here is the rationale: many cafes and motels do not devote much time to safeguarding their Wi-Fi infrastructure. It implies that a user may see another computer's user on the local network, much like at home. Furthermore, if a hacker is present in your favorite coffee shop, they may be able to snoop on your internet traffic to gather information about you.

Yes, you. You are popular but in a dangerous way! Assume that all free VPN apps in the App Store and Google Play exist for a reason. Free VPNs are by far among the worst offenders. If it's free, you're the product, as the saying goes. That is to say, they profit from you – specifically, your sensitive data. VPNs, like any free service, are frequently sponsored by advertisements. This entails selling your internet traffic to the highest bidder to give you tailored adverts when connected to the VPN. They'll track your online behavior, sell it to marketers, place their own adverts on non-secure pages, or steal your identity. Free VPNs should be avoided at all costs. Other free VPN services have been accused of introducing advertisements to browse websites.

Regarding premium services, you can get internet privacy for (in between) $5 to $20 each month. But first, consider their terms of service and privacy policy. I've encountered a lot of VPNs that record your internet traffic, exchange data with government police, and do other things. Pay attention to the small print.

Some VPN services claim to preserve your privacy by not storing records or tracking which websites you visit or when you visit them. While this may be true in some circumstances, there's no way of knowing.

In reality, several VPN companies have stated that they don't keep any logs, but this has been proven incorrect.

Top 10 Most Secure VPN Services

Here is a list of the top 10 best and most secure VPN services for 2023.

  1. Private Internet Access
  2. Express VPN
  3. Nord VPN
  4. Proton
  5. CyberGhost
  6. Torguard VPN
  7. IPVanish
  8. VPN Unlimited (aka KeepSolid)
  9. SurfShark
  10. Hotspot Shield
Read this blog for more information.

Conclusion

If you submit sensitive information to an unencrypted website or download malware accidentally, a VPN will not protect you. In other words, a VPN protects you while you're in transit from one site to the next, but it won't protect you from acts you take after you are at your destination.

Haseeb Awan
CEO, Efani Secure Mobile

I founded Efani after being Sim Swapped 4 times. I am an experienced CEO with a demonstrated history of working in the crypto and cybersecurity industry. I provide Secure Mobile Service for influential people to protect them against SIM Swaps, eavesdropping, location tracking, and other mobile security threats. I've been covered in New York Times, The Wall Street Journal, Mashable, Hulu, Nasdaq, Netflix, Techcrunch, Coindesk, etc. Contact me at 855-55-EFANI or haseebawan@efani.com for a confidential assessment to see if we're the right fit!

Related Articles

SIM SWAP Protection

Get our SAFE plan for guaranteed SIM swap protection.