It is difficult.
Learning how to build your own VPN at home.
Is it? Well, it is not.
Imagine for a moment that you don’t have a VPN. Now juxtapose it with the news that Congress has allowed the advertisers to purchase your browser history. They know the apps you download, the websites you access, and the IP address of your device. All in all, they can build a virtual sketch of yours.
Fearful at the thought of the abovementioned prospects?
You can take care of them – once and for all – by going through this article to learn how to build your own VPN at home. It won’t be easy, agreed, but it would be worth the effort to protect your online anonymity.
How to Build Your Own VPN at home?
Now that you have decided that you need your VPN, let’s turn our attention to the three methods using which you could set up your VPM at home.
Method #1: Building a VPN Router
To build a VPN router, you’d need an extra broadband router, one which provides an Ethernet WAN port. Second, make sure that the extra router you’re buying supports DD-WRT. It is a special firmware which lets you set up the router as a VPN client.
To check if the router you’re looking at supports DD-WRT or not, go to this website, and check out its Router database. Type ‘’Ctrl+F’’, enter the name of your router, click enter, and you’d see whether your router is in the DD-WRT supporting database or not.
Before We Start
There are a couple of things we need to do before we start building a VPN router, the first of which is noting down your main router’s IP address. You don’t need to be a rocket scientist to check it, just google ‘’what is my IP address’’.
Next, in the DD-WRT website that we discussed above, search the Router Database for your router’s model. It is important because once your search is successful, the Router Database would provide us with a recommended DD-WRT which we need to download for your router.
Once you find your router model, double-click on it. A new page will appear, one which would give you the like to the DD-WRT Wikipedia page for your router. Click on it. Now you’d be seeing the instructions for setting up your router.
The Wiki page would also contain a download link to the DD-WRT. Once you click on it, it would ask your permission to download a .bin file, which is the firmware that we want to install. Allow the computer to download it.
Finally, juxtapose the primary router with the secondary (VPN) router. Get an Ethernet cable, and connect the LAN port on the primary router to the WAN port on the VPN router. Next, grab another Ethernet cable, and connect the LAN port on the VPN router to the same of your PC.
Step 1: Installing DD-WRT
The DD-WRT Wiki router page has the same instructions which we are going to tell you here. Here you go:
- Hard Reset the router or Perform a 30/30/30 Hard Reset
It means when the VPN router is powered on, press and hold the reset button for half-a-minute. Then, while you are still holding the reset button, turn off the router, and keep on pressing the button for 30 more seconds.
Finally, while you are still holding the reset button, turn the router on and wait for another 30 seconds before you let go of the reset button.
- Log In
Log into the admin page of your router, check for ‘’administration’’ menu, and click on it before going to the ‘’firmware upgrade section’’. Once there, click on the ‘’file’’ option, and select the .bin file that we just downloaded in the previous section. Finally, click start.
- Perform Another Hard Reset
Once the router has updated its firmware, wait for a few more minutes. Then do another hard reset as we did in the first step.
Step 2: Setting up the VPN Router
Once we have installed the DD-WRT, we need to set up the VPN router. Here’s how we are going to do that
- Logging in to the DD-WRT Interface
DD-WRT has a default IP address of 192.168.1.1. Enter this address into your browser’s address bar. A new screen would appear, asking you to enter username and password. Enter ‘’root’’ for username, and ‘’admin’’ for password. The DD-WRT interface should appear now.
- Setting up a Wireless Access Point
Once inside the DD-WRT interface, you want to set up a wireless access point with a unique SSID (name) and follow it by setting your password. We’re setting up a wireless access point as it would allow you to quickly and conveniently switch between your main and VPN router by merely switching Wi-Fi networks.
- Changing the IP address of VPN router
As you might guess, we don’t want the Primary and VPN router to have the same IP addresses otherwise they might conflict with each other, leading to a reduction in speed. For this purpose, look for the ‘’Basic Setup” or “Setup” tab in the user interface of the VPN router.
Once you find it, clicking on it should display your router’s IP address. Now, just change the last or last two numbers of the IP address. For instance, if the original IP address is 192.168.1.1, you might want to change it to 192.168.1.2 or 192.168.2.2.
Step 3: Setting Up the VPN Router As a Client
If you could remember, we plugged the VPN router into a port on the primary router, which means the latter treats the former just as another connected device on its network. On the Setup page – which is the same where we changed the VPN router’s IP address in the last step, change the ‘’WAN Connection Type’’ from DHCP to Static IP Address.
To do the same, you’d have to change the WAN IP address of your VPN router. It means that if the IP address of your primary router is 192.168.1.1, change the WAN IP address of the router to 192.168.1.21.
Regardless of what WAN IP address you have chosen for your VPN router, just note it down. You may need it in future when changing the username/password of the Wi-Fi.
Step 4: Setting Up the VPN
Finally, we’ve arrived at the step that would set up the VPN on the secondary router. All you need to do is to go to the home page of your VPN provider. It will provide you with guides and details to get the ball rolling.
