The guide starts at 11:25 TIMESTAMPS 00:00​ Introduction 01:28​ Everything wrong with the VPN services 05:50​ What are the alternatives? 07:39​ VPN services vs. Self-hosted VPNs 08:58​ Choosing a VPS provider 10:43​ My choice of the VPS provider 11:25​ Creating an account (The tutorial starts here) 11:45​ Creating a VPS 12:37​ Generating SSH keys 13:46​ Updating the packages 14:07​ Creating a non-root user 15:04​ Configuring SSH 17:14​ Installing and configuring OpenVPN 20:50​ Installing mosh 21:14​ Two-factor authentication 23:53​ Automatic updates 25:11​ Conclusion

starts at 0:00

Exactly, no matter what a VPN provider says, you have to trust them when it comes to storing and sharing your logs. If they can profit or have to protect themselves, they with share them with other companies.

Wolfgang, your content is phenomenal. Thank you for your generosity. I hope I can find the cash to donate to your channel soon because you've pieced together some concepts that I understood only in the abstract. Thank you.

Been doing it on my own for quite a while now, but with your hints I just took it to a new level of customization. Great video!

15:48 "I personally prefer to use the port 69." I see you are a man of culture

Hey, thank you for this. I saw this on google but no one makes a tutorial. Glad I saw this today on my recommendation. Gonna finish this tutorial and will sign up with your link. Thanks again

I love that you posted the timestamps. Makes this video so much more useful! Thanks!! I "liked" the video.

Thank you for the in-depth explanation, prior to even starting the setup tut. No unexpected surprises halfway through the process. This is a refreshing compared to many various installation/setup tuts I have reviewed in the past. I have subscribed. Thanks again!

All the KZbin ads being for VPN services is hilarious. Nice video!

Hello Wolfgang, I want you to know that i appreciate your in depth knowledge and have deep respect for you that you take the time to share the results of the hard work that you do in order to educate the MANY MANY people that simply have NO CLUE! Thank you. Mike S.

Thanks for sharing such an interesting content for free and with so much clarity. You deserve a lot more subscribers than people sharing their gaming sessions...

This video actually had some very useful info aside from the VPN FUD at the beginning. I'm very thankful for pointing me to an alternative VPS provider that can do terraform and ansible so I don't have to constantly suck on AWS' teat.

i really appreciate the amount of effort you put into making this tutorial and showing how serious you are about privacy

Hi Wolfgang, Thank you for sharing this information. Assuming that everything you've said is true, both the loss of privacy and not knowing who to trust is a bigger issue that most of us realize.

Fantastic video! You do such a great job that even semi-newbies can follow along easily. Thank you for your hard work.

You've actually got so quality stuff on your channel. Keep that up man!

Thank you for this video WolfGang, I usually rely on typed tutorials but I thought this was so well done that you definitely deserved the full view. Was wondering how you initially got into coding? And how a newcomer may get into it?

Really good tutorial, I was one of the many that viewed the original and thought it good. But this was great and I saved it in my linux folder for those moments I want to set something up like this. And the steps for openvpn and mosh etc was great too thanks!

Love your videos man so informative and honest. Off topic but I seen a video of yours from 2020 and you had longer hair, looked awesome and I want to try it put for myself because of seeing you with it. Thanks for the great videos bro

11:16 shocked when I saw you have the same wallpaper as myself.. subbed because you have good taste in wallpapers.. valuable info as well keep it up

I appreciate your honesty, you sum up pro's and cons and if you are sponsored, you mention it, if you see another video which explains the same thing you do but better, you are man enough to admit and mention it and give credit where it's due. You also have a very clean info page with timestamps and more and are quite humble(with self-promotion). Good lad

"I know you guys are lazy and are not going to do that" - Fuck I really DO need a VPN he knows me too well.

Excellent video! Finally someone who explains this thoroughly and also shows how to improve everything. Thank you! I'm gonna give it a try. I just want to also mention that in Linode's Master Services Agreement and in their Privacy Policy they state that personal data (including network logs) are all maintained on their servers and may be presented to law enforcement if there is a court order etc. These will be used in case of suspicious criminal activities. So unless I'm reading this wrong, they do state that information is kept on their servers. So don't go and try something bad now ;)

Thank you so much, man! It was quite difficult to set up through Windows but it worked in the end. I used your affiliate link but, really, this video is worth much more that whatever Linode pays you.

