What is VPN setup? How to set up your own VPN server

The issue of creating your own VPN server is now more pressing than ever. This technology will help you achieve increased security and anonymity online. Below we will look at the basics of creating VPN servers and connecting to them from different platforms: Windows, Mac OS X and Linux, as well as from smartphones running Android and iOS.

Why make your own VPN server

Before creating and configuring a server, let's figure out why it is needed at all. Isn't it easier to connect to one of the many ready-made services? In fact, having your own server has a number of advantages:

  • stable speed;
  • lack of IP neighbors;
  • full control over security, encryption, speed and other attributes;
  • renting a server is cheaper than buying a subscription to ready-made VPN services.

There are also disadvantages:

  • you will have to figure out the settings, which is not always possible for a beginner;
  • you need to regularly monitor the release of security patches if data confidentiality is at the forefront of your mind;
  • You will still have to shell out a certain amount (to rent a VPS) if you plan to set up a more or less secure connection. On average, you can now find a server with decent speeds for $3-$5 per month, but there are also more expensive plans that offer increased levels of security and/or speed.

How to create a personal VPN server

Let’s say right away that creating your own dedicated VPN server is a rather complicated matter, requiring a lot of technical skills and knowledge, the description of which is beyond the scope of this article. Here we will tell you the general principles of creating a VPN server, and also describe the process of connecting to it.

To create your own secure VPN, you will need to rent a virtual server - VPS. The cost of such a service now fluctuates around 3–5 dollars per month for acceptable communication quality. The most popular hosting sites where you can rent a server:

  • fozzy ;
  • expressVPN.

If your goal when using a VPN server is to bypass blocks and restrictions associated with your country of location, then choose servers located in another country.

To set up a VPN server, they usually use software such as PuTTY, OpenVPN, Winbox and the like. The setup process is different for each of these utilities, but the basic steps are as follows:

  1. Selecting and enabling a protocol.
  2. Creating a pool of addresses for clients.
  3. Creating username-password pairs for the created client pool.

Some of the services offering VPS rental also immediately provide the user with detailed instructions with ready-made scripts, which simplifies the process of setting up the purchased server. In this case, all the software that is required to work with a personal VPN server is already included in the connection package and is provided for money. One example would be the already mentioned expressVPN. It is worth noting that the cost of renting a server with such a service will be slightly higher - about 8–10 dollars per month.

All of these services also offer business solutions and corporate VPN servers. Sometimes you can find a separate “corporate” tariff, which will include additional services, increased speed and no traffic restrictions.

Making a VPN server on Windows

On Windows XP, 7, 8, 8.1 and 10, you can configure an encrypted tunnel without installing third-party software. In this case, the computer will be a local server. Without renting a server, its only function is to provide encrypted communication between local network participants. For this method, you will need your computer to connect to the Internet through a router. Please be patient - the process will not be easy:

  1. First, let's set a static IP for our computer. To do this, go to the “Network and Sharing Center” (right-click on the Internet connection icon in the tray).
  2. Click Change adapter settings.
  3. Right-click on your active Internet connection and select “Status”.
  4. Then click on “Details” and pay attention to the value opposite IPv4 - this is the current IP of your computer. In order not to disrupt the connection of other devices on the network, we will assign it as a static IP.
  5. To do this, close the information window and in the connection status window, click “Properties” (administrator rights are required).
  6. Select the line with IPv4 with the mouse. Do not uncheck the box - click on the text of the line itself.
  7. Click Properties.
  8. Select “Use the following IP” and enter in the first line the value that we saw in the connection information.
  9. The “Subnet Mask” line will be filled in automatically; you do not need to enter it manually. The value will be 255.255.255.0.
  10. In the "Default Gateway" and "DNS Server" lines, enter 198.168.1.1.
  11. Save your changes and exit.
  12. Now you need to create a downstream connection. To do this, while in the “Change adapter settings” window, press Alt on your keyboard so that the top menu appears. Click "File" - "New incoming connection".
  13. Click Next until you have a list of users. Click "Add User". In the window that opens, enter your login for future connection to the VPN and password. You can also specify "Full Name", but this is an optional field.
  14. Click Next again until the wizard completes the installation.