Generally, PPTP or OpenVPN are what most VPN providers use. Of the two, while OpenVPN is a bit more secure, though it’s also a bit difficult to set up.
Conversely, if you want to set up PPTP, it would require the server address given to you by your VPN provider. It may also include a list of servers from all the countries of the world to let you decide the location from where you want to connect to the Internet.
At this stage, the VPN provider may also require your username and password – the same that we set up above. That said, some providers like PIA use a different PPTP username/password than the one you’re already using with your VPN router.
Next, go to DD-WRT website and click on ‘’Services->VPN’’ before enabling the PPTP client. This step would require you to enter details which are provided by your VPN provider in its box.
If you are using OpenVPN, it would require entering some certifications and scripts supplied by the VPN provider. If you find it difficult to understand what the VPN provider demands, just go to its support page, and look for OpenVPN/DD-WRT setup guide. Follow it closely.
Once you have followed the details, reboot the router. On restarting, your WAN IP address should have changed if the VPN client was connected properly. If that’s the case, then, BINGO! You’ve your VPN router now.
Method 2: How to Build a Cloud VPN?
While VPN routers are no doubt useful, they have one major shortcoming: they aren’t portable. Hence, if you want to build a VPN which could accompany you wherever you go, a cloud VPN would help.
As suggested by its very name, a ‘’cloud’’ VPN would use a cloud-based infrastructure to deliver VPN services to your device.
It would do the same without requiring any infrastructure at your end, which means all you need is your device to get this VPN up and running. Still, it requires you to have a VPN Service Provider, and we’d be using the Algo VPN Service Provider for this section.
Finally, one thing which you may want to know about Cloud VPN is that it charges on par per usage. That is, it would charge per hour.
Step 1: Signing up for Amazon EC2
For new users out there, Amazon EC2 presents a special incentive as it provides a free tier for the first twelve months of usage. That said, the fact that it is free means there would be some limitations on the usage.
The first of those limitations is that you’re only going to get 750 hours of browsing per month. While these hours are enough for a single person/device, multiple persons and/or devices could still consume them up.
Another limitation which it poses is by restricting the bandwidth at 15GB, which means you won’t be able to download large files. Finally, once the year is up, you’d be paying an hourly rate for this service, though most people would still be paying less than $11 per month.
Now that you’ve come to know all its limitations, here’s how you could sign up with Amazon EC2:
- Go to the website of Amazon Web services, and create a free account. If you want, you could link your current Amazon account to the same
- After logging in, Click ‘’Services>IAM’’. You’d find this option under the ‘’Security, Identity, & Compliance’’ menu.
- Once inside, click on ‘’Users’’ tab. It would be on the left side of the screen.
- Click ‘’Add User’’.
- Create your username, and follow it by clicking the box right next to ‘’Programmatic Access’’. Click ‘’Next’’.
- Select ‘’Attach Existing Policies directly’’.
- Once inside the policies, search for ‘’AdministrationAccess’’ and select the checkbox in front of it. Finally, click ‘’Next’’.
- Now you’d be on the final screen, search and click the ‘’Download CSV’’ button. It will download a file on your computer which contains a couple access keys and numbers which you need to save. For, we’d need them while setting up Algo.
- Once you have downloaded this file, click ‘’Close’’.
Until now, we have created your free account and set up your free tier service on Amazon. Now, it’s time that we install Algo.
Step 2: Download and Install Algo
Part A: For Windows users
If you are a Windows user, you’d need to download and install the Windows subsystem which supports Linux, and only then Algo would work. Here’s how you can do that:
- Open Settings from the Control Panel
- Click ‘’Update & Security”. Afterward, click ‘’For Developers’’
- Enable the ‘’Developers mode’’
- Your computer would automatically start installing programs, let it.
- Afterward, go to Control Panel and click ‘’Programs’’.
- Search for the menu ‘’Turn Windows Features on or off’’
- A new page would appear, scroll down and you’d find a menu ‘’Windows Subsystem for Linux’’, check the box next to it. Finally, click ‘’OK’’.
- After installing the software, Windows will reboot.
Until now, we have installed Linux bash on your computer. Click on the Start menu and search for ‘’Bash’’. It will ask you some questions, answer them, and Windows would install another software. Once it’s complete, a command line would appear in front of you. Once this happens, type this and press enter:
sudo apt-get update && sudo apt-get install python-pip python-setuptools build-essential libssl-dev libffi-dev python-dev python-virtualenv git –y
Then, to clone the repository, enter this command:
git clone https://github.com/trailofbits/algo && cd algo
Afterward, skip to the fifth step of the Part N mentioned below.
Part B: For Mac Users
Mac users should be able to easily install Algo on their devices. That said, depending on the version of Linux you may be using, the command set might be different. To find out which one is suitable for your Linux, head here.
