The guide starts at 11:25 TIMESTAMPS 00:00​ Introduction 01:28​ Everything wrong with the VPN services 05:50​ What are the alternatives? 07:39​ VPN services vs. Self-hosted VPNs 08:58​ Choosing a VPS provider 10:43​ My choice of the VPS provider 11:25​ Creating an account (The tutorial starts here) 11:45​ Creating a VPS 12:37​ Generating SSH keys 13:46​ Updating the packages 14:07​ Creating a non-root user 15:04​ Configuring SSH 17:14​ Installing and configuring OpenVPN 20:50​ Installing mosh 21:14​ Two-factor authentication 23:53​ Automatic updates 25:11​ Conclusion

starts at 0:00

Exactly, no matter what a VPN provider says, you have to trust them when it comes to storing and sharing your logs. If they can profit or have to protect themselves, they with share them with other companies.

Welcome to the comment section! Please read the FAQ before leaving a comment: Q: How do you know that the VPS doesn't keep the logs? Isn't that the same as trusting a VPN service? A: Every Internet gateway can potentially log and monitor your traffic. A VPN (be that a VPN service or a self-hosted VPN) doesn't give you extra privacy or anonymity and can potentially monitor your activity. Instead, if you need some extra privacy while browsing the Internet, you should use Tor 06:00 As I mentioned in my last video, VPNs should be used to avoid censorship, geoblocks and DMCA letters, but they won't magically make you more secure and anonymous. Q: Are you only recommending a VPS as a solution because you were sponsored by Linode? A: No. I've been using a self-hosted VPN since 2017 and am currently using a VPS from another company. I've also been approached by a several VPN companies that offered to sponsor my videos; I politely refused their offers because such sponsorship will go against my point of view on VPN services. Linode is one of the biggest VPS providers on the market and I'm glad they sponsored this video, however you can always choose another VPS to host your VPN: DigitalOcean, Vultr, Hetzner, etc. Q: But doesn't a self-hosted VPN make you more identifiable since you're the only user? A: Unlike a VPN service, on a self-hsoted VPN you get a dedicated IP that isn't shared with any other users. However, a shared IP on a VPN service doesn't give you more privacy: you still use your real IP to connect to it, and your account has a unique identifiable set of keys. In both cases if a certain government agency were interested in your online activities, it would require requesting logs from the provider, and in case of Linode (or any VPS provider) the authorities would only retrieve connection logs (e.g. when you connected to the VPS from your IP address) - so pretty much the same as with a VPN service. In both cases the authorities can also request logs from the data center providers or hit the service with a FISA warrant if they reside in the US. Q: Is this tutorial only going to work for Linode? A: No, this tutorial applies to any KVM- (and possibly Xen-) based VPS. The only part that's going to be different is the process of creating an account, which is pretty easy.

Hey, thank you for this. I saw this on google but no one makes a tutorial. Glad I saw this today on my recommendation. Gonna finish this tutorial and will sign up with your link. Thanks again

One thing of note... If you are using a VPS - Check the Terms Of Service for the hosting/rental company. Many companies have policies against setting up VPNs on there networks for a variety of both technical and legal reasons. Many companies also have a 'One Strike / No Warning' policy when it comes to TOS violations meaning that if there systems team detects a 'banned service' or there legal team gets a DMCA violation / take-down notice. They will take down your node, wipe all of the data (including onsite backups), cancel your hosting/rental account, and notify you via email after... No Refunds. --- TLDR: Lots of providers DO allow you to set up a VPN however, If for some reason a provider doesn't allow a VPN or other services/content to be set up, it will be in the Terms of Service. Because providers don't want to terminate your account, it will usually be written in very plain, easy to understand, language... Just read the TOS and make sure you understand what you can and can not do/run with that provider *before* starting hosting with them.

All the KZbin ads being for VPN services is hilarious. Nice video!

15:48 "I personally prefer to use the port 69." I see you are a man of culture

Been doing it on my own for quite a while now, but with your hints I just took it to a new level of customization. Great video!