So, the initial computer setup is complete. Now you need to configure port forwarding on the router. Due to the fact that web configurators from different manufacturers are very different from each other, we cannot provide universal instructions. But you can find your router model on the website - step-by-step setup instructions are stored there for most models of popular routers. You need to configure port 1723 using the static IP address that you previously assigned to the computer as the IP host.

Forwarding settings vary depending on the router model

Now we need to adjust the Windows firewall to our VPN server. For this:


Now let's check the result of our work. To do this, go to the Open Port Checker website:

  1. Your IP will automatically appear in the first field. In the second, you need to enter 1723 - the number of the port of interest.
  2. Click Check.
  3. After checking, the site should display Port 1723 is open. If you get the message Port 1723 is closed, it means you made a mistake somewhere above, double-check all the data you entered. Most often the error is related to port forwarding - check the instructions for your web configurator again. If everything worked out, then the server is configured correctly and is ready to work.

In the future, you can connect to the configured server using the configured static IP as the address, and the user data that we entered at the very beginning as the name and password.

Video: creating a VPN server on Windows 10

Creating a VPN on a router

You can also create a VPN server on your own router. This method has several advantages:

  • automatic connection of all devices to the encrypted tunnel;
  • the ability to connect not only smartphones and computers to the VPN server, but also game consoles, Smart TV and other devices;
  • protection against Wi-Fi thieves.

But compared to a full lease, there are a number of disadvantages:

  • not the highest level of security;
  • To avoid severe losses in speed, you need to get a fairly powerful router (RAM from 512 MB). If your router is weaker, then be prepared for the connection to be quite slow;
  • Not all routers support VPN. Most models are capable of working with the PPTP protocol, but it is not the most secure;
  • the router's operating system itself may be vulnerable to hackers. If you are afraid that you may be hacked, then you should not set up a VPN on regular home routers like TP-Link or Netgear.

Better pay attention to Microtik, Juniper and similar “professional” brands. You will have to tinker with setting them up, but the level of security will be higher.

  1. The server creation process itself will vary for different router models due to differences in web interfaces. As an example, we will look at working with an Asus router:
  2. Open the VPN tab located in Advanced Settings. For other routers, a similar tab may be located in the “Network” menu items.

    Enable the PPTP server. The list of supported protocols depends on your router - the most common are PPTP and L2TP.

  3. The appearance of the web interface may vary depending on the firmware version
  4. Go to the "More about VPN" tab.

    Select the Broadcast Support that suits you (in general, LAN to VPN is suitable) and configure encryption.

  5. Here you can set data encryption features

    Scroll down the page and configure the VPN server client IP addresses. Different routers support different numbers of clients. For Asus, for example, this number is ten.

  6. Here you need to enter not individual IP addresses, but range boundaries

    You can now create usernames and passwords for them. Let’s go back to the “VPN server” tab and click the plus sign in the bottom line. Enter the username-password pair. You can enter as many pairs as the number of clients you added in the previous paragraph.

Using this data, clients will be able to connect to the server

In the future, you can connect to this server while on the same network as the router. You will need to enter the data that we specified in the last step of the instructions as your username and password. And the server IP address is the address of the router itself. You can find it in the web configurator. For most manufacturers, this data is indicated on the main page of the configurator. For Asus, for example, the IP address of the router can be found on the main page, “Network Map” tab.

Connecting to a VPN on Mac OS X

Native Mac tools only prompt the user to connect to a VPN server, but not create one. To connect, follow simple instructions:

  1. Open "System Preferences" - "Network".
  2. Click on the plus sign in the lower left corner.
  3. Select "Interface" - VPN.
  4. In "VPN Type", select the server protocol you selected. Most often now you can find “L2TP over IPSec”.

    You can also choose Cisco IPec or IKEv2, but PPTP is not currently supported by standard Mac tools

  5. Enter the server address and username.

    If you selected other authentication methods when setting up the server, select them in this window

  6. Click "Apply" and then "Connect".

If everything is configured correctly, then in the connection window you will see icons for outgoing and incoming traffic. If for some reason the computer cannot connect to the server, it will give you a warning about this.