Thanks for all the hard work and information. I appreciate your dedication.

dude learning a lot here thank you. this is definitely the way

Nice video. Most VPN subject videos won't dare explain both sides (like covering situations where other tools fit - most vpn videos just say: "you need this, and this alone: It solves everything in the world."). Rare to see honesty on the subject - might actually be the first VPN based video where I've actually seen balance (it can be tiring). Kudos.

I was on the fence at first but this turned out to be very informative for a security

Excellent stuff thanks, wish I knew enough about coding to set one of these up for myself.

Personally I love the movement for personally owned data like your privacy and files. As an enthusiast with multiple industry grade certifications behind me ranging from general certifications in cyber-security & general networking to Cisco university grade diplomas. I don’t care about my own privacy (I know controversial opinion for my field..) however I stand behind this video in more ways then one, he outlines the benefits to self-hosting your own VPN perfectly. The reason I use VPN’s is to allow much better security within my networks for the company I run. By only allowing OpenVPN’s port past our network firewalls and then encrypting all user profiles substantially it allows me and our employees to access and be on these networks remotely without fear of multiple ports/applications vulnerabilities. Awesome video, love your other content too!

This tutorial is amazing and you are really good at teaching !! great job sir !

looking forward to learning from the rest of your videos. Subscribed!

you are doing gods work man thanks for lettings us know

Needed to see this. Thanks for the update. Already found some info that contridicts your statements. But this is important. It means I'm looking in the right direction, so again. Thank you. Great video.

You are great. I was surprised to see how much knowledge you have gained with this stuff.

Dry humor, subtle sarcasm, good content including debunking... Gotta love this video man. TY (learning if you search 'is pee is stored in balls' comes up with yes, was the one of the real highlights)

Welcome to the comment section! Please read the FAQ before leaving a comment: Q: How do you know that the VPS doesn't keep the logs? Isn't that the same as trusting a VPN service? A: Every Internet gateway can potentially log and monitor your traffic. A VPN (be that a VPN service or a self-hosted VPN) doesn't give you extra privacy or anonymity and can potentially monitor your activity. Instead, if you need some extra privacy while browsing the Internet, you should use Tor 06:00 As I mentioned in my last video, VPNs should be used to avoid censorship, geoblocks and DMCA letters, but they won't magically make you more secure and anonymous. Q: Are you only recommending a VPS as a solution because you were sponsored by Linode? A: No. I've been using a self-hosted VPN since 2017 and am currently using a VPS from another company. I've also been approached by a several VPN companies that offered to sponsor my videos; I politely refused their offers because such sponsorship will go against my point of view on VPN services. Linode is one of the biggest VPS providers on the market and I'm glad they sponsored this video, however you can always choose another VPS to host your VPN: DigitalOcean, Vultr, Hetzner, etc. Q: But doesn't a self-hosted VPN make you more identifiable since you're the only user? A: Unlike a VPN service, on a self-hsoted VPN you get a dedicated IP that isn't shared with any other users. However, a shared IP on a VPN service doesn't give you more privacy: you still use your real IP to connect to it, and your account has a unique identifiable set of keys. In both cases if a certain government agency were interested in your online activities, it would require requesting logs from the provider, and in case of Linode (or any VPS provider) the authorities would only retrieve connection logs (e.g. when you connected to the VPS from your IP address) - so pretty much the same as with a VPN service. In both cases the authorities can also request logs from the data center providers or hit the service with a FISA warrant if they reside in the US. Q: Is this tutorial only going to work for Linode? A: No, this tutorial applies to any KVM- (and possibly Xen-) based VPS. The only part that's going to be different is the process of creating an account, which is pretty easy.

Superb tutorial sir! Thank you so much for putting that together

I once followed a tutorial to install AnsibleVPN and although the install process was so long, I was never able to get it to work. Your video on the other hand, is straight to the point. I followed the video from 17:16 to 20:51 and was able to get OpenVPN working on my EC2 instance in less than 10 minutes. Thanks a ton!

The main reason people look for VPNs is anonimity and the possibility to change connection location and gain the ability to access services reserved only for specific places (ex Netflix). With a self hosted VPN you lose both. Anonimity: basically the same things that your ISP would spy on you, now are spyable by your VPS provider, you're just trusting a different entity. But, as you correctly said, this is a marginal problem, because only source IP and destination IP can be seen, the traffic in between is encrypted. The only thing that changes is that your ISP can only see you are contacting your VPS, and your destinations can see you are contacting them from your VPS. But that VPS can be traced back to your identity, because you're the only owner of that IP address. So we have no anonimity benefit here: in the case the sites you contact want to know who the source IP address belongs to, they can very easily if your VPS provider is complicit. This is more difficult (not impossble) with VPN services ( if they have logs of your real IP) because they have to link the traffic on their system to your real IP and identity manually by looking at metadata, because there are a lot of people using their system simultaneously. And also if the VPN service is, by chance, reliable as they say and they really don't save any logs, then you're anonymous. I don't think VPS providers keep less logs than a VPN service tbh, in this video you're just saying 'meh, I trust VPS providers more then VPN providers', without counting the fact that VPNs grants you the ability to avoid geoblocking by default, and also that the VPN providers base their business on the 'zero logs' policy, and that's not the case for VPS providers.