The main reason people look for VPNs is anonimity and the possibility to change connection location and gain the ability to access services reserved only for specific places (ex Netflix). With a self hosted VPN you lose both. Anonimity: basically the same things that your ISP would spy on you, now are spyable by your VPS provider, you're just trusting a different entity. But, as you correctly said, this is a marginal problem, because only source IP and destination IP can be seen, the traffic in between is encrypted. The only thing that changes is that your ISP can only see you are contacting your VPS, and your destinations can see you are contacting them from your VPS. But that VPS can be traced back to your identity, because you're the only owner of that IP address. So we have no anonimity benefit here: in the case the sites you contact want to know who the source IP address belongs to, they can very easily if your VPS provider is complicit. This is more difficult (not impossble) with VPN services ( if they have logs of your real IP) because they have to link the traffic on their system to your real IP and identity manually by looking at metadata, because there are a lot of people using their system simultaneously. And also if the VPN service is, by chance, reliable as they say and they really don't save any logs, then you're anonymous. I don't think VPS providers keep less logs than a VPN service tbh, in this video you're just saying 'meh, I trust VPS providers more then VPN providers', without counting the fact that VPNs grants you the ability to avoid geoblocking by default, and also that the VPN providers base their business on the 'zero logs' policy, and that's not the case for VPS providers.

Hello Wolfgang, I want you to know that i appreciate your in depth knowledge and have deep respect for you that you take the time to share the results of the hard work that you do in order to educate the MANY MANY people that simply have NO CLUE! Thank you. Mike S.

I love that you posted the timestamps. Makes this video so much more useful! Thanks!! I "liked" the video.

i really appreciate the amount of effort you put into making this tutorial and showing how serious you are about privacy

"I know you guys are lazy and are not going to do that" - Fuck I really DO need a VPN he knows me too well.

I once followed a tutorial to install AnsibleVPN and although the install process was so long, I was never able to get it to work. Your video on the other hand, is straight to the point. I followed the video from 17:16 to 20:51 and was able to get OpenVPN working on my EC2 instance in less than 10 minutes. Thanks a ton!

Personally I love the movement for personally owned data like your privacy and files. As an enthusiast with multiple industry grade certifications behind me ranging from general certifications in cyber-security & general networking to Cisco university grade diplomas. I don’t care about my own privacy (I know controversial opinion for my field..) however I stand behind this video in more ways then one, he outlines the benefits to self-hosting your own VPN perfectly. The reason I use VPN’s is to allow much better security within my networks for the company I run. By only allowing OpenVPN’s port past our network firewalls and then encrypting all user profiles substantially it allows me and our employees to access and be on these networks remotely without fear of multiple ports/applications vulnerabilities. Awesome video, love your other content too!

Hi Wolfgang, Thank you for sharing this information. Assuming that everything you've said is true, both the loss of privacy and not knowing who to trust is a bigger issue that most of us realize.

Dry humor, subtle sarcasm, good content including debunking... Gotta love this video man. TY (learning if you search 'is pee is stored in balls' comes up with yes, was the one of the real highlights)

I certainly hope nobody is getting Linux ISOs from Pirate Bay lol

that video from Tom Scott is indeed brilliant, I watched it many times for the entertainment value alone

Wolfgang, your content is phenomenal. Thank you for your generosity. I hope I can find the cash to donate to your channel soon because you've pieced together some concepts that I understood only in the abstract. Thank you.

I appreciate your honesty, you sum up pro's and cons and if you are sponsored, you mention it, if you see another video which explains the same thing you do but better, you are man enough to admit and mention it and give credit where it's due. You also have a very clean info page with timestamps and more and are quite humble(with self-promotion). Good lad

It's always good to be critical about any service you're making use of. In the same sense I have two questions about the points you're making in your video: - If you're using your own OVPN install on some VPS, then all traffic can still be pinpointed to exactly the virtual machine that your running on that server. In affect, you're still rely on that VPS not to disclose the account holder to that VM. I'd say that assumption is at least as "dangerous" (and maybe even more so...) as assuming that VPN providers wouldn't back-trace the user corresponding to some traffic from x months ago. Wouldn't you agree? - Secondly, at 12:50, you seem to be saying ssh exchanges your pass in plaintext. That's not correct. To verify, I just ran a wireshark capture on my own system. Openssh is using the Diffie-Hellman encryption before your key exchange of the actual ssh connection. Maybe I'm misunderstanding you? I hope you'll take the time to respond, I'm curious to hear your thoughts.

