VPN, that won't be blocked

1 Apr 2023

Hello! Today I would like to describe simple self-hosted VPN server setup.

There are many scenarios for using VPN. Probably most common is block bypass. This is especially important for countries with a totalitarian government(Russia, Belarus etc.). It also might be necessary for using some services, that blocking access for users outside the country.

Примеры использования VPN:

  • Access to Linkedin, Facebook, Instagram and other services, that are blocked in Russia(VPN outside Russia is needed)
  • Access to torrent trackers Rutracker, nnmclub etc. (VPN outside Russia is needed)
  • Access to some russian goverment services (VPN in Russia is needed)
  • Listening some audio tracks in VK Music (VPN in Russia is needed)
  • Watching football matches in matchtv (VPN in Russia is needed)

VPN services

Simplest option would be use some 3rd party VPN service, like Proton VPN, Surfshark VPN etc.

Advantages:

  • Easy to configure. Only need to install client
  • Servers in different countries
  • Might be additional features, depends on provider

Disadvantages:

  • Possible limitations from VPN provider side(amount of traffic, speed, number of clients etc.)
  • Privacy. VPN providers can have different policies for storing logs. There is no way to check it
  • Access to VPN services might be blocked by internet provider or government
  • Probably, pricing. It depends on usage scenarios

THere is a review and comparison of VPN services: https://www.pcmag.com/picks/the-best-vpn-services

Self-hosted VPN server

There is another option - buy VPS server and setup VPN server by yourself. Advantages:

  • Flexibility. Any parameters can be configured, if needed
  • VPS can be also used for some other purposes
  • No limitations on clients number, speed and traffic amount. Only hosting limitations
  • Low risc of blocking by internet provider or government
  • Privacy. Logs storage policy can be customized. Or logs can be even disabled completely
  • Account management. It's possible to create any number of accounts, or even create own VPN provider

Disadvantages:

  • Complicated configuration. Need to buy VPS and setup VPN server
  • Single location. Need to buy additional VPS for working in different location
  • Probably, pricing. It depends on usage scenarios
  • Might be blocked by hosting provider(low risk)

There is a manual VPN server installation tutorial: https://freehost.com.ua/ukr/faq/articles/kak-ustanovit-i-nastroit-l2tp-vpn-servera-na-ubuntu-server/#3

Choosing VPS

Depends on usage scenarios. In most cases it would be enough to use cheapest low-power VPS. But also need to pay attention to virtualization type. I would recommend KVM.

I'm using https://hosting101.ru/ or similar hosting aggregator for choosing VPS provider.

IPsec VPN Server Auto Setup Scripts

Configuration complexity is the main disadvantage of self-hosted VPN. There are Linux administration skills, network configuration knowledge and VPN protocols understanding required. Another option is to precisely follow the instructions and hope that everything will work as expected. Anyway, these options won't be suitable for everybody.

There is a IPsec VPN Server Auto Setup Scripts, that can be used for automatic VPN server setup. It's a good option for setup self-hosted VPN quick and simple. Especially, if there are no specific requirements.

There is a simple command to install and configure VPN server:

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh

Or several commands, for custom username/password:

wget https://get.vpnsetup.net -O vpn.sh
nano -w vpn.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]
sudo sh vpn.sh

Clients setup

There are tutorials for setup clients for any platform. I'm using this VPN server for a several years and tested it on almost all platforms. Several months ago I configured second server in different location.

Possible blocking

It's very low risk. In theory, self-hosted VPN can be blocked by internet provider or government. There are technical details in article: https://habr.com/ru/post/710980/.

However, in reality internet provider won't do it without reason. And government wouldn't block private ip address, which is not mentioned anywhere. In case it will, it would be enough to configure VPN on another server. Blocking of all VPN traffic is also low risk, because VPN is widely used for many companies for remote access to infrastructure.

That's all for now. Thank you for your attention!