VPN on Linux

Setting up a VPN will vary slightly between distributions, but the basic steps will remain the same for all OS versions. We will provide the version for Ubuntu:

  1. Open "Settings" - "Network Connections".
  2. Click Add.
  3. Select the protocol you are interested in (PPTP or L2TP) and click “Create”.
  4. Go to the VPN tab.
  5. At the top of the window, enter a custom connection name.
  6. Enter your username and password, as well as the server address in the “Gateway” field.
  7. On the “General” tab, check the box next to “All users can connect.”
  8. On the IPv4 tab, select the “Automatic (VPN)” configuration method.
  9. Save your changes, exit and close the network connections window. The setup is complete.

Connecting to VPN on Android

On Android phones and tablets, you can connect to the VPN server as follows:

Connect to VPN on iOS

You can connect to a VPN server on iOS using the system’s native tools:

  1. Open "Settings" - "General" - VPN.
  2. Click "Add VPN Configuration".
  3. Fill in the fields. “Type” - connection protocol, determined by the server administrator. “Description” is your arbitrary description of the configuration. You can't leave it blank, so enter at least something. “Server” - server address. “Account” is your username. “Password” is your personal password. “Shared key” is an IPSec key common to all server clients. Click "Done."
  4. You can then tap “Connect” next to the created configuration. If the connection is successful, you will see a small VPN icon at the top of the screen.

Common mistakes

Let us briefly outline the most common mistakes that a beginner can make when creating, configuring and connecting to a VPN server:

  • the remote server does not respond or error 400. First, check the functionality of the Internet connection as a whole - sometimes due to a temporary malfunction of the router, a similar error may appear. Then, if everything is ok, try disabling the firewall (if you are on Windows). It may mistake some encrypted traffic for malware;
  • "problem connecting to VPN", error 691. In this case, the problem is usually on the server side. Either you entered his address incorrectly, or your lease has expired and access is denied. If you have made a server, then the problem usually lies in incorrectly configured forwarding of port 1723;
  • error 800. It is usually caused by technical problems on the way to the server. If you are using a public VPN server, this error may indicate that the gateway is overloaded. Just wait or try connecting to another free server;
  • "The requested address was rejected by the server." This error usually occurs if you have purchased access to a VPN service, which assumes that you are using a dynamic IP, but you have registered a static one. Change the IP address type to dynamic.

Now you can set up your own VPN server, connect to a ready-made one, and also have an idea about creating a dedicated server, including for corporate use.

Increasingly, situations arise in which users on the go need to access their home network and network storage. To minimize risks in unencrypted wireless networks during such actions, it is recommended to organize a “virtual private network” (VPN). The advantage of such a VPN connection compared to a solution using a dynamic domain name system: you have a direct connection to your entire home network, the same as if you were sitting at home in your office. In this article, we will show you how to set up the VPN feature on your Synology NAS and configure your devices.

1 VPN connection to Synology NAS

The most important conditions are that your Synology NAS has the latest version of the DiskStation Manager (DSM) operating system installed and remote access is configured. In this case, launch the “VPN Server” component in the control center, located in the “Utilities” section. Now you can choose one of three connection options. Since “PPTP” is considered insecure, and “OpenVPN” is not fully supported by mobile devices, click “L2TP/IPSec” in the left section (“Settings”) and activate the function. Settings that have already been entered, such as the “Dynamic IP address” assigned to devices connected via VPN, do not need to be changed. You just need to enter a strong password in the “Preset password” item and repeat it in the “Confirm preset password” item. Save the changes by clicking the “Accept” button and confirm by clicking “OK” the message about forwarding UDP ports 500, 1701 and 4500.

Important: If you are using a network storage firewall, you should open the above ports. In addition, in the “VPN Server” dialog box, you must select “Privileges” and limit the rights of users who are not allowed access via VPN. To avoid these actions in the future, select the “General Settings” section in the left column and uncheck the “Grant VPN access rights for new users” checkbox. Users with VPN access rights are listed in the “Protocol” section. Network storage systems manufactured by Asustor and Qnap also support VPN access. The setup is almost the same: launch the application (Asustor - “VPN server”, Qnap - “QVPN service”), select the VPN type and enter the necessary information.

2 Configuring port forwarding on the router

In order for a router to forward data packets coming from the Internet to the required devices, it must "know" which network clients those devices are. To do this, you need to configure port forwarding on it. This is done using the router configuration mask. Open a web browser and log into your router through the web interface.