Don't let the internet hate stop your grind! Keep up the good work!

Ima be honest. I have no interest in having a vpn, but this was very informative and entertaining.

Excellent video! Finally someone who explains this thoroughly and also shows how to improve everything. Thank you! I'm gonna give it a try. I just want to also mention that in Linode's Master Services Agreement and in their Privacy Policy they state that personal data (including network logs) are all maintained on their servers and may be presented to law enforcement if there is a court order etc. These will be used in case of suspicious criminal activities. So unless I'm reading this wrong, they do state that information is kept on their servers. So don't go and try something bad now ;)

This video actually had some very useful info aside from the VPN FUD at the beginning. I'm very thankful for pointing me to an alternative VPS provider that can do terraform and ansible so I don't have to constantly suck on AWS' teat.

seems pretty dope. was originally just gonna buy a vpn but this seems like a way better option.

This seems like an all day class crammed into less than 30 minutes.

Thank you for the in-depth explanation, prior to even starting the setup tut. No unexpected surprises halfway through the process. This is a refreshing compared to many various installation/setup tuts I have reviewed in the past. I have subscribed. Thanks again!

Correction: You say using a clear text password is a bad idea because it isn’t encrypted in transit. It IS in fact encrypted in transit and a hacker would NOT be able to see it over an infected network. However I do still recommend an ssh key as it is a much better option for many different reasons.

I only download the highest quality *linux isos*

our pronounciation is very on point. I really respect people who put in the effort to pronounce words of different languages as well as possible

imagine using openvpn in 2020 this post was made by wireguard gang

I got an ad on a Vpn called ipvanish and the first words where "The internet is tracking everything you do!"

"I know you guys are lazy and you're not gonna do that" 😂😂😂 this guy knows his audience too well.

Thank you for 23:28 , I almost had a heart attack when my server refused to connect. Luckily I had a previous tab that I kept minimised.

For those watching in 2023, as he mentioned, a VPN like this won't work for changing location often, BUT this is now extremely useful if you have a Netflix account that has multiple users. Netflix recently started charging extra for users not in the same household. Give those users access to your personal VPN and BOOM! No more extra charges!!

Samy K's Evercookie can be used to track Tor users and Snowden revealed the NSA uses Evercookie.

Using password authentication on SSH is encrypted, it's send over the encrypted SSH tunnel just like any other data to the SSH server. SSH Key authentication is preferred option and provides much better security, against people setting silly easy to crack passwords.

Nice video. Most VPN subject videos won't dare explain both sides (like covering situations where other tools fit - most vpn videos just say: "you need this, and this alone: It solves everything in the world."). Rare to see honesty on the subject - might actually be the first VPN based video where I've actually seen balance (it can be tiring). Kudos.

Thanks for sharing such an interesting content for free and with so much clarity. You deserve a lot more subscribers than people sharing their gaming sessions...

Perfect! Finally someone who speaks at the speed of thought instead of raising my blood pressure wishing they would hurry up. Thanks for not digressing and just sticking to the facts. Don't changing anything. I hadn't heard of Linode. I just went there to check it out. I will use it for more than a VPN. Thanks TONS!

I'm a security analyst and it's the 1st time I watch your video and I already like you cause you tell the truth. You've got one more sub!

6:47 The fact that he recorded himself actually searching this up is hilarious XD

I have never known that I can do two-factor authentication with ssh until you post this video.

11:16 shocked when I saw you have the same wallpaper as myself.. subbed because you have good taste in wallpapers.. valuable info as well keep it up

Excellent summary. Don't worry about redundancy in your videos. In case of tutorials it's useful.

Unfortunately one just needs to read or listen to Edward Snowden to know especially in the US we can be easily observed

Most videos i wouldn't trust to tell me these kinds of things, but seeing how you clearly address each claim and take it apart, and you address the counter-claims to your own argument and explain why that is wrong in such a clear way. You could call this blind faith, but i think this is one of the mos educational videos i've seen in the last 4 years. (please don't mind my grammar and capitalization errors, i just quickly wrote this to express how great this video is)

Isn't providing your details with the vps provider a vulnerability? Shouldn't you pay for these things anonymously?

