Do you need a VPN? Roll your own.

In the recent past, there has been more and more talking about privacy, security, encryption, etc. Many articles recommend to use a VPN whenever you feel your Internet connection is not safe (when you are at a coffee shop, hotel, airport, or any place where you don't know and trust the provider). Actually VPN is not even the correct term: a VPN is just a private (encrypted) connection to a network, which goes through the Internet. What everybody is really recommending is a proxy service, with a VPN to secure the connection. All your activity will be strongly encrypted between your device and the proxy, and for all practical purposes the rest of the world will deal with your proxy instead of your device.

Now, there are several providers out there, most of which are probably fine: I have used StrongVPN for a while, and never had any issue with them. The problem is that these providers are expensive, especially if you consider that you can set-up your own VPN using a cheap Linux VPS and a couple of hours of work (at most). This is a perfectly viable solution if you want to protect yourself from people snooping your traffic; it is also a perfect solution if you want to appear in a different country (i.e. in the US when you live in Asia, or if you want to bypass the firewalls that some countries have), but it is not a good solution if you also want to cover your tracks. If you are the only user of a proxy, which is itself running on a VPS registered at your name, you are fairly easy to track: if you are afraid a secret organization might be after you, stop reading as this is not addressing your case.


Personally I have been using this solution on Linode, and recently moved it to DigitalOcean (disclaimer: this is an affiliate link). In both cases I used the same VPS for other purposes at the same time, and I had no issues at all. My current VPS is the cheapest instance available on DigitalOcean (1 CPU, 512 MB of RAM), which costs me $5 per month, and which is happily running this website (Wordpressnginx, PHP-FPM, MySQL) and the VPN proxy at the same time. My server is currently located in San Francisco, but I can easily move it to another data center in a matter of minutes if I need to: DigitalOcean is present in San Francisco, New York, and Amsterdam; Linode has even more options. The price of a commercial VPN proxy is comparable (if my memory is good, I was paying $15 per quarter on StrongVPN), but you only get a single-user VPN.

Performance-wise, I did not notice any difference between StrongVPN and my VPS. To give you a qualitative measure, I am able to stream HD video over the connection.


To summarize, these are the advantages of rolling out your own VPN proxy:

  • You can use the same VPS for all sort of other tasks: web hosting, development, file server, and everything else a Linux machine can do;
  • You can give access to multiple people at no additional cost: commercial providers don't allow simultaneous connections with the same account, while you are free to create as many accounts as you need on your own server;
  • You can choose the type of VPN that you want to use: PPTP, L2TP, OpenVPN; you can even use multiple protocols at the same time;
  • It is very unlikely that your proxy will be black-listed: this is important if you travel around Asia and you want to be able to access your social accounts from China for example. China still blocks access to Facebook, Twitter, and many other social networks, and commercial proxies are regularly banned. Even in the very unlikely scenario where your proxy might be banned, it literally takes minutes to move to a different IP address and be back online.

The downside is that you need to be at least vaguely familiar with Linux. If you know your way around the terminal and you are able to install packages and edit configuration files from the command line, you should be fine.

I do not intend to go through the technical details of setting up the VPN proxy in this post, but I find this article very detailed and complete. The article walks you through the configuration of a standard L2TP VPN: this ensures compatibility with pretty much everything out there (iOS, OS X, Android, Windows, etc.). If you are stuck at some point, drop me a line and I'll help if I'm able to.