A virtual private network (VPN) can secure your online browsing activity, which is beneficial in this modern era of always-connected devices. A VPN encrypts the network traffic to and from your device and funnels that information through an external server. It hides your unique home internet protocol (IP) address for increased privacy from outside threats. And pairing one of the best Chromebooks with a VPN protects you while online; not even your internet service provider (ISP) can keep tabs on you. VPNs can also bypass blocked websites or services, allowing you to watch content from other countries.

However, not all VPN providers can be trusted, as some may keep track of your browsing activity for advertising purposes. They sell that information to third-party companies, leading to user-targeted advertisements or annoying spam. Also, some VPN providers are designed with ill intent to siphon your private data without your consent. At the same time, some countries may force legitimate VPN providers to log the data from their users by law. This makes a VPN lose most of its core benefits if you value your online privacy, so you must be careful in such situations.

Should you host your own VPN server?

Hosting a VPN server can enhance your online security and privacy by putting you in control of your data. Since the web traffic is routed through your encrypted server, you won't worry about third-party companies logging your browsing activity. That means no unnecessary targeted ads or extra spam. This option may not be the best choice for everyone, but give it a shot if you don't trust most third-party VPN providers. In the sections below, we discuss the key benefits and drawbacks of hosting a VPN server while explaining how to set one up.

This guide demonstrates how to set up a remote Linode virtual private server (VPS) running OpenVPN, which costs $5 per month. While you can locally host your VPN server from home, you'll get better speeds with minimal downtime using a remotely-hosted VPS. You also won't worry about local hardware failures or device management, simplifying the setup process. And you don't need experience with the Linux operating system or servers. You even have the option to choose from multiple regions, which is helpful if you're outside the U.S. market.

What are the benefits and drawbacks of hosting your own VPN server?

Hosting your own VPN server has multiple advantages and disadvantages for you to consider. Here are some of the most common ones to help you decide whether or not to host a VPN server for yourself.

Advantages

  • You're in control of your data. The web traffic is routed through your personal VPN server, keeping the data in your hands.
  • It's typically cheaper or on par with a premium paid VPN service.
  • You can use the VPN server for other things, like hosting a website or Nextcloud installation.
  • Websites and services that ban VPNs likely won't detect your server because it won't be on an IP block list. This doesn't apply to Android apps since they can see when a VPN or proxy is used.

Disadvantages

  • Staying entirely anonymous isn't possible because the VPS host has your name and personal payment information.
  • Your total bandwidth is limited. Linode gives you 1TB a month, but you only get half of that because the data goes from the origin point to the VPN. And after that, it goes from the VPN back to you.
  • You don't get the unique features that some VPN services provide unless you know how to implement them manually. This can include options like malware protection and blocking ads that track you.
  • You can't easily switch between different countries or locations.

How to set up a Linode VPS

You'll need to create a virtual private server (VPS) to get started with your own VPN server. The VPS can be thought of as the container that hosts your custom VPN server. You can choose from many VPS providers, but Linode is an excellent option for beginners since it's easy to navigate. DigitalOcean is another popular choice we highly recommend as a great alternative. However, we use Linode in our examples for this guide to keep things as simple as possible. To begin working with your first Linode VPS, follow the steps below.

Since February 2022, Linode has been in the process of merging with Akamai for a more powerful cloud-based solution. As of this time, the new platform will be known as Akamai Connected Cloud.

Start the initial VPS setup process

The first part of the process involves creating a Linode account and setting up a few options for your new VPS. Once finished, you'll be one step closer to creating your own VPN server.

To get started with that with the quick setup, check out the following:

  1. Visit the Linode website and create an account if you don't have one. (Our custom referral link gives us a small credit when you join the Linode service.) You'll need to enter your billing information before continuing.
  2. Go to your dashboard, click the Create button, and select Linode. Or go directly to this link. This is where you'll choose the specific hardware your server will have and the location where it will be hosted.
  3. In the Choose a Distribution box, select the newest available Ubuntu LTS release. Regarding our example server, 21.04 LTS was the latest version available.
  4. Choose the region you want your VPN to be located in. If you want to change the location later, you'll need to contact Linode support.
    Selecting an Ubuntu version and region in the Linode dashboard

  5. Select Nanode 1GB from the list of Shared CPU options for the plan. VPNs don't require much processing power to operate, so this low-spec option should be more than suitable.
    Selecting the Linode virtual hardware plan in the Linode dashboard

Choose a unique password and create your first VPS

Now that your VPS has been created with the basic options and features you need, you'll need to add a password to keep it safe. Once you do, you can log in to your VPS and set up your first VPN.