10:25 I'm in Switzerland and I _might_ use BitTorrent a lot without a VPN. I have never been contacted by any copyright authorities nor have I heard of something like that happening to someone else. In Germany, however, the threat of receiving an "Abmahnung" from copyright lawyers with an invoice for a substantial sum is very real. And regarding "strict copyright laws": in Switzerland we have the legal right to make personal copies of any published work and share them with close family and friends. You can legally copy a book or a movie and give it to your mother. You can even hire a third-party to copy it for you.

I use Linode... been really pleased with their VPS services.

dude learning a lot here thank you. this is definitely the way

I have no idea how to do anything I just watched. Still interesting though

i can watch your videos all day your voice is so Calming, one of the best channels on KZbin

I have a VPN set up on a VPS for port forwarding. Our home network is behind double NAT, so this is the only way for me to host anything on my PC.

i was gonna do all these steps until i realized i don't know anything about coding.

Thank you so much, man! It was quite difficult to set up through Windows but it worked in the end. I used your affiliate link but, really, this video is worth much more that whatever Linode pays you.

If a computer turned human, he is exactly what it would look and sound like.

Seems to me that Linode (or whatever VPS service you pick) can log your traffic. So if someone tracks your traffic to your VPS, the company that runs the VPS can tell them the identity of the person who was renting that IP address. So, it doesn’t really seem particularly anonymous.

Needed to see this. Thanks for the update. Already found some info that contridicts your statements. But this is important. It means I'm looking in the right direction, so again. Thank you. Great video.

Great video, just wish I understood it more so I could give it a go! 😂

You might need two OpenVPN servers depending on your use case. I use it sometimes for old games that try to find other users on the LAN, so for that you need a bridged interface (tap) rather than the more typical tun, but if you want to use the VPN from your phone, well, the phone clients only support tun. You can run two servers on the same machine without any issues, just with the different config files. You might also need this if you want to reach other devices on your VPN, like some printers. I'm not a fan of scripts like the road warrior one... I would if they were more careful, but my server already runs a bunch of other services and unless these scripts are written super carefully they can mess up other stuff you have running already. I guess they're fine on a fresh VM though. I'm not sure offhand if Wireguard supports a bridged setup.

This dude has intelligent humor! Subbed!

Great tutorial and I’m a linode fan myself. However, I would recommend a VPS provider outside of the 14 eyes territory to heighten privacy if VPN is the main objective. . Otherwise great content

Excellent stuff thanks, wish I knew enough about coding to set one of these up for myself.

Love your videos man so informative and honest. Off topic but I seen a video of yours from 2020 and you had longer hair, looked awesome and I want to try it put for myself because of seeing you with it. Thanks for the great videos bro

There are a few thing he got wrong: ISPs only have access to your IP address and the destination like he said, but that's still valuable information since third party cookies are often blocked and the only other good identification method that's left is fingerprinting. I know out of second hand that ISPs sell mapping files legally in eurpe. The IP addresses and the time can be used to connect your accounts on different platforms. There is a difference between the https encryption (128 bits) and aes-256 (256 bits). 256 is practically impossible to crack, while 128 is just still very resource intense to crack. A self hosted VPN does not really make you anonymous, if your the only person using it and the server can be traced back to you. The anonymity with a VPN comes from multiple people using the same server (and IP address).

Thank you for this video WolfGang, I usually rely on typed tutorials but I thought this was so well done that you definitely deserved the full view. Was wondering how you initially got into coding? And how a newcomer may get into it?

i prefer this kind of content over gnu/linux ricing good vid!

"Linux ISOs" 😂 Good one.

Literally got an ad for Private IP VPN that used all the same marketing tactics you mentioned, I almost thought it was part of the video for a second XD

It's funny seeing downloading legally obtained content turned into linux ISO's through time hahahahaha lol

15:49 Someday I'll be grown up enough to not laugh at 69, but today is not the day 😆

Thanks a ton, Wolfgang - very helpful, Roger (now a subscriber)

How you can be sure that ISP of your server doesnt keep logs of all traffic in dc?

