How To Make Your Own VPN Server Using a VM or Standalone Machine

This tutorial will work best using a VM on Unraid or a small standalone server. VM or standalone machine have very low system requirements:

System Requirements:

  • 1GB Ram
  • 64 bit processor with at least two cores
  • 5GB of hard drive spaceNetwork Card (any speed)

Reasons for building:

  • If you have limited allowed VPN connections through a provider, this will allow all traffic to go through the connection.
  • Want access to different regions’ Online video catalog (example: live in the UK but want access to the US catalog of Netflix).
  • Can isolate certain devices to this VPN connection

1. Install ubuntu server. (used Ubuntu 18.04 server)

If running as a VM: 1GB ram is fine along with one vcpu. BIOS set to SeaBIOS

5GB hd. Graphics through VNC

2. Login to server and set a static ip address


$ sudo nano /etc/netplan/01-netcfg.yaml

(Gateway IP and IP address ranges may be defferent for your router/network)

# This file describes the network interfaces available on your system

# For more information, see netplan(5).


version: 2

renderer: networkd



dhcp4: no

addresses: []



addresses: [,]

save and close

$ sudo netplan apply

3. Reboot and login and check IP address

ip a



4. Close vnc and login with ssh (Putty).

– May need to install putty for windows/iOS/Linux or other application that uses ssh

5. Update Ubuntu since new install

$ sudo apt-get update

$ sudo apt-get upgrade

6. Install software needed outside of Openvpn and PIA

$ sudo apt-get install unzip

$ sudo apt-get install iptables-persistent

7.Installing and setting up Openvpn to work with PIA

(help –

7a. ### Install OpenVPN

$ sudo apt-get install openvpn

7b. ### Install PIA

cd /etc/openvpn

sudo wget

sudo unzip

7c. ### This next part, you can use whatever vpn connection you like and continue with the following commands (I am using atlanta):

sudo cp us_atlanta.ovpn pia-usa.conf

sudo nano pia-usa.conf

# Change:

# auth-user-pass

# To:

# auth-user-pass login.conf

$ sudo nano login.conf

Add PIA login information to the file without #

# yourPIAusername

# yourPIApassword

save and close

$ sudo chmod 400 login.conf

7d. ### Add an AUTOSTART entry for pia-usa in openvpn, .conf is not needed, do NOT put a # in front example:

sudo nano /etc/default/openvpn

# AUTOSTART=”pia-usa” ← remove the #

save and close

7e. ### Restart server

$ sudo reboot

7f. ### After the restart is done, you should be automatically connected to the VPN. The output from that command should be an IP address, but it should NOT be YOUR PUBLIC IP ADDRESS, it should be one of the IPs from PIA. As long as an IP shows up and it’s not your own IP, you can assume everything is ok and continue. Check with the following command:

$ wget -q -O –

8. Check Openvpn settings and configuration

$ cd /etc/openvpen

$ sudo openvpn –config /etc/openvpn/pia-usa.conf

press ctrl and c to exit

9. Enable autostart openvpn

$ sudo systemctl enable openvpn@pia-usa

10. Enable forwarding

$ sudo nano /etc/sysctl.conf

remove the #:

net.ipv4.ip_forward = 1

save and close

11. Enable forwarding service

$ sudo sysctl -p

12. Importing the iptables

**can paste them all at one time**

sudo iptables –flush

sudo iptables –delete-chain

sudo iptables -t nat -F

sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

sudo iptables -A INPUT -i enp1s0 -p tcp –dport 22 -j ACCEPT

sudo iptables -A INPUT -i lo -m comment –comment “loopback” -j ACCEPT

sudo iptables -A OUTPUT -o lo -m comment –comment “loopback” -j ACCEPT

sudo iptables -I INPUT -i enp1s0 -m comment –comment “In from LAN” -j ACCEPT

sudo iptables -I OUTPUT -o tun+ -m comment –comment “Out to VPN” -j ACCEPT

sudo iptables -A OUTPUT -o enp1s0 -p udp –dport 1198 -m comment –comment “openvpn” -j ACCEPT

sudo iptables -A OUTPUT -o enp1s0 -p udp –dport 123 -m comment –comment “ntp” -j ACCEPT

sudo iptables -A OUTPUT -p UDP –dport 67:68 -m comment –comment “dhcp” -j ACCEPT

sudo iptables -A OUTPUT -o enp1s0 -p udp –dport 53 -m comment –comment “dns” -j ACCEPT

sudo iptables -A FORWARD -i tun+ -o enp1s0 -m state –state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i enp1s0 -o tun+ -m comment –comment “LAN out to VPN” -j ACCEPT

sudo iptables -P FORWARD DROP

13. Save new rules to iptables

$ sudo netfilter-persistent save

14. Apply these rules/iptables to startup

$ sudo systemctl enable netfilter-persistent

$ sudo reboot

15. Install dnsmasq

$ sudo apt-get install dnsmasq

16. Add dns forwarding to .conf file

$ sudo nano /etc/openvpn/pia-usa.conf

#add below to the bottom of the .conf file

script-security 2

up /etc/openvpn/update-resolv-conf

down /etc/openvpn/update-resolv-conf

save and close

$ sudo reboot


useful information/commands

– Can use openvpn kill switch to stop or strart

$ sudo service openvpn stop

$ sudo service openvpn start

– Check IP status

$ ifconfig

– To run containers, VMs or other physical machines set;

(these are examples using the setup IPs above)


submask: 255.255.2550

DNS server:

We will be happy to hear your thoughts

      Leave a reply