DEV Community

Roberto Di Bella
Roberto Di Bella

Posted on

The ultime guide to privacy on web: a free enterprise grade VPN

In the world we live in, internet providers share your private data with advertisers. Aren’t you tired of it?

Photo by [Tim Mossholder](https://unsplash.com/@timmossholder?utm_source=medium&utm_medium=referral) on [Unsplash](https://unsplash.com?utm_source=medium&utm_medium=referral)

“What do they know about me? How are they able to do it?” Well, it’s pretty simple, the majority of the information shared online flows unencrypted between your device and your ISP servers, making them aware of whatever you do online.

ISPs use your information to track your habits, your tastes, your interests and dreams, and even your deepest fears.

“Do they care about me?” Absolutely not. They simply sell all this information to advertisers, the ones who actually care-enough to buy your attention. In addition, they block you from viewing some particular sites and this is just censorship 101.

“So do I just need a VPN provider and all my dreams and secrets will be safe?” Well… let’s think about it for a second.

When you connect your device to a VPN, you establish an encrypted tunnel between your device and that server. Nobody can see what’s happening in the middle of this tunnel, not even your ISP.

“Ok, so I just need to buy a VPN subscription right? I just have so many now, one more won’t make a difference…”

A VPN subscription doesn’t make you magically anonymous. You’re just moving the risk down the VPN tunnel as the VPN company can now see all your internet traffic. In fact, many of them sell your data to scammers and advertisers already. If this wasn’t enough they get constantly hacked.

So let’s recap a little bit,

Do you want to let your ISP share your private data with advertisers?
Sure not.
Do you want to pay your VPN provider to sell your private data to advertisers?
Hell no!
Then welcome to a quick and easy guide on how to build your own VPN on the world’s most secure enterprise cloud. For free.

Already some years ago Woz was recommending everybody to create their own VPN with a Raspberry Pi in their own home but, as I explained in one of my previous articles, for many reasons a Cloud Free Tier can be better than a Raspberry Pi, and in this case, it is just way better.

Stephen Wozniak’s tweet in 2017. With Steve Jobs they founded Apple in 1976.

Another good advantage of this approach is that you can choose the country from which your connection will appear by choosing the Datacenter in which you will create your resource.

So how do we do this?

In this tutorial, we are gonna use Oracle Cloud Free Tier, which just gives the greatest amount of resources available for free without any expiration limit, in this way you’ll have your free VPN up and running for free forever.

So here below you can find Oracle’s footprint in the world. Be aware that Always-free resources will be available only in your home region, the one that you choose when you sign up for the account, and your connection will appear as if it is from this country so choose carefully! You will not be able to change it later.

Oracle regions around the world. Feel free to chose the country from which your location will appear.

So if you haven’t done it already, sign up for a free account on cloud.oracle.com

Step 1: Create a Virtual Cloud Network

Once you have your account set up, just connect from the Oracle’s cloud home page and you will find Oracle Cloud Infrastructure’s home page.

We first need a VCN (Virtual Cloud Network) in which our server will be created in. So, from the hamburger-menu on the top left chose Networking -> Virtual Cloud Networks as shown in the image above.

Use the Start Wizard button to let Oracle help you in creating the VCN and everything will be fine, just follow the steps as shown below.

In the first page of the configuration you can choose a name and leave default compartment. To fill the Configure VCN and Subnet section I advise you to follow the default hints provided (or you can fill as shown in the image).

On the second page you can review the settings and just click create. It will take some seconds and after you will receive a confirmation message. If some errors arise you can first try to click the “Re-try” button otherwise revise the steps you made and make sure to follow the screenshots above.

Step 2: Let’s open some ports

Before we move on to create our server, we just need to do some quick modifications to the Security List. Security List acts as a firewall to block unauthorised access to your resources so be careful and open only the ports you REALLY need. In this case we will just open the port 51820 that we will use later.

To do this, from the Hambuger Menu go to Networking -> Virtual Cloud Networks and click on the VCN you just created to see the details as shown below.

Then, on the left you will need to click on Security Lists section and click on Default Security List.

By clicking on the blue button “Add Ingress Rules” you will find a window similar to the one below and make sure to fill it in the exact same way so our VPN will have Internet connectivity otherwise you won’t be able to navigate once you connected to the VPN.