To create a password for your newly created VPS, do the following:

  1. Enter a password in the Root Password box. Select a secure and unique combination to protect your account from outside threats.
  2. Click the Create button and wait for the VPS to finish generating and booting.
  3. Now you have a fresh new server ready to run a VPN.
    An example of what the main overview screen looks like for a Linode account using a virtual hardware plan

Log in to the VPS

Your VPS doesn't have a graphical user interface (GUI) like Windows or macOS, so there's no simple way to manage it visually. You only have a command line interface to rely on and nothing else. Still, these steps are easy to follow even if you aren't comfortable with command line interfaces. And if you've used a terminal app on macOS, Linux, or Android, you'll feel right at home going through this process.

To log in to your VPS from here, check out these steps to get started:

  1. Once your VPS is open, click the Launch LISH Console button in the upper-right corner. This opens a web-based terminal, which prompts you to log in to your account.
  2. Type root, press Enter, then type your root password. You don't usually get any visual feedback as you type. That's normal behavior in a terminal environment.
  3. Press Enter once more to confirm your choice.
  4. After logging in to your VPS, you're greeted with a "Welcome to Ubuntu" message.
    Entering a root password in an Ubuntu command line to log into a VPS via Linode

Getting comfortable with the command line interface is beneficial if you plan to add advanced VPN features later. This list of common commands will help if you've never used a terminal on Linux or macOS before.

Set up the VPN

Now it's time to dive into the command line interface and set up the VPN. This is the easiest step since we use the OpenVPN road warrior install script to get everything running. The script asks for basic information as a part of the setup process, including your IP address, protocol, and port number.

To get started, run this command in the console window (that's the letter O after VPN, not a zero):

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh 

Then follow these steps:

  1. Press Enter when you get to the protocol and DNS server.
  2. When asked for the port number, type 443. Many networks block the default OpenVPN ports, so changing it to 443, which is used for HTTPS traffic, can prevent some types of blocks.
  3. Enter your name when asked.
  4. The script installs the required software and sets everything up.

Once the script is done, it exports a .ovpn file to the /root/ folder. This file contains your VPN's connection and login information, which you'll need to retrieve from the server manually. Keep these credentials safe and secure by not sharing them with anyone else.

An example of the .opvn file being generated at the root folder

Download the login info

The easiest way to transfer the .ovpn file to your device is to temporarily start a web server, allowing you to download it using any web browser. Once you finish the download, stop the server and store the .ovpn file somewhere safe. Some examples include a secure computer or an external media drive that only you can access.

To start a web server, run the following command:

python3 -m http.server 80

Then follow these steps:

  1. After the server is up and running, paste your server's IP address to the appropriate location. You'll find this on the Linode Summary page in your browser's address bar. Ensure it doesn't start with https:// since your server doesn't have a security certificate by default.
  2. ​​​​​​You'll see a simple directory listing with a few different files for you to choose from. Click the .ovpn file to download it.

If you want to set up a VPN on your smartphone, repeat the same process on that device. Alternatively, you can transfer the .ovpn file from your computer to your phone using your preferred method. We recommend a local offline solution, such as a USB cable connection, for maximum security. You can use cloud-based storage for more convenience. However, it's a less secure option when dealing with sensitive VPN security settings.

Showing what the basic directory looks like where the .opvn file is stored

After downloading the file, shut down the server to protect your data from any future outside threats. Press the CTRL and C keys on your keyboard simultaneously to end the server. You'll see an "exiting" message. You can also reboot your VPS from the Linode dashboard to stop the server if that doesn't work.

The OVPN file allows anyone to connect to your VPN server, so ensure it doesn't fall into the wrong hands. If you think someone is accessing your VPN who shouldn't be, rerun the VPN setup command. This revokes the existing file permission and generates a new one. Then, only you have access to the file.

Connect to the VPN

Now that you've set up your VPN and downloaded the connection file, it's time to give it an official test run. OpenVPN clients are available for every major operating system, giving you a range of flexibility. This guide only covers connecting to your new VPN using an Android device or a Chromebook with access to the Google Play Store. For Windows, Mac, and iOS, VPNGate has an excellent guide.

There are a few OpenVPN clients for Android, with various options that appeal to many users. We recommend OpenVPN for Android because it works well and is open source, so you can trust it as a reliable and safe VPN client for your server.

To get started with OpenVPN, do the following:

  1. Download OpenVPN from the Google Play Store.
  2. Open the app and press the Agree button to continue.
  3. Tap the Upload File tab in the upper-right corner.
  4. Tap the Browse button and locate the .ovpn file on your internal storage.
  5. Select OK to confirm and import the .ovpn file into the OpenVPN app.

From the main screen, tap the new entry, and you're connected to your custom VPN server. Chrome OS supports Android VPNs, so this app works for Chromebooks. You'll see a lock icon next to the Wi-Fi indicator.