Then click on the menu item “Internet | Permissions" and activate the "Port Forwarding" tab to configure forwarding. Scroll down to “Add an allowed device” and select your network storage. After clicking the “New Resolution” button, select the “Port Allowance” option, then in the “Application” section, select “Filter Name” and enter a name, for example “VPN server”. In the “Protocol” section, select “UDP”, in the “Port to device”, “To port” and “Desired external port (IPv4)” items, enter the number “500” and confirm the entry by clicking “OK”. Then configure forwarding of UDP ports 1701 and 4500 in the same way. Save the settings by clicking the “OK” button.

3 Create a VPN connection with Windows 10

After carrying out the preparatory actions, you can check whether everything worked out. Ideally, your first VPN access should be from your local computer, so that if problems arise, you have access to both the router and the network storage, and therefore can make changes quickly. When working with Windows 10, setup is quite simple. Select “Network and Internet” in the “Settings” section, select “VPN” in the left column, click on the “Add a VPN connection” link and enter the required data. In the “VPN Service Provider” menu, select “Windows (built-in)”; you can specify any connection name, for example “VPN-NAS”. In the “Server Name or Address” section, enter the dynamic DNS address of your Synology NAS, and in the “VPN Type” select “Automatic”. Confirm your entry with the “Save” button, then click on the VPN icon and select “Connect”.

In the Register dialog box, enter the information you are using to connect to the online storage and click OK. After a few seconds (while Windows 10 and the NAS communicate about the VPN type), a connection will be created and you will be able to access all resources available on your home network, including the Synology NAS configuration mask.

4 Setting up VPN on mobile devices

Access to network storage via VPN is also possible from mobile devices. However, setting them up is a little more complicated than in Windows 10.

Android: open “Settings”, in the “Network connections” item click “Advanced settings” and add a new connection by clicking on “+”. After that, in the “Type” section, select “L2TP/IPSec PSK”, enter “Server Address” (the dynamic DNS address of your storage), as well as “IPsec Pre-shared Key” (that is, the password specified in step 1), then click "Save". Finally, tap the new connection, enter your username and password, enable the “Save account details” option and tap “Connect.”

iOS: Go to Settings | Basic | VPN | Add VPN" and in the "Type" select "L2TP". After this, enter the data in “Description”, in the “Server” item indicate the dynamic DNS address of your network storage and, finally, in the “Secret Password” item - the password specified in step 1. Enter your access data in the “Login” and “Password” sections. Then click "Done", return to the previous dialog box and set the switch under "VPN Configuration" to "On" to establish the connection.

There is a large amount of information on the topic of virtual private networks on the Internet. However, there are very few articles how to create a VPN connection automatically (with a script). You can find how to do this on UNIX. We will describe how to do this in Windows, using Windows 7 as an example. This question may arise before a system administrator (for example, if you need to make the same VPN connection settings on several computers). In other versions of Windows OS, everything is done by analogy and it will not be difficult for an experienced person to figure it out. The average user is unlikely to be puzzled by this issue, so we will not yet describe this process for other operating systems. However, we will try to describe each step:

Creating a connection via an interface

We assume that there is a virtual private network server somewhere and we know the parameters for connecting to it (address, login and password). Go to: Start -> Control Panel -> Network and Sharing Center. In the Change network settings section, click on Set up a new connection or network. The Set up a connection or network window will open and ask you to select an option. Click on Connect to a workplace Set up a telephone or VPN connection to a workplace and click Next.


If there are already other settings, the next step will ask you to select one of them or create a new one. We choose to create a new one. In the next step, select Use my Internet connection.

In the window that appears, enter: Internet address - VPN server address (IP or domain name), Destination name - any, it will be displayed in the list of your networks (if you plan to further automate processes, we recommend using only Latin characters and/or numbers in the name.

In the next step, enter the user and password, and also choose whether to remember the password or not.

Upon completion, an attempt to connect will occur, and if everything is specified correctly, something will happen.

If you know the protocol your server uses, we recommend that you force it to be configured, this will speed up the connection process. You need to disable your VPN: in the lower right corner (in the tray) we open the list of networks, on our right mouse button -> disable.

Go to: Start -> Control Panel -> Network and Sharing Center -> Change adapter settings. On our network, right-click -> Properties. Security tab. And select VPN Type. If this is not done, each time there will be attempts to connect using each of the protocols until it is successful.

