How I Set Up My Own Private VPN (And How You Can Too)
I wanted a VPN that I could fully control — no subscriptions, no third-party logging, no limits. Instead of paying for a commercial service, I decided to spin up my own using a cheap cloud server and a simple OpenVPN install script. It turned out to be way easier than I expected, and in this guide I’ll walk you through exactly what I did so you can do the same.
You don’t need to be a networking expert, and you don’t need expensive hardware. As long as you can access a Linux VPS and run a few commands, you’re good.
Choosing a Server
The first thing you need is a virtual private server (VPS). Any provider works — DigitalOcean, Vultr, Linode, Hetzner, AWS Lightsail, etc. I used an Ubuntu server with a basic plan (1GB RAM and a single CPU), which is more than enough for personal VPN use.
Once the server was ready, I connected to it from my computer using SSH:
ssh root@YOUR_SERVER_IP
That puts you directly into the terminal of your VPS. If you’re using a non-root user with sudo privileges, that works just as well.
Before installing anything, I updated the packages just to avoid running into outdated dependencies:
apt update && apt upgrade -y
Grabbing the OpenVPN Install Script
The easiest way to set up OpenVPN is with the installation script created by angristan. It handles all the configuration, so you don’t have to manually edit files or generate certificates.
I downloaded it with:
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
Once it was executable, I ran the installer:
./openvpn-install.sh
The script walks you through a few setup questions — things like protocol, port, DNS provider, and client name. In most cases, you can just press Enter to accept the defaults. At the end, it generates a .ovpn file for your first client. That file is what you’ll use to connect your device to the VPN.
Getting the VPN Profile to Your Device
After installation, the script created something like myvpn.ovpn in the server’s root directory. I needed that file on my local machine, so I copied it over using SCP:
scp root@YOUR_SERVER_IP:/root/myvpn.ovpn .
Now I had the configuration file on my computer and could use it to connect from any device.
Connecting to the VPN
On desktop (Windows, macOS, or Linux), all you need is the OpenVPN client. You just import the .ovpn file and hit connect. On mobile (Android or iOS), the OpenVPN Connect app works the same way — import the file and connect.
Once you’re connected, your traffic is routed through your server. You can verify this by checking your IP address online or running:
curl ifconfig.me
Adding More Users Later
If you ever want to generate another VPN profile — maybe for your phone or someone else — you can just run the same install script again:
./openvpn-install.sh
It will detect that OpenVPN is already installed and ask what you want to do (add a new user, revoke one, or uninstall the VPN entirely). Each new profile gets its own .ovpn file.
Locking Things Down (Optional)
Even though the script sets up the VPN correctly, I added a basic firewall just to be safe. Here’s what I used:
apt install ufw -y
ufw allow 22
ufw allow 1194/udp
ufw enable
You can go further with things like fail2ban or disabling root login, but that’s optional and depends on how secure you want the server to be.
If Something Doesn’t Work
Most connection issues come from firewalls blocking the VPN port or the client not using the right configuration file. Checking the open ports on your server or trying another device usually solves it.
If your IP doesn’t change when connected, it might just be DNS. Restarting your device or selecting a different DNS provider during setup can fix that.
That’s Really It
Once everything was up and running, I had a private VPN that I control completely — no data tracking, no bandwidth limits, and barely any monthly cost aside from the VPS.
If you’d like, I can help you turn this into a downloadable PDF, add screenshots, or tailor it to a specific provider like DigitalOcean or AWS. Just tell me what direction you want to take it next.