VPN can be thought of as a safe tunnel that is used by computers/ users to connect securely with one another. Previously, VPNs were widely used only by organizations but recently, using VPN has become a must even for individual users given the increase in cyber-attacks. In this post, we will see how you can get a self-hosted VPN for less than $4 per year! You will be setting up this VPN yourself, so you have complete control over the instance.
What are the advantages of using a self-hosted VPN?
1. Increased security
Using VPN encrypts all your traffic, so you no longer need to worry about using public Wi-Fi or untrusted networks. Although it is highly recommended to use personal connections, this can be bypassed with the usage of a VPN.
2. Bypass location-based restrictions
Using VPNs, you will be able to bypass or access blocked sites or databases in your country. This is a useful feature, which ensures that you can access any site from any location on the earth.
3. Helps you to stay anonymous
There are various ways in which tracking services follow your activities and show you ads. In some cases, they can even steal your information and impersonate you. This can be avoided completely with a VPN.
4. Avoid bandwidth throttling
Sometimes, your ISP can throttle bandwidth based on certain activities or sites, like in case if you are streaming videos. In such scenarios, VPN can be quite useful. Since your traffic is encrypted, they will not able to find out what sites you are visiting and hence won’t be able to block you.
What is WireGuard?
To set up a self-hosted VPN, we are going to use WireGuard, which is an open-source VPN software. The advantage of using Wireguard is, it requires fewer resources and can easily run inside a 128 MB container.
What is NAT VPS?
NAT VPS is just like any other Virtual machine except for default IPv6 and shared IPv4 addresses. Most of the providers usually assign a /64 or /80 or /112 subnet, since these are available for free. The IPv4 space is limited and costly, hence the IP is shared with many other VM’s which helped to keep the costs low. You get 20 ports on the IPv4 address along with an additional port for SSH connections.
Where can you find NAT VPS in 2021?
You can buy these VPS from mrvm. However, the 128 MB NAT ones are no longer available due to the recent PayPal transaction fees hike. You can grab the 256 MB NAT VPS for $7 a year. They even offer NAT bundle with multiple locations with a 20% discount. For similar pricing, you can even check out Gullo’s hosting, which has some cheap NAT VPS.
The following screenshot is of top command from mrvm 128 MB NAT VPS.
Setup Wireguard on NAT VPS – Your self-hosted VPN software
In this post, we will cover the steps to install Wireguard VPN on your NAT VPS. I have got 128MB VPS from Mrvm, which is based on OpenVZ virtualization. It will cost you about $4 per year to get one of those.
Step 1: Reinstall OS to Debian or Ubuntu
Login to your panel and reinstall OS to either Debian or Ubuntu. You can install the latest version available. With the latest OpenVZ, you will be able to install the latest available version of Ubuntu or Debian.
Step 2: Enable support for TUN/TAP and PPP for your VM
To enable this, you can head over to the Settings tab in your Virtualizor panel. From the Settings tab, select “VPS Configuration” from the left panel. From there, you will find an option to enable TUN/TAP and PPP, just check those boxes and click on “Submit”. Reboot your VM from either the terminal or the panel and you are good to go.
Note: This option is required only in the case of OpenVZ containers, this need not be enabled for KVM containers.
Step 3: SSH into your VPS
SSH into your VPS using your authorized keys or password. It is highly recommended to disable password-based access for enhanced security. Also, make sure that you create a new user and disable login for the root user. You can use the public IP v4 with the specified SSH port or use the IPv6 with default ssh port 22.
Using IPv4
ssh root@<IPv4> -i id_rsa -p <ssh-port-number>
Using IPv6
ssh root@<IPv6> -i id_rsa
Once you have logged in successfully, just update using:
sudo apt-get update
sudo apt-get upgrade
Step 4: From the Nyr’s Wireguard script, just run the following command:
wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh
Once you run the above script, it will automatically detect your IPv4 address. In my case, I have three IPs, the ones in 10.X are the private ones. The first one is public facing IPv4.
Enter one of the ports that are assigned to your NAT VM, rather than using the default port. If you are not using NAT VM then you can go ahead and use any of the ports in the 1000-65535 range.
Next, enter a name for your config, I have used “test“.
Select DNS server, I will use the Cloudflare DNS. You can go ahead and use any of them. The Adguard will be useful for blocking advertisements, but some websites do not load at all with adblocker enabled. So, you can use the browser plugin in case if you want to block unobtrusive ads.
Step 5: Final Steps
Enter “Y” to enable automatic updates and then press any random key to begin the installation.
Step 6: Save your configuration.
Once all the required packages are installed, Wireguard will present you with the device config along with the QR code. You can scan the code using the Wireguard client application for Android. The connection configuration file is stored in your user’s root location. This file can be used for importing the connection in macOS or Windows client applications.
That’s it, your Wireguard personal VPN server is now ready. You can connect using your smartphone or PC and head over to a site like whatismyip to verify your IP address. If you are connected, then you should be able to see the public IP of your VPS.
Adding more users
In case if you want to add more users, friends, or family members, just run the same command again. I will be adding it again below so that it is easy for reference:
wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh
It will present you with the following options:
Now, just select option 1 and it will ask you to enter name for the config. Just enter the name and it will create new config file and display the QR code. Alterbately, the config files are present in the root users directory, file name is equal to the name of the config. You can copy this file for other clients like your Windows or macOS devices.
Removing existing users
If you want to revoke access or remove users, just run the above command again and select option 2 or “Remove an existing client”.
Uninstall WireGuard
If you no longer wish to use Wireguard, just run the same command pasted above, and select option 3 or “Remove Wireguard”. It will uninstall all the packages and remove WireGuard from your system.
*Note: The above steps might vary slightly in case if you are using a different provider. If you are using KVM-based VPS like DigitalOcean, you can skip step 2.
Final words
This is how you can set up your own VPN for under $7 a year. The bandwidth with mrvm is unlimited except on their Asian locations since the bandwidth is costly in Asia. Make sure that you are a good neighbor and do not abuse the bandwidth, else you might get throttled.
If you are facing any issues, just drop a comment below and I will be happy to help.
Leave a Reply