Step 3: It’s time to create the server — we will use a Linux VM

From the same hamburger menu you used at step 1, let go to Compute-> Instances and create a virtual machine that will host our VPN as shown here below.

Feel free to choose you preferred name and the same compartment you chose in step 1 and make sure you use Canonical Ubuntu 18.04 image as shown below. If this is not automatically selected, use the “Change Image” button to select the correct image.

Also, make sure you are using the VM.Standard2.E2.1.Micro shape that represents the only shaope available under the Always Free resources. This way the machine will always be free.

It’s time to select the VCN you created at Step1 and make sure to select the Public Subnet and to select “Assign a Public IP Address” option otherwise you won’t be able to connect to the server in the next step.

It’s now time to choose your own SSH Key or choose one automatically generated. As shown you need to upload the Public one that ends with .pub

I wrote an extensive article showing how to do this so feel free to read it if you have any issue.

By clicking create, the instance will be provisioned and once it will be ready you will see something like this, in which you will find the public-ip address in the upper right quadrant under “Instance Access”, the thing you will need to move forward to Step 4.

Step 4: Connect to the server and install the VPN software

Ok, we created a machine and we need to connect to it. You can find endless of guides and tutorial that will show you how to connect to one. As I mentioned I already wrote one on how to connect to it from a Windows machine so now I will show you how to do it from a Mac/Linux terminal.

The command you need to use is shown below.

The software we will use is called PiVPN, it is open source and very famous. It was meant at the beginning as a lightweight distribution to use on your Raspberry Pi but it turn out to be great on cloud machines as well.

It packs to different VPN software versions, WireGuard (preferred) and OpenVPN. They both work great but WireGuard is more gently on mobile device battery and I chose this one.

To start the installation just type the following command taken directly from PiVPN’s website.

[https://www.pivpn.io](https://www.pivpn.io)

After you hit enter, you will see the following message that will start the installation. Feel free to follow the subsequent steps.

NOTE: To change the default options, move with the Tab key and select the option using the Spacebar key.

Remember at step 2 we opened the port? Make sure is the same one!

The next step is really important, because you will need to choose your DNS provider, there are many options and you can search the one that suits you best but in most cases CloudFlare will be the best one.

After the reboot is complete (it will take some minutes) reconnect to it and run as advised the “pivpn add” command to create a certificate for the VPN connection.

By default the certificate will be created in the ~/config/ folder with the name you chose and the .conf extension.

You now need to bring this certificate to the device you want to connect with, so to copy the file to your current machine use the following command. In my case the certificate will appear on my Desktop.

Step 5: Connect to the VPN and safely browse the web!

Now it’s time you connect to the VPN and start browsing safely.

You just need to download WireGuard client on your device and load the certificate you just downloaded. If you are using a Mac you will find a screenshot similar to the one below so you just need to click the Import button and that’s it!

Final Thoughts

There are many options out there on how to build your own VPN, I chose Oracle Cloud because it offers you the greatest amount of free resources without any time expirations and it is the most secure cloud out there.

PiVPN has been chosen for many reasons, it is very easy to install and it can be configured easily with PiHole to get a Free VPN that also blocks annoying ads and lets you save data as well.

Stay tuned for the next article on how to configure PiHole on PiVPN and get a Network-level Ads blocker that allows you to block ads also in non-traditional places such as mobile apps and smart TVs.

Resources

5 Reason why Oracle Cloud free tier is better than your Raspberry Pi

Oracle Cloud Free Tier Signup

PiVPN

PiHole

Discussion (3)

Collapse
aghost7 profile image
Jonathan Boudreau • Edited on

Its very hard for me to consider using VPN due to DNS over HTTPS with encrypted SNI providing a fairly good level of privacy. VPNs also fail to protect against a slew of fingerprinting techniques.

Collapse
tomreifenberg profile image
Tom Reifenberg

This seems like a great way to build a VPN, thanks for making this tutorial!

I'm curious to know how Oracle affords to offer cloud use for building that encrypted tunnel with it being free to users forever, though.

Collapse
yoursunny profile image
Junxiao Shi

Step 2: Let’s open some ports

Hmm, that's why my website isn't reachable from the Internet.
Every other VPS is provisioned without any firewall.