Thank you for 23:28 , I almost had a heart attack when my server refused to connect. Luckily I had a previous tab that I kept minimised.

Hey, you're very close to 100k subs! Congratulations!

I really appreciate this video. I've been working on getting a reliable and light weight VPN going to access local network resources, and set this thing off without a hitch following your tutorial. Thanks so much for the time and effort into putting this together, helped me a ton and saved a lot of time and headaches along the way! Cheers!

You might need two OpenVPN servers depending on your use case. I use it sometimes for old games that try to find other users on the LAN, so for that you need a bridged interface (tap) rather than the more typical tun, but if you want to use the VPN from your phone, well, the phone clients only support tun. You can run two servers on the same machine without any issues, just with the different config files. You might also need this if you want to reach other devices on your VPN, like some printers. I'm not a fan of scripts like the road warrior one... I would if they were more careful, but my server already runs a bunch of other services and unless these scripts are written super carefully they can mess up other stuff you have running already. I guess they're fine on a fresh VM though. I'm not sure offhand if Wireguard supports a bridged setup.

This is such a well made video, super informative and visually amazing. Good job!

Amazing video thank you so much. I loved the last part where you added all of these amazing features. I have a question, isn't it a bad practice to have automatic packages updates in your system ?

I just setup an OpenVPN with this. It's really useful. Thanks for the indepth and great video

Samy K's Evercookie can be used to track Tor users and Snowden revealed the NSA uses Evercookie.

that video from Tom Scott is indeed brilliant, I watched it many times for the entertainment value alone

This is a fantastic video! Thank you for starting with the clarification, and moving on to creating an at-home VPN. Also, I like your name. xD

I'm a security analyst and it's the 1st time I watch your video and I already like you cause you tell the truth. You've got one more sub!

Perfect! Finally someone who speaks at the speed of thought instead of raising my blood pressure wishing they would hurry up. Thanks for not digressing and just sticking to the facts. Don't changing anything. I hadn't heard of Linode. I just went there to check it out. I will use it for more than a VPN. Thanks TONS!

seems pretty dope. was originally just gonna buy a vpn but this seems like a way better option.

Awesome video, been wanting to do this for some time , just was not confident in doing it safely

Thanks a ton, Wolfgang - very helpful, Roger (now a subscriber)

I've never used VPN for "privacy concerns", since I know my data is out there long before anyone was aware of any internet privacy. But i do use a VPN for accessing blocked websites and that is basically the only use for a "public" VPN these days. If you want a "privacy" type of VPN then this video explains perfectly what you want to do and that is have your own VPN on a private server.

Great video, just wish I understood it more so I could give it a go! 😂

Excellent tutorial! Thank you!

This video is hilarious at the beginning and so honest! Great job!~

Excellent summary. Don't worry about redundancy in your videos. In case of tutorials it's useful.

I have never known that I can do two-factor authentication with ssh until you post this video.

Hey Wolfgan, really love your video! Is it then possible to use the vpn with multiple pc or just with one?

Outstanding work !!! I really like this !!! Your level of expertise is impressive !!!

I have a VPN set up on a VPS for port forwarding. Our home network is behind double NAT, so this is the only way for me to host anything on my PC.

I certainly hope nobody is getting Linux ISOs from Pirate Bay lol

Amazing video! Do you think it would be possible to have multiple people use this VPN? Also, do you think that maybe this could be used for a small business?

Literally got an ad for Private IP VPN that used all the same marketing tactics you mentioned, I almost thought it was part of the video for a second XD

One thing of note... If you are using a VPS - Check the Terms Of Service for the hosting/rental company. Many companies have policies against setting up VPNs on there networks for a variety of both technical and legal reasons. Many companies also have a 'One Strike / No Warning' policy when it comes to TOS violations meaning that if there systems team detects a 'banned service' or there legal team gets a DMCA violation / take-down notice. They will take down your node, wipe all of the data (including onsite backups), cancel your hosting/rental account, and notify you via email after... No Refunds. --- TLDR: Lots of providers DO allow you to set up a VPN however, If for some reason a provider doesn't allow a VPN or other services/content to be set up, it will be in the Terms of Service. Because providers don't want to terminate your account, it will usually be written in very plain, easy to understand, language... Just read the TOS and make sure you understand what you can and can not do/run with that provider *before* starting hosting with them.

