In this post we answer the question why use a personal private VPN server? First we look at why you would use a VPN at all. Then we look at the advantages a personal private VPN server offers over VPN services. Finally we look at some of the options for setting up a secure cloud VPN server. Before rolling our sleeves up let's have a quick look at what a VPN is.
VPNs (Virtual Private Networks) were originally intended for business use. They allowed people working remotely to connect to company infrastructure privately. This meant if you were working from a coffee shop, other customers sharing the WiFi connection would not be able to intercept your internet traffic. Essentially this is the role played by personal VPNs. You can use them in your home, to protect yourself from having your personal data exploited by your service provider, or in hotels and coffee shops to keep communications private from other service users.
The VPN works by tunnelling your connection through a remote server. As an example, let's image you want to connect to you bank's website using your smartphone over your home WiFi. In this scenario, your VPN app sends private, encrypted information to your VPN service via a tunnel. The VPN service then connects to your bank's web server. From the bank web server perspective the connection comes from your VPN server and not your smartphone. The bank's web server connects to your VPN server and the connection is forwarded (encrypted) to your phone. This process is similar whether you use a VPN service (like NordVPN or PIA) or a personal private VPN server.
Another reason people use VPNs is to access streamed video content not available in their country. Here, if you are successful, the streaming provider will treat your connection as coming from a third country (where the latest series of your favourite show is available) and you can access content, which you would not be able to without a VPN. Streaming providers are aware people do this and they put blocks in for commercial VPNs.
In the next section we look at some of the advantages of personal private VPN servers over VPN services. Before that though, you might also be considering setting up a private VPN service in your home. You will find tutorials on how to do this quite cheaply using a Raspberry Pi. One issue with this setup is that all of your traffic will still go through your service provider unencrypted. If you use a VPN service or your own private cloud server, your traffic will be encrypted and your service provider will only see that you are connecting to your server or the service, but not what sites you are visiting. This reduces the amount of your personal information they would be able to pilfer and monetise.
- Your personal private VPN server only needs to support the protocols you use. You can limit the server use to modern secure protocols like WireGuard . By forgetting about other protocols (which commercial VPN services have to support) you shut the door to security vulnerabilities in those legacy protocols.
- You can make sure your personal private VPN server runs on a security focused-operating system such as OpenBSD. You do not have to use other operating systems like Ubuntu unless you want to.
- You don't need to be concerned about the privacy of commercial provider apps. If you opt for a WireGuard VPN you can install the Open Source WireGuard app on your phone and not worry about having your personal information exploited. Compare the iOS app store privacy practices of the WireGuard and NordVPN apps:
- Some professionals consider commercial VPNs to be commercial honeypots . Essentially, it makes more sense to compromise one of these popular, commercial services with a large user base than a small server used by you and your family. In fact NordVPN suffered a data breach in 2018 .
- Some websites and services block commercial VPN access. Even though you are connecting to use the service for legitimate reason you might be blocked just because your VPN service has been blacklisted. In this scenario, you could connect using a personal private VPN server and still preserve your privacy. Similarly you do not share an IP address so won't be blocked from accessing a service because someone else using the same VPN did something bad.
There are a couple of free services available which are quite easy to set up. Those are Algo VPN and Streisand VPN . Both of these support a wide range of cloud providers (AWS , Google Compute Engine , Digital Ocean , Linode , Vultr and so on). Both Algo and Streisand offer WireGuard. If you will only use WireGuard you should choose Algo over Streisand as it offers fewer legacy protocols than Streisand. In terms of choosing one cloud provider over another, if you already have an account with a provider that you are happy with, I would stick with that one. If you are new to cloud computing, you might find AWS a little bewildering. Google is known for security and the other providers have quite intuitive interfaces which are easy to navigate.
If you want to set up a secure OpenBSD server to run your personal private VPN on, you have to do a little more work. It is however well worth the effort. Algo does not currently support OpenBSD. There was an Algo GitHub issue for adding OpenBSD support but they have closed it down . Basically you have to build your own server and launch it in the cloud. There is a good post on building an OpenBSD 6.6 server and launching on Google Compute Engine . Some parts need updating for OpenBSD 6.8 WireGuard kernel support. Let me know if you are interested in doing something like this but have not done it before. I could write a post on how to do it in OpenBSD 6.8 perhaps using a modern infrastructure as code tool like Terraform for building the cloud server.
I really do hope you have you found this post interesting as well as useful. Let me know if there is anything still missing. Have you set up an OpenBSD personal private VPN server? I would love to hear how you did it and how it is working. Also get in touch if you want to see other posts in this area. Finally, feel free to share the post on your social media accounts for all your followers who might find it useful. You can get in touch via @askRodney on Twitter and also askRodney on Telegram . Alternatively, see further ways to get in touch with Rodney Lab. If you have found this post useful and can afford even a small contribution, please consider supporting me through Buy me a Coffee.