Setting Up a Reliable and Private VPN with a Killswitch on Linux: A Summary

Introduction

In a world where online privacy is increasingly under threat, using a VPN has become essential for protecting sensitive data and maintaining anonymity. While commercial VPN services like NordVPN offer convenience, they often come at a high price and raise concerns about data logging and privacy practices. A more private, verifiable, and cost-effective solution is to set up your own VPN on a Virtual Private Server (VPS).

This guide outlines the steps to set up a private VPN server, configure client .ovpn files, implement a killswitch for security, and automate the entire process for seamless, always-on protection.

Why Set Up Your Own VPN?

• Cost-Effective: Running your own VPN on a VPS is far cheaper than commercial services.
• Privacy and No Logs: You control the server, ensuring no logging of your activity.
• Full Transparency: You can verify configurations to prevent third-party interference.
• Customization: Tailor your VPN setup to meet specific needs without limitations imposed by commercial services.

Step 1: Remove NordVPN and Set Up Your Own VPN Server

Initially, we used NordVPN, but due to privacy concerns and cost, we switched to a self-hosted VPN.

Remove NordVPN:

sudo apt remove nordvpn
sudo apt purge nordvpn
sudo apt autoremove

Set Up an OpenVPN Server:

We set up an OpenVPN server on a Linode VPS ($5/month), running Debian Linux, with a secure, no-root SSH login.

Using Nyr’s OpenVPN install script from GitHub, we configured the VPN and generated the necessary certificates.

Step 2: Generate .ovpn Files for Client Configuration

After setting up the VPN server, we generated .ovpn client configuration files.

Transfer .ovpn Files:

scp -i /path/to/your/id_rsa user@your_vps:/path/to/hp.ovpn /local/path

Alternatively, copy the remote .ovpn file to a local file manually.

Set Permissions:

chmod 600 hp.ovpn

Step 3: Set Up the VPN Client Locally

Install OpenVPN and test the connection:

sudo apt install openvpn
sudo openvpn /path/to/hp.ovpn

Step 4: Create a Killswitch for VPN Protection

A killswitch ensures that if the VPN connection drops, all internet access is blocked to prevent data leaks.

Script for Killswitch:

The script continuously checks if the VPN is active using:

ip a show tun0

If the VPN disconnects, it blocks all internet traffic and restores it when the VPN reconnects.

Backup iptables Rules:

sudo iptables-save > /root/iptables.rules

Step 5: Automate the VPN and Killswitch at Boot

Enable VPN at Startup:

sudo systemctl enable openvpn-client@hp.service

Enable Killswitch at Startup:

sudo systemctl enable killvpn.service

Step 6: Managing and Stopping the VPN and Killswitch

Stop the VPN:

sudo systemctl stop openvpn-client@hp.service

Stop the Killswitch:

sudo /home/pepper/kill stop

Conclusion: A Private, Low-Cost VPN Solution

By setting up a private VPN, we gain:

• Cost Savings: Cheaper than commercial VPNs.
• Full Control: No third-party logging or monitoring.
• Security: With a killswitch and automation, our connection remains protected at all times.

This DIY VPN approach provides a secure, private, and cost-effective alternative to commercial services. If you need further guidance or scripts, contact Jonathan at jonny@borderelliptic.com.