Configuring the use of a gateway

After the standard setup described in the previous paragraph, all your Internet traffic will go through the created channel, i.e. via the server. If the server has an Internet channel with a bandwidth less than yours, or it is heavily loaded, you may experience a slowdown in the speed of access to the global network. Also, on the sites or services you go to, the server’s IP address will be displayed, not yours. Sometimes this is not suitable and there is a need for your IP address to be displayed. In this case, you need to configure the gateway.

We disconnect again and go to the connection properties as described just above (in the adapter parameter changes). Select the Network tab. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties -> Advanced. On the IP Settings tab, uncheck Use the default gateway on the remote network. In all open windows - OK. Now, even with a VPN connection connected, Internet traffic will go through your gateway and not the remote one.

Automating the connection of an already configured connection

It will automatically establish a VPN connection for an already configured connection, you can not only from the interface, but also from the command line using the command rasdial.

Command Format:

rasdial [Connection name] [username] [password]

where Connection Name is what you specified when creating the VPN connection in the Destination Name.

Example command:

rasdial myvpn test_user 12345

Using this command, you can, for example, set up an automatic VPN connection when you boot your computer. To do this, you need to create the required task in the task scheduler, in which you specify this command. You can also create a bat file with one line - this command, and indicate it in the task.

One problem remains. The password is stored in clear text. If this solution does not suit you, you can compile the bat file into exe and the password will not be clearly visible. Converting a bat file into an exe is the topic of a separate article, of which there are many on the Internet. Using the search, it will not be difficult to find how this is done.

Creating a VPN connection with a script

And now to the fun part. All VPN connections created by the user and their settings are stored in one file - rasphone.pbk, which is stored in the user’s system folder:

%APPDATA%\Microsoft\Network\Connections\Pbk

or, with a typical Windows setup

C:\Users\[Username]\AppData\Roaming\Microsoft\Network\Connections\Pbk

In this file, the first line is the name of the VPN connection in square brackets. Next are the parameters (settings) of this connection. After them, through an empty line, comes the name of the next VPN connection in square brackets (if you have two or more of them) and so on.


...
...


...
...

Copy this file to another location, for example to a flash drive. If you had several VPNs configured on this computer, but you need to configure only one or some on other computers, open the copied file in a text editor (I prefer Notepad++). We delete the extra connections along with their settings. This must be done carefully, without accidentally deleting some of the settings for the necessary connections.

Create a bat file from two lines

copy /Y rasphone.pbk C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk

rasdial myvpn test_user 12345

I put the created bat file on a flash drive in the same directory where the edited rasphone.pbk file is located. Therefore, in the first line of the script I indicate its name without the path.

Assuming that the computer on which I will implement the solution is a typical Windows installation and the user is called user, so in the first line, in the command copy, the destination directory looks like this.

/Y means that the file in the destination folder will be overwritten if it exists, no questions asked.

My implementation assumes that there are no existing VPN connections configured on the deployment computer. If they are present, they will be lost (deleted) when the file is overwritten, and if connected, the script may generate an error. If there are already connections and you need to save them, you will not need to overwrite the rasphone.pbk file, but add the necessary text information to it.

The second line of the script immediately establishes a connection for the created VPN connection

We run the script and get the result. There are many variations of the implementation of this solution and each has its own situation. It is impossible to cover all situations in one article; the goal is to describe the general mechanism.

Conclusion

If there is not enough information in this article, please email us at info@site and we will try to make additions.

If you found the article interesting and useful, help other users find it - repost it on social networks using the buttons below.

A private virtual network (VPN) is good because it provides the user with a secure or trusted channel with another PC without the need for a dedicated communication channel. It is created on top of another network - the Internet, for example.

Windows has built-in tools for establishing a VPN connection between computers located over long distances. Let's set up a VPN tunnel between two PCs that are controlled by the Windows environment.

Let's create the server part

Connection of remote clients to the VPN network is organized through a special access server. It may require an incoming connection to go through identification and authentication procedures. It knows which users have access to the virtual network. It also has data about allowed IP addresses.

