Build your own VPN with Ansible

Last Updated 2021-06-02

Author’s Note: This article has been updated to present a streamlined approach for configuring a VPN using Ansible and Infrastructure as Code (IaC) principles.

In an age where online privacy is a growing concern, relying on commercial VPN providers can leave you questioning the security of your data. Many VPN services claim to offer no-logs policies, but verifying their practices can be challenging. In this article, we’ll guide you through the process of building your own VPN from scratch using a Virtual Private Server (VPS). This DIY approach provides you with a dedicated IP address, circumventing VPN blocklists, and offers a cost-effective and privacy-focused alternative to commercial VPN services.

Requirements

Before you begin, ensure you have the following:

• A VPS running Ubuntu 20.04
• SSH access to the VPS with a user that has sudo privileges
• A fundamental understanding of the Linux command line

Instructions

Follow these steps to set up your VPS and deploy the ansible-easy-vpn script:

1. Initial Login to VPS

Log in to your VPS using SSH. You can obtain the login information and IP address from your service provider.

ssh user@your_server_ip

Replace user with your SSH username and your_server_ip with your VPS’s IP address.

2. Prepare the OS

Run the following command to prepare the operating system. This script automatically detects your OS and performs the necessary preparations.

wget https://notthebe.ee/vpn -O bootstrap.sh && bash bootstrap.sh

This script checks the OS type and version and installs the required packages and dependencies. Follow the prompts and provide the requested information, such as your desired username, password, domain name, DNS settings, and more.

3. Complete the Configuration

After providing all the requested information, the script will prepare the VPS for the installation of the ansible-easy-vpn. It will also ask if you want to run the playbook immediately. If you choose to do so, the playbook will be executed, and your VPS will be set up accordingly.

• If you decide not to run the playbook immediately, you can always run it later using the following command:

  cd ~/ansible-easy-vpn && bash bootstrap.sh
  

4. Follow Additional Prompts

Depending on your specific configuration choices, the script may prompt you for additional details such as email server information and SSH key selection. Provide the necessary information as requested.

Notes

• When selecting a VPS provider, take into consideration factors such as pricing and performance. Websites like LowEndStock offer a variety of options.
• Enhance your VPS security with features like endlessh and implement two-factor authentication (2FA) for SSH access.
• If you don’t have a domain name, consider using a free subdomain from DuckDNS.

References

• Don’t Use VPN Services
• WireGuard
• LiteServer
• ansible-easy-vpn
• Nextcloud-Reloaded
• Set Up Your Own Wireguard VPN Server with 2FA in 5 Minutes