As a Network Engineer and Security Analyst, I can safely say most of what Wolfgang is saying in true. However, I can tell you that Tor is actually monitored. The NSA has control of many TOR exit nodes and retains logs for many ISPs. I can point you to numerous leaked documents proving they are pushing the security-conscientious among us, towards Tor for a reason. Snowden was used as a Trojan horse to get us Analysts into believing Tor was a safe alternative. Not to mention, you are disregarding that vPS is just as bad. The provider you go with has the exact same capabilities to monitor you as a VPN provider would.

You've actually got so quality stuff on your channel. Keep that up man!

For Mobile Users Timestamps: 00:00 Introduction 00:33 "But I only use VPN for Netflix..." 01:28 Everything wrong with the VPN services 01:49 "Your ISP is spying on you!" 02:27 "Open Wi-Fi networks are dangerous!" 02:39 Military Encryption (tm) 03:28 "We will never keep logs or sell your data!" 04:03 PureVPN and Schroedinger's logs 05:09 PrivateInternetAccess acquisition 05:23 NordVPN 2018 breach 05:50 What are the alternatives? 06:00 Tor 07:25 Self-hosted VPN 07:39 VPN services vs. Self-hosted VPNs 08:58 Choosing a VPS provider 09:18 Virtualisation technology 09:49 Dedicated IPv4 address 10:11 Location 10:43 My choice of the VPS provider 11:25 Creating an account (The tutorial starts here) 11:45 Creating a VPS 12:37 Generating SSH keys 13:46 Updating the packages 14:07 Creating a non-root user 15:04 Configuring SSH 17:14 Installing and configuring OpenVPN 20:50 Installing mosh 21:14 Two-factor authentication 23:53 Automatic updates 25:11 Conclusion

Somebody ask how does AES, DES, VPN technology secure their data? answer: Intel Management Engine (ME)=wide open for us!

I love the way you talk, it's very relaxing

Nice video man, but at 12:25 or so, you say that passwords will be sent unencrypted-In the clear. That just isn’t true. SSH never sends passwords in the clear. Now it is true that if you use passwords instead of public keys, your server can much more easily be hacked, but that’s not because the password is sent in the clear. It’s just because passwords are easier to guess using sophisticated password cracking tools. If you use a password that is over 12 characters long, maybe 20 or 30 characters, including non-dictionary words, your password will be pretty secure and not able to be broken by the current generation of cracking technologies running on GPUs or FPGAs. That said, there is no good reason not to use a public key. However please don’t give out miss information like passwords are sent in the clear.

Good info ... BUT : in the end your just trading 1 VPN Service for another.... hahhhaha

I was on the fence at first but this turned out to be very informative for a security

I've Been Waiting This, Thanks !! But How Can You Trust These VPS Servers,isn't it the same as trusting vpn servers? Many Thanks

Yeah yeah all the stuff... IS THAT GNOME? (mine was just a joke, I didn't mean to start a DE war >.

hey Wolfgang, first of all thanks for the Video it helps a lot to understand more about VPNs. But a small note you showed an article from DW at 10:24 that interviewed few people from the "Piraten Party" the comments from these people sounds fine but we should not forget that the "Piraten Party" is a satire party in Germany (for example they demand a "beer price brake"). All in all I don't think the article is the best to show the problems we have with copyright laws in german speaking countries. Thanks for the Video. Greetings from Germany

Yeah uh, recently, my wonderful president decided to threaten us with "shutting the social media down" just because this brilliant person got a hate comment in his tweet Bruh

"i personally like to use port 69" ha !

Really great tutorial! You just forgot to mention that for most VPS, using port 69 for ssh will require to open this port on you virtual machine firewall =)

I'm a newbie to all things related to coding. I'm learning SQL and Python and how API's work. But how did you learn about this? Can you give me some pointers on how you learned all this? What books have you read? Do you have any recommendations on where I should start? Warmest regards M

Everyone else trying to get more security Me and the bois selling our own data

This tutorial is amazing and you are really good at teaching !! great job sir !

11:53 Seinfeld

If the vpn is hosted on Linode, can't Linode still see the traffic going to the vpn server?

The only youtuber that uses air quotes correctly.

I was looking for Hello World :(

13:08 hmmm, last time I check ssh was installed by default on Windows 10

Fantastic video! You do such a great job that even semi-newbies can follow along easily. Thank you for your hard work.