Blog

Thoughts, experiments, and quiet rants on security, from cloud to code and everything in between.

Selfhosted Private VPN

Building own VPN for personal use | Selfhosted Private VPN

Enhance your online privacy with a self-hosted OpenVPN or WireGuard VPN. Commercial services like Mullvad or ProtonVPN are convenient, but running your own gives you full control over the server, the protocol, and who has access, without relying on a third party's logging policy or shared infrastructure.

VPNs are primarily used for privacy, security, and a degree of anonymity online. This walkthrough covers how to stand up a private VPN on your own server in a few simple steps, using well-known open-source installers.

Advantages of a selfhosted private VPN

You own the stack end to end. That means your traffic stays on infrastructure you control, you get a dedicated egress IP (if your server has one), and you avoid paying extra for dedicated IPs that commercial providers often charge for.

  • Enhanced privacy: Data stays within your network instead of passing through third-party VPN servers.
  • Greater control: Choose server location, encryption, and user access yourself.
  • Cost-effective: After initial setup, often cheaper than subscriptions, especially for multiple users.
  • Customization: Pick the OS and software that fit your setup.
  • Security: Less reliance on external providers and their attack surface.
  • Flexibility: Reach your home network remotely, bypass geo-restrictions, and work around censorship.
  • Data ownership: Your data is not stored or processed by an external VPN company.

Prerequisites

  • A server with a public IPv4 address (IPv6 is a plus)
  • Supported OS: Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, or Fedora
  • Basic Linux and SSH skills
  • A WireGuard or OpenVPN client on your devices

VPN protocols

WireGuard (recommended)

WireGuard is a modern VPN protocol built for high performance, strong cryptography, and a small codebase. It tends to be faster and lighter on resources than older options like OpenVPN or IPsec, making it a good default for a personal VPS.

OpenVPN

OpenVPN is mature, flexible, and supports a wide range of encryption options. It is open source and runs everywhere. It may not match WireGuard on raw speed, but it remains a solid, well-tested choice when compatibility or specific cipher requirements matter.

WireGuard setup

SSH into your server and run:

wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh

Follow the prompts:

  • Select the public IP (if the server has more than one)
  • Choose a port (default is fine, or pick an unused custom port)
  • Enter a client name, e.g. myVPN
  • Select DNS (default works for most setups)

Press any key to start installation. The script installs WireGuard and displays a QR code you can scan with the mobile client. It also writes a config file to /root/myVPN.conf for import on desktop or other devices. Download or copy that file if QR scanning is not an option, import it into your WireGuard app, and connect.

OpenVPN setup

SSH into the server and run:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Walk through IP, protocol, port, and DNS selections. Defaults are safe when unsure. The script generates an .ovpn file under /root. Copy or download it, import into your OpenVPN client, and connect.

Managing users and uninstalling

Re-run the same install script anytime to add clients, revoke access, or remove the VPN entirely from the server.

Review any install script before running it on a production box. The WireGuard and OpenVPN installers referenced here are open source and widely used, and still worth a quick look at the source if you are hardening a server.

Back
Next
Mathews K Daniel

Mathews K Daniel

Security Architect

Category

Related Posts

All rights reserved