VPNs, or Virtual Private Networks, are wonderful tools for protecting your privacy. They allow you to change your device’s IP address, secure your internet traffic, and protect your online anonymity, all at the same time.
TechRadar is constantly keeping track of the best VPN providers on the market, with plenty of options for Windows, Mac, and beyond.
However, if DIY is your thing, you can also set up your own VPN server (not a VPN router) at home. Read on to find out which option is right for you.
Reasons why you should set up your own VPN server
Setting up your own VPN server at home may sound like a daunting task. However, it might be the right solution for people who fall into certain categories:
Control
You want to be in charge of your data. When you use a VPN service, you are hiring a company to route your internet traffic so that your data remains private and secure. However, some people don’t like the idea of having to rely on someone else to protect their privacy. If you fall into this category, then setting up a VPN server at home is the best way to maintain total control over your data.
This way you don’t have to trust, for instance, that your VPN is keeping no logs on people who connect: as the network admin you’ll be in control of all these settings.
Multi-use
If you’ve decided to set up your own VPN server, then unlike signing up with a VPN service you can use that server for other things too. For instance, you could set up your own website or e-mail server.
If you or people in your organisation need to share files, you could even host them using NextCloud or create your very own database.
Remote work
If you have a small business with a secure local network that you want to access remotely, a self-hosted VPN might be right for you. A lot of businesses have company networks for storing important files and communicating among employees. Indeed, this was the original purpose for which VPNs were created.
For security reasons though, you will only want this network accessible to computers on company premises or those which have been approved by your organisation’s IT dept. When you want a staff member to be able to access this network remotely, VPN technology offers a secure solution.
Big organisations can hire IT firms to devise bespoke VPN servers to secure remote logins. However, smaller companies might need to rely more on improvised solutions. Setting up your own VPN server in the office is one way you can secure remote access to your company network without shelling out big bucks.
By way of an alternative, take the time to explore our guide to business VPNs, designed specifically for organisations who need to share resources.
Curiosity
You might just be plain curious about VPN servers: Setting up your own VPN is a puzzle with many solutions – you can run a VPN server through your router, desktop computer, even a Raspberry Pi. And with cloud hosting options, you have plenty of choices in terms of how you route traffic between your devices and your personal VPN server.
Even if you don’t end up using the VPN server you created, you’ll have a much better understanding of how the connection process works and ways to stay safe.
Reasons why you should NOT set up your own VPN server
All that said, setting up your own VPN server has drawbacks:
Geolocation
One of the perks of signing up with major VPN services is that they have thousands server locations in over a hundred countries in some cases.
When it comes to content which is restricted or censored in a given country, you can bypass such blocks and access that content by choosing a VPN server location in another country.
VPN providers are well aware that many users want to use their service in that way—for example, to watch Netflix USA though they live in the UK—and have special servers set up specifically for streaming.
If you want to use VPNs in this way, make sure to read through our guide to the very best Netflix VPN online today.
However, when you set up your own VPN server, you usually route traffic through a local IP. That restricts you to accessing content which is available in your current country, therefore limiting your online experience compared to a typical VPN.
Of course this can work both ways: if you happen to be outside your home country, you’ll be able to connect remotely to your own VPN and access the same services you would if you were back home.
Cross-platform support
A self-hosted VPN means having to deal with more hassle, including setting up access on each device. Consumer VPN services offer apps for pretty much every platform, including Windows, Mac, iOS, and Android. That means you can enjoy a shiny UI and quick connections across all your devices.
A lot of the DIY solutions we offer below aren’t as graceful—you might have to tailor the setup for different operating systems, adding a little bit of extra work each time you want to configure the VPN on a new device.
If you’re using OpenVPN, you may be able to save some time and hassle by using the free and open source OpenVPN Connect client on users’ devices along with ready-made configuration files, but it’s still a lot more trouble than just installing the client software from a VPN provider’s website.
No shared IP
A lot of VPN services offer shared IP addresses. That means that when multiple users connect to a given VPN server, they might share the same IP. That confounds any attempts to try and analyze patterns of internet traffic on a given IP.
When you set up your own VPN server, you’ll likely be the main user on one IP address. If anyone were able to tie your VPN IP address to any of your accounts, you would no longer enjoy anonymity. You can get around that by frequently changing the IP address of your VPN server, but that’s yet more extra work.
You can, of course, set up your VPN through a hosting provider (see below). This would offer you a greater range of IP addresses but as with using a regular VPN provider, you’d be trusting all your data to a third party.
