Keeping Your Privacy: How to Set-up Your Own VPN Using Cloud Providers
This post is part of a series called “Keeping Your Privacy”.
There are a hundred and one reasons to run your own VPN - the biggest and most commonly referenced is privacy. You can control your own privacy when using public networks or public wifi for example. If you’re connecting via your own VPN service then you’re a lot more hidden.
In the current climate of protests you would be able to protect your communications over 4G mobile data networks if you had your own VPN.
Our VPN Choice
We’re going to use Streisand for our VPN. As we can read from their Github repository:
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
So, out of the box we get OpenVPN setup and configured, along with socks proxies and some other neat features with minimal configuration. The actual reason I selected Streisand is because I wanted something OpenVPN compatible and once the server has finished setting itself up - it writes a folder full of documentation for each service that explains how to configure your devices and start using the services offered
Select a Cloud Provider
We’re going to need a cloud provider to run your VPN within. My advice is the same for when you’re running any kind of server on other peoples hardware - pick a company you trust and feel comfortable with. Over the years I’ve launched projects both small and large. Some clients picked AWS and some picked DigitalOcean. If you haven’t got an account set up, you can use one of these referral links to get free credit (and I’ll get a small amount of credit too):
DigitalOcean
Linode
Vultr
AWS LightSail
Next, the process for creating a new server varies between platform. We’re going to create a new Ubuntu 16.10 server (due to its great compatibility with Streisand).
Linode, AWS Lightsail and Vultr videos will be added shortly.
After the server creation is completed and you’ve got a running Ubuntu 16.10 server, copy the IP address and we can move to the installation stage.
Pick Your Subdomain and Configure DNS
You’re going to need a fully set up DNS record for your new VPN server, if you own bob.com
, then vpn.bob.com
wouldn’t be a bad choice. You’ll need this during set-up of Streisand so make sure your DNS A record exists and points at your new servers IP address otherwise installation will fail and SSL certificates won’t be issued properly.
Streisand Installation
Follow these steps:
SSH in as root to your server
ssh root@your-server-ip
(or via the DNS name for your box as you should have set that up already)Run
apt-get install git python3 python3-venv
Clone the Streisand repo:
git clone https://github.com/StreisandEffect/streisand.git && cd streisand
Run
./util/venv-dependencies.sh ./venv
and it’ll report anything more you need to do. Follow any instructions it gives youRun
source ./venv/bin/activate
run
./streisand
and follow prompts. Defaults are fine to all answers.
Device Configuration
If you SFTP to your new server, checkout the directory that you cloned Streisand into and there will be a directory called generated-docs
with configuration information and instructions. Supports Mac OS, iOS, Android, Windows and more.
Follow on:
It’d be wise to set the reverse-dns entry for your servers IP address and also have a look around for other VPN setup packages - I’ve heard good things about Algo along with Streisand.