Creating your own VPN involves setting up a VPN server that can encrypt your internet traffic and mask your IP address. Here’s a straightforward guide on how to set up a VPN on a Linux server (e.g., a cloud server from AWS, DigitalOcean, or even a Raspberry Pi):

### Prerequisites
1. **Linux Server**: You need a server to host the VPN. This could be a cloud server (AWS, DigitalOcean, etc.) or a local server.
2. **Domain Name or Static IP** (Optional): A static IP address or domain name makes connecting to your VPN easier but isn’t strictly required.
3. **Root Access**: You’ll need sudo privileges on the server.

### Step-by-Step Setup Using OpenVPN

1. **Set Up the Server**
- Spin up an instance with a Linux distribution (e.g., Ubuntu 20.04).
- Update and upgrade packages:

bash

 sudo apt update && sudo apt upgrade -y

 

2. **Install OpenVPN and Easy-RSA**
- OpenVPN is a popular open-source VPN solution, and Easy-RSA helps generate SSL certificates.

bash

 sudo apt install openvpn easy-rsa -y

 

3. **Set Up Easy-RSA and Build the CA (Certificate Authority)**
- Set up the Easy-RSA directory:

bash

 make-cadir ~/openvpn-ca

 cd ~/openvpn-ca

 

- Edit the Easy-RSA variables:

bash

 nano vars

 

- Update the default values for KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL with your information.

4. **Build the Certificate Authority**
- Initialize the PKI and build the CA:

bash

 ./easyrsa init-pki

 ./easyrsa build-ca

 

5. **Generate the Server Certificate and Key**
- Generate a certificate and key for the server:

bash

 ./easyrsa gen-req server nopass

 ./easyrsa sign-req server server

 

6. **Generate the Client Certificate and Key**
- Run the following commands for each client device you want to allow:

bash

 ./easyrsa gen-req client1 nopass

 ./easyrsa sign-req client client1

 

7. **Configure OpenVPN**
- Copy example OpenVPN configuration file and edit it:

bash

 gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

 nano /etc/openvpn/server.conf

 

- Adjust settings like port, proto, and server subnet, and point to the newly created certificates and keys.

8. **Enable IP Forwarding**
- Edit the sysctl configuration file:

bash

 sudo nano /etc/sysctl.conf

 

- Uncomment or add the following line:

bash

 net.ipv4.ip_forward = 1

 

- Apply the changes:

bash

 sudo sysctl -p

 

point 6 missed

Generate the Client Certificate and Key

Run the following commands for each client device you want to allow:

bash

./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1

9. **Configure Firewall Rules**
- Allow forwarding from the VPN subnet to the internet interface:

bash

 sudo ufw allow 1194/udp

 sudo ufw allow OpenSSH

 sudo ufw enable

 

10. **Start and Enable the OpenVPN Service**

bash

 sudo systemctl start openvpn@server

 sudo systemctl enable openvpn@server

 

11. **Configure Clients**
- Export the client certificates, keys, and VPN configuration file to use on client devices.
- Copy the client .ovpn file to your client device and import it into your VPN client software.

After completing these steps, you should have a basic, secure VPN up and running that you can connect to from your devices using OpenVPN.