Server maintenance
Mainstream VPN providers host huge numbers of servers which are serviced by an army of experienced network engineers. They take care of routine matters like updating the server software.
Sometimes this is enough to prevent ‘zero day’ exploits which allow attackers to access your server due to outdated or obsolete software but there is much more to setting up and maintaining a secure server.
When you first start up you’ll need to create user accounts for all the admins and make sure they can only access those parts of the server on which you’re working. You’ll also need to generate SSH keys for each of you so you can connect remotely to perform maintenance. You may want to create and install robust SSL/TLS certificates, as well as install software to scan for and remove malware.
Even if you already have an existing server that you use for other things, you’ll still need to configure it further to make it DNS-ready. For instance, your server will also have to have correctly configured DNS settings, as if an attacker gains control of these they can redirect your users to fake ‘phishing’ websites.
This is to say nothing of your firewall, which will need to leave certain ports open to allow VPN connections e.g. 443 without leaving the server open to exploits.
If your server is subjected to a DDoS (distributed denial of service) attack or goes down for any reason, the VPN will shut down unless you have backup servers in place. In case of a disaster like this, you’ll need to have robust insurance or face a very large repair bill.
None of these problems are insurmountable with enough time and resources. Major VPN providers use part of users’ subscription fees to cover maintenance costs, insurance, and for penetration testers to regularly check for vulnerabilities. For instance, F-Secure completed a penetration test on ExpressVPN’s Windows client in 2022 and found no major flaws.
The bottom line is that if you want to stay safe, you’ll need to have a lot of time and money to manage your own VPN server safely.
How to set up a VPN server at home
If you ultimately decide to set up your own VPN server, here are some of the ways you can do this.
Set up a VPN server in the cloud
Cloud computing has made it easier than ever to set up your own VPN. Amazon Web Service’s AWS VPN offers a range of options supporting the OpenVPN protocol, one of the fastest and most stable encryption protocols in the world.
Package pricing can be calculated either through data usage or paid via a flat annual fee, and server capacity can be customized to support up to 500 connected devices (so there’s lots of flexibility for smaller businesses of various sizes).
To set up OpenVPN with Amazon AWS, you can just pick the package that suits your needs and then follow OpenVPN’s guide. If you prefer a more ready-made solution, AWS VPN offers both client and site-to-site VPNs.
Ultimately in doing this, you are trusting all your VPN data to a third party, so make sure to check their privacy policy and find out where their servers are located so they can’t be easily hacked or seized.
Set up a VPN server on your router
Another option is to set up a VPN server directly on your router. Viscosity, a VPN client, has a great guide for setting up your own OpenVPN server on a DD-WRT router.
Remember that there is a difference between using a VPN client and a VPN service—a VPN client only offers you a UI with which to access a VPN that you or someone else is hosting, whereas a VPN service hosts and manages its own servers.
Thus, even if you choose to use a VPN client like Viscosity, you’ll still maintain independent control over your VPN server.
Join a network of other independent VPN servers
VPN Gate, a project that began at the University of Tsukuba in Japan, offers a free method for joining its network of global VPN servers. All you have to do is set up your own computer as a VPN server linked to the VPN Gate network. One major drawback, however, is that VPN Gate maintains usage logs of all members of the VPN Gate network—that includes IP addresses, connection times, and the number of data packets that passed over the network. In that sense, VPN Gate is a very poor option for people concerned about their privacy.
This is a type of ‘decentralized VPN’, which sits somewhere between signing up with a regular VPN provider and hosting your own VPN server. Taking the control of data out of the hands of a single company may be a good thing but if these services are interoperable it means that you won’t have much say in how the software they’re using is put together. You’ll also have to be comfortable with sharing your spare bandwidth with complete strangers.
To host or not to host
At TechRadar we take a balanced view: we provide you with information in our guides and reviews, then let you make your own informed decisions.
Still, we find it hard to sit on the fence when it comes to self-hosting your VPN. Setting up and maintaining a server is a headache at the best of times, but even an experienced network administrator would find it difficult to patch every kind of security vulnerability to make a VPN server safe.
That’s why, as we said, the big organisations hire ethical hackers to try to break into their systems and list server vulnerabilities, which can then be fixed by their 24/7 teams of network engineers. Unless you have the same resources, we strongly recommend subscribing to a reputable VPN provider rather than go it alone.
If you’re a business owner and feel this isn’t right for you, consider using cloud-based software rather than VPN’s. These offer many of the same advantages, particularly for employees working remotely without the dangers of maintaining a VPN server.