- Download Algo, it would come in a zipped file. Unzip it, and it would create a folder titled ‘’algo-master’’.
- Open Terminal, type ‘’cd’’ followed by the location where you have stored the ‘’algo-master’’ folder. You can also, after typing ‘’cd’’, drag the directory of algo-master and drop it into the terminal.
- Type ‘’python -m ensurepip —user’’ and Enter.
- Type ‘’python -m pip install —user —upgrade virtualenv’’ and Enter
- Type ‘’python -m virtualenv env && source env/bin/activate && python -m pip install -r requirements.txt’’ and enter.
- For those of you who haven’t pre-installed the cc command line tools, the system would prompt you to do so. Agree to its terms and go ahead.
- Type ‘’sudo nano config.cfg’’ and enter. A text editor would open up. A user menu would be on the screen, you can create any number of users with it by just typing the user’s name. Remember, these are the persons you’re giving permission to access your VPN, so, if possible, keep their count low. Press ‘’Ctrl+X’’ when you’re done.
- To begin the installation process, type ‘’./algo’’. You’d be asked a series of questions here by the installation script.
- When it asks about the provider, type ‘’2’’ for Amazon EC2. Then, it would ask you to name your VPN, choose any name you want. Afterward, it would ask to select the server location.
- Remember that CSV file we downloaded at the start? Find it, and look for ‘’AWS Secret Key’’ and ‘AWS Access Key’’. Enter both these numbers when asked by the installation script.
- Next, you’d be asked about VPN on demand by Algo. If you have Apple devices, and you want them to automatically connect to the VPN, answer ‘’Yes’’ to both questions. We also recommend that you say ‘’Yes’’ to HTTP proxy, security enhancements, and local DNS resolver questions. After answering these questions, you could decline everything else and your VPN would still work.
Finally, thanks to all what we have done above, Algo would install itself, set up a myriad of services, and would eventually tell you when its installation is complete. It would mean that your VPN is up and running, and all you have to do is to connect your devices to the VPN now.
Step 3: Configuring the devices for VPN
Whether you have a Windows, Mac or Apple device, you’d have to install a certificate or profile on it for it to connect with your VPN. Remember, for some OS, this part if more difficult than for others. Either way, the ‘’algo-master’’ directory in general, and its ‘’configs’’ folder, in particular, would contain all the files you need for this step.
Part A: Connecting Apple devices to VPN
There is a ‘’.mobileconfig’’ file inside the ‘’configs’’ folder of the ‘’algo-master’’ directory. If you want to set up the VPN on your Apple device, you would either have to email the file to yourself or upload it on cloud services such as Dropbox or iCloud before opening it from there. After opening it, confirm the installation of the profile, and your Apple device would be connected to the VPN.
Part B: Connecting your Android devices to VPN
First, install the strongSWan VPN Client app on your Android. Afterward, go inside the ‘’configs’’ folder, and copy P12 file from there and paste it to the Android device, before opening it with the VPN Client app. Just follow the directions, and your android would be connected to the VPN.
Part C: Connecting your Windows devices to VPN
Though doable, the process of connecting to VPN is a bit complex on Windows.
- Inside the ‘’configs’’ folder, you’d find three files: PEM, PS1, and P12’’. Copy and paste them on your Windows device.
- Double click on the PEM file, and it would import itself to the Trusted Root certification store.
- Go to the start menu, and type ‘’Powershell’’, a Windows Powershell application would launch. Open it, and browse the folder where you downloaded the three files in the first step.
- Type ‘’Set-ExecutionPolicy Unrestricted -Scope CurrentUser’’, and Enter.
- Type your Powershell’s script’s name before pressing Enter. The script would be something like ‘’ windows_$usernameyoumadeup.ps1’’. Closely follow the directions that appear on your screen.
- Once that is complete, type ‘’ Set-ExecutionPolicy Restricted -Scope CurrentUser’’ and Enter.
Congrats! Your VPN should now be up and running.
How to See If Your VPN Is Working?
You have your own VPN up and running, but is it secure? In other words, how to see if your VPN is working (or not)?
To find out just that, you first need to find out what your computer looks over the internet without a VPN. For this, you need to go to Google, and search for ‘’What is my IP’’. Now, connect back to the VPN that you have just set, and check your IP again. If your VPN is working, the same search should produce different results.
Your computer’s IP address is one way of leaking information, but it isn’t the only one, as it can leak your private information via torrents, geolocation, Domain Name System (DNS) queries, and WebRTC.
Remember, you don’t need to know what these terms mean. What is crucial to you is that when connected to the VPN, these terms and the numbers related to them should be different than when your computer is in its default state.
Therefore, to check the same, disable any VPN you may have connected your device to, and go to IPLeak.net, and note down the indicators mentioned there. Next, once you have noted down the numbers, close the website and connect your device to the VPN.
Finally, once again visit IPLeak.net, and note down the numbers before comparing it with the ones you jotted down before. If the numbers show no similarity, it means your VPN is working.