Secure the server

Since your VPN is an always-on server that receives and transmits personal data, you must ensure your browsing sessions stay secure. Take a few additional steps to reduce server-side security vulnerabilities that could pop up later. To enhance the security of your VPN server, we have a few tips for you to implement in the section below.

Enable automatic updates

The first thing to do is enable automatic package updates, allowing your server to stay secure without requiring you to lift a finger. This also keeps you from manually logging in periodically to install the updates, making your life easier in the future.

Run this command in the web-based terminal to install the updates that are available for your server:

apt update && apt upgrade -y

Once that's done, run this command to install the automatic updater:

apt install -y unattended-upgrades

Now you're all set! From this point forward, your server automatically checks for and installs updates with minimal (if any) downtime to your VPN. If you get a message like unattended-upgrades is already the newest version, it was previously installed in the system image provided by Linode.

Turn off SSH access

If you aren't using your server for anything besides a VPN, consider turning off remote access via SSH. This prevents anyone, including yourself, from logging in to the server remotely. You can only sign in using the console via the Linode dashboard, which helps stop brute-force login attacks on your server.

First, run this command through the web-based terminal to disable the SSH server from starting when the server boots up:

systemctl disable ssh.service

Then, stop the server that's currently active with this command:

systemctl stop ssh.service

Now that remote access to your server has been turned off, it's only accessible from the Linode console and nowhere else. To revert to the default settings at a later date, run the following command in the web-based terminal:

systemctl enable ssh.servicesystemctl start ssh.service

Set up two-factor authentication

The final step in securing your VPN server involves enabling two-factor authentication (2FA) for your Linode account. This adds an extra layer of security, making it challenging for an unauthorized party to access your server credentials. A unique code is required every time you log in to Linode, so don't lose access to the authenticator app. Otherwise, you might have difficulty logging in to your account. Always keep backup codes to avoid getting locked out of your account.

To enable 2FA on your Linode account, do the following:

  1. With the Linode dashboard open, click your profile icon in the upper-right corner.
  2. Select Login & Authentication.
  3. Turn on the toggle under Two-Factor Authentication.
  4. Scan the code with your 2FA app of choice to finish the setup.

If you don't know which 2FA app to use, check out our guide for the best 2FA apps on Android. We cover some of the most well-known examples from the Google Play Store, which should help make your decision easier.

How to manage your VPN

Congratulations, you now have your own functional VPN server! For the most part, you're done, but there are a few final things to consider. For starters, you need to install the OpenVPN client on your other devices, which allows them to access your VPN server. And even if your server is rebooted (when Linode performs maintenance, for example), the VPN automatically restarts. You might add or remove custom profiles for your server if you need more fine-tuned control, but that's up to you.

How to troubleshoot common problems

If something isn't working, rebooting your server might be the single fix that makes everything better. It's one of the easiest things to do and often yields good results.

To reboot your server, do the following:

  1. Go to your Linode dashboard, then select the VPN server.
  2. Click the Running button in the upper-right corner, and select Reboot. This command tells your server to perform a system restart, allowing it to shut down safely and start back up in a fresh new state.
    An example of the reboot button to restart a VPN server via the Linode dashboard

How to add or remove VPN profiles

Now that you've linked your first OpenVPN profile directly to the .ovpn file, you can add new users as needed. With a few simple steps, you can create more profiles to let other people access your VPN. And for administrative purposes, you can remove a profile later to revoke someone's access.

To get started, rerun the VPN setup script in the web-based terminal:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

You'll see a series of options. Type the number for the one you want and press Enter. The script walks you through the rest, so the setup process should be straightforward after that.

How to delete your VPS

If you don't want to host your own VPN anymore, you can delete the server with a few clicks. You must go to your Linode account settings and remove it from your VPS, which is a simple process.

To delete a VPN server from your Linode account, do the following:

  1. Go to your Linode Dashboard, then select the VPN server.
  2. Click the Settings tab at the top.
  3. Click Delete Linode.
  4. Your server is removed and no longer accessible to you or anyone else.

Hosting a VPN server is great if you stick with it

Hosting a VPN server for yourself might be right up your alley if you have trust issues with third-party VPN providers. Doing so gives you complete freedom and control over your browsing data, which means no one else can access that information. And for a VPN to be the most effective, you'll need to keep it always active. Going forward, you'll have to be more aware of the device bandwidth you use to avoid exceeding your monthly data limit. Not everyone will want to go this route permanently, but the learning experience gained is worth the curiosity.

If you want to know more about VPNs, we have a guide on what a VPN is and why you should use one on your smartphone. We cover how a VPN works, a few modern security protocols, and some key areas where it can't fully protect you online.