We’ve talked recently about what our favorite Virtual Private Network (VPN) services were. I kept quiet on that one, because I hadn’t decided on my favorite VPN server. Well, now I have, and it’s one I installed myself. You can do the same, for free or extremely cheap. Let’s look at how it’s done.
What’s This About VPNs?
We’ve talked extensively in the past about VPNs. The topic has come back to light of late, with the current United States government repealing certain FCC regulations. Those regulations would have kept internet providers from selling your browsing history.
Andrew Orr does a pretty good job of summing up what a VPN service is and does.
A virtual private network (VPN) is a private network that lets you connect to the web. It works by tunneling your web traffic through an encrypted connection to a server controlled by the provider. Then, from the server it connects to the internet. Using a VPN prevents your ISP or other third parties from knowing which websites you browse to. They can see that you connect to the VPN, but they can’t read the encrypted traffic.
In a nutshell, it’s a way of hiding from your internet provider what websites you’re visiting. It also hides from those websites you browse precisely where you’re surfing from. These services can cost anywhere from $2.99 per month to almost $10 per month.
Why Would I Want to Install My Own VPN?
There are several reasons for this. One, you can’t be sure that your VPN server provider isn’t selling your browsing data to a third party. After all, they’re allowed to do so under law, and some of the existing services are a bit … shady. Secondly, you get much more control over your VPN experience. Third, many existing VPN services are very limited in how much bandwidth you can use. Finally, as the author of my favorite VPN server notes, “They’re crap.” That’s due to shared keys, weak cryptography, and a requirement to trust unseen and unknown people.
What VPN Server Software Should I Use?
I picked Algo for a number of reasons. It’s developed by a community of strongly security-minded folks, and it’s free to use. It also utilizes Internet Key Exchange (IKE) version two, which is stronger, more reliable, and more mobile-friendly. IKE v2 makes configuring your iOS VPN client as simple as possible, and connecting to it is even easier.
Up next: Deciding where to host your VPN Server
You made a bit of an error. Earlier, you said you said No to whether you wanted the CA certificate retained, but at the end you said that you could update users—using a method that requires the CA certificate to be retained.
Thanks! Set up my own vpn server.
Thanks, Jamie! We all do our best 😀
I’m really enjoying your articles, Jeff (and Melissa, and Bob etc.). Great user-ccentric technical articles are something I’ve really missed as they’ve become less common on most Apple sites these days. This is something I really appreciate about TMO.
It’s what I do, Ducky. It’s what I do 🙂
Interesting. Thanks
@geoduck: I have good news for you! DigitalOcean has data centers in other regions than the US. Specifically, they have data centers in Amsterdam, Singapore, London, Frankfurt, Toronto, and Bangalore. Installation is so simple that you can destroy your existing droplet and create a new one in a matter of minutes, so changing locations from day to day isn’t too strenuous.
The one issue with this is the location of the server. I’m specifically looking for a server outside of the US, and other Five-Eyes countries. I like existing services because I can run my Mac through Germany, one day, the Netherlands the next and have my phone going through Singapore. If my personal VPN server is set up in the US, then it’s a fixed target in a vulnerable location.