It's always good to be critical about any service you're making use of. In the same sense I have two questions about the points you're making in your video: - If you're using your own OVPN install on some VPS, then all traffic can still be pinpointed to exactly the virtual machine that your running on that server. In affect, you're still rely on that VPS not to disclose the account holder to that VM. I'd say that assumption is at least as "dangerous" (and maybe even more so...) as assuming that VPN providers wouldn't back-trace the user corresponding to some traffic from x months ago. Wouldn't you agree? - Secondly, at 12:50, you seem to be saying ssh exchanges your pass in plaintext. That's not correct. To verify, I just ran a wireshark capture on my own system. Openssh is using the Diffie-Hellman encryption before your key exchange of the actual ssh connection. Maybe I'm misunderstanding you? I hope you'll take the time to respond, I'm curious to hear your thoughts.

Excellent information, thanks! Subscribed.

Great Video! I have a small issue with the vps solution because you still have to give them your personal data and you will be responsible for anything that happens on it. Nonetheless awesome explanation!

i prefer this kind of content over gnu/linux ricing good vid!

Wolfgang, I've always been a fan of testing one's security by trying to break it. You're a clever guy, so if you pretended you were an ISP and could install sslstrip on the network, had access to Let's Encrypt or your ISP/corporate certificate server, used mitmf to rewrite DNS queries I'm sure you could come up with a way to defeat the coloured padlock (note most padlocks are now grey which tacitly recognises how irrelevant they turned out to be). We're not yet at a point where we can secure a system against a malicious entity (or benevolent state actor, lol) that has physical access to one's system and this is the position we've put ISPs in.

Really useful and informative thank you!

Like very much how you explain! Many businesses leaders could learn from you. I, definitely a subscriber now

I got an ad on a Vpn called ipvanish and the first words where "The internet is tracking everything you do!"

I only download the highest quality *linux isos*

What are you, a genius. Like you showed me so many linux related, I never knew I could do sftp instead of scp command @20:00. And your explanation is smooth. Just one thing, your terminal command were disappearing within a seconds, I had to pause and slow down video to 0.25x sometimes. Anyway superb. Thanks

Asia usual, comprehensive and balanced. Thank you Wolfgang!

Correction: You say using a clear text password is a bad idea because it isn’t encrypted in transit. It IS in fact encrypted in transit and a hacker would NOT be able to see it over an infected network. However I do still recommend an ssh key as it is a much better option for many different reasons.

Great tutorial and I’m a linode fan myself. However, I would recommend a VPS provider outside of the 14 eyes territory to heighten privacy if VPN is the main objective. . Otherwise great content

I have benefited greatly from this video. Thank you!

i can watch your videos all day your voice is so Calming, one of the best channels on KZbin

Ima be honest. I have no interest in having a vpn, but this was very informative and entertaining.

Seems to me that Linode (or whatever VPS service you pick) can log your traffic. So if someone tracks your traffic to your VPS, the company that runs the VPS can tell them the identity of the person who was renting that IP address. So, it doesn’t really seem particularly anonymous.

Uuuggghhhh, I'm so confused 😭 I did subscribe, hopefully I will catch on over time ♥

So informative, thanks a lot!

6:47 The fact that he recorded himself actually searching this up is hilarious XD

This seems like an all day class crammed into less than 30 minutes.

This helped me. Thank you. [Subscribed]

Very nice with the only you can access the folder then , when opend deleted on Linux. And the full set up mate 👌

How you can be sure that ISP of your server doesnt keep logs of all traffic in dc?

I've Been Waiting This, Thanks !! But How Can You Trust These VPS Servers,isn't it the same as trusting vpn servers? Many Thanks

You sir have earned my second ever like. Congrats.

thank you! i learned so much from this.

Using password authentication on SSH is encrypted, it's send over the encrypted SSH tunnel just like any other data to the SSH server. SSH Key authentication is preferred option and provides much better security, against people setting silly easy to crack passwords.

Isn't providing your details with the vps provider a vulnerability? Shouldn't you pay for these things anonymously?

Great video :) good job wolfgang :P

thanks, man. Enjoyed the vid very much