To set up a VPN access server in the Network Control Center, you need to open the applet for changing adapter settings. If the applet's main menu is not displayed, press the Alt button. A main menu should appear at the top of the applet, in which you should find the “File” item, and then select “New incoming connection”. Let's take a closer look.

In the control panel, go to “Network and Internet”.

In the next step, we will open the network center.

Let's create a new incoming connection.

The window that appears will prompt you to select from existing users or define a new one who will be allowed to connect to this PC.

When adding a new “user”, you need to specify a name and password with which he will be allowed to connect to the VPN access server.

In the next step, the Private Network Setup Wizard will ask how users will connect.

It is necessary to indicate that they will do this over the Internet, so let’s check the required option.

The next step involves setting up network applications that need to accept incoming connections. Among them is the Internet Protocol Version 4 (TCP/IPv4) component. You will need to open its properties and manually enter the range of IP addresses that are allowed to access the server.

Otherwise, leave this matter to the DHCP server to automatically determine the IP addresses. In our case, we had to manually determine them.

After processing the entered data, the access server will receive the required information to provide the necessary permissions to authorized users. At the same time, the system will prompt you for the computer name that will be needed in the future.

As a result, we will get the following result. There are no connected clients yet.

Let's set up the client

Modern networks are most often built on a client-server architecture. It allows you to highlight the main computer in a network environment. Clients initiate requests to the server and make the first attempt to connect to the server.

We have already configured the server part of this architecture. Now all that remains is to get the client part working. Another computer must act as the client.

We will establish a new connection in the network center of another PC (client).

We need to connect directly to the workplace.

Again, let's go to the Windows Network Center, only now on a different PC. Let's select the option to set up a new connection. The applet that appears will offer several options to choose from, but we will need the option to connect to a workplace. The wizard will ask you how to make the connection. We need to opt for setting up an Internet connection (VPN).

In the next step, the wizard will ask you to specify the IP address of the VPN access server and assign a destination name. The IP address of the access server can be found on our first computer by entering the ipconfig command in the command line. The IP address of the Ethernet network will be the address you are looking for.

Then, the system will apply all entered settings.

Let's make the connection

Time X for our experiment is when the client connects to the server side of our network. In the network center, select the “Connect to a network” option. In the window that appears, click VPN-Test (we specified the destination with this name) and click the connect button.

So, we will open the VPN-Test connection applet. In the text fields we indicate the “user” name and password for authorization on the access server. If everything goes well and our user not only registers on the network, but is also able to fully connect to the access server, then the designation of the connected “user” will appear on the opposite side.

But sometimes, this kind of error can happen. The VPN server is not responding.

Click on the incoming connections tab.

On the marked tab, open the properties of the IP protocol.

Let's set the option to specify IP addresses explicitly and specify which IP addresses need to be served.

When we reconnect, we will see this picture. The system shows us that one client is connected and this client is vpn (SimpleUser).

Brief summary

So, to establish a VPN network between two PCs, you will need to decide which of them should become the “master” and play the role of a server. Other PCs must connect to it through an authorization system. Windows has tools that enable the creation of a server part for our network. It is configured by creating a new incoming connection, specifying the user, and the applications that should accept the connection. The client is configured by establishing a connection to the workstation, specifying the user and server data to which this user should connect.

A VPN service increases user privacy on the Internet by increasing the security of connections, which is especially important for insecure public networks. In addition, a VPN makes it difficult for online trackers to track user activity and allows you to visit sites that have regional restrictions.

Requirements: Opera web browser 40 or higher. Make sure you disable other proxy services before using VPN in Opera.

  • In your browser, press Alt+P or go to Opera menu > Settings.
  • Choose a section More > Security Enable VPN.

The "Bypass VPN in search engines by default" option will be enabled by default. You can disable it if you want to use VPN also in search engines Google, Yandex, etc.

  • VPN.

How to set up an Opera VPN connection on MacOS

  • In your browser, press the keyboard shortcut Command + , or go to Opera menu > Settings.
  • Choose a section More > Security and in the VPN section make the switch active Enable VPN.
  • A button should appear in your browser's address bar VPN.
  • Click the icon to select a server location or view the amount of data used. When the VPN is active, the button will be blue.

Selecting VPN server location

Opera 55 supports locations divided into regions: Europe, Asia and the USA. You can use the "Optimal location" mode to select the optimal server for performance.