{"video_id":"fp_jZV1Te0L5X","title":"How to easily setup a VPN server in 2025","channel":"Linus Tech Tips","show":"Linus Tech Tips","published_at":"2025-02-09T17:56:00.031Z","duration_s":619,"segments":[{"start_s":0.0,"end_s":4.96,"text":"We all know how incredibly frustrating it is to be locked out of sites and apps you might rely on","speaker":null,"is_sponsor":0},{"start_s":4.96,"end_s":9.16,"text":"for work or pleasure. TikTok, The Hub, and many other services","speaker":null,"is_sponsor":0},{"start_s":9.16,"end_s":12.2,"text":"are being restricted or outright banned in parts of the world.","speaker":null,"is_sponsor":0},{"start_s":12.2,"end_s":15.8,"text":"But don't fret, for there is a shining light in the darkness,","speaker":null,"is_sponsor":0},{"start_s":15.8,"end_s":19.64,"text":"the VPN. Say a website is blocking users in your country.","speaker":null,"is_sponsor":0},{"start_s":19.64,"end_s":24.32,"text":"By connecting to a VPN in a different country, that website will think you're there.","speaker":null,"is_sponsor":0},{"start_s":24.32,"end_s":28.2,"text":"And boom, no more block. And today, we're going to show you a few ways","speaker":null,"is_sponsor":0},{"start_s":28.2,"end_s":31.52,"text":"to do just that. Level one, where all you need is a credit card.","speaker":null,"is_sponsor":0},{"start_s":31.52,"end_s":35.8,"text":"Level two, where you get to set up your own VPN. And don't worry, it's easy.","speaker":null,"is_sponsor":0},{"start_s":35.8,"end_s":39.6,"text":"And then there's my favorite. Level three, where I tell you about our sponsor.","speaker":null,"is_sponsor":0},{"start_s":48.6,"end_s":53.48,"text":"Before you decide how you're going to tackle a VPN, it's important to understand why you need one in the first place.","speaker":null,"is_sponsor":0},{"start_s":53.48,"end_s":58.64,"text":"And I figure there's four main use cases. First, getting around throttling, blocking, or bans,","speaker":null,"is_sponsor":0},{"start_s":58.64,"end_s":64.2,"text":"like your school or government blocking websites, accessing region-locked content, like a different country's","speaker":null,"is_sponsor":0},{"start_s":64.2,"end_s":67.52,"text":"Netflix library, obscuring your IP address for privacy","speaker":null,"is_sponsor":0},{"start_s":67.52,"end_s":71.04,"text":"or torrenting, legal stuff like Linux ISOs, of course,","speaker":null,"is_sponsor":0},{"start_s":71.04,"end_s":75.64,"text":"and securely accessing a remote network, like your home or business, from somewhere else.","speaker":null,"is_sponsor":0},{"start_s":75.64,"end_s":81.48,"text":"If you fall into any of the first three categories, especially torrenting, and you want the easiest solution,","speaker":null,"is_sponsor":0},{"start_s":81.48,"end_s":85.12,"text":"there's level one. Using one of the many public VPN providers,","speaker":null,"is_sponsor":0},{"start_s":85.12,"end_s":90.04,"text":"our personal favorite, is private internet access. And all you've got to do to get these going is sign up,","speaker":null,"is_sponsor":0},{"start_s":90.04,"end_s":93.48,"text":"download their client, and hit connect. All right. Whoa, whoa, whoa.","speaker":null,"is_sponsor":0},{"start_s":93.48,"end_s":98.28,"text":"There's nothing wrong with taking the easy route. But it doesn't mean you're not in control of your data.","speaker":null,"is_sponsor":0},{"start_s":98.28,"end_s":101.52,"text":"And even a VPN provider who's trustworthy today","speaker":null,"is_sponsor":0},{"start_s":101.52,"end_s":106.04,"text":"could change their behavior in the future. For instance, if they got bought out by a different company.","speaker":null,"is_sponsor":0},{"start_s":106.04,"end_s":110.44,"text":"So let's talk level two, where you get to host your very own private VPN server.","speaker":null,"is_sponsor":0},{"start_s":110.44,"end_s":114.92,"text":"While there are just about a million different ways to skin this cat, the setup I'm going to show you today","speaker":null,"is_sponsor":0},{"start_s":114.92,"end_s":117.96,"text":"isn't scary, requires virtually zero maintenance,","speaker":null,"is_sponsor":0},{"start_s":117.96,"end_s":121.76,"text":"and puts you in control. And you might even learn something along the way,","speaker":null,"is_sponsor":0},{"start_s":121.76,"end_s":125.88,"text":"like this disclaimer. Anything we show you today is purely in the interest of education and privacy.","speaker":null,"is_sponsor":0},{"start_s":125.88,"end_s":129.6,"text":"We aren't condoning or recommending piracy, bypassing legislative bans, or anything similar.","speaker":null,"is_sponsor":0},{"start_s":129.6,"end_s":133.32,"text":"The illegal implications of your actions are your own responsibility. Thanks Riley.","speaker":null,"is_sponsor":0},{"start_s":133.32,"end_s":137.72,"text":"If you're following along at home, you're going to want to check out the GitHub repo we have linked down in the description,","speaker":null,"is_sponsor":0},{"start_s":137.72,"end_s":141.08,"text":"because that's where you're going to find all the necessary files, along with some step-by-step","speaker":null,"is_sponsor":0},{"start_s":141.08,"end_s":145.76,"text":"instructions in case you get lost. Public VPNs work by tunneling your internet traffic","speaker":null,"is_sponsor":0},{"start_s":145.76,"end_s":150.68,"text":"through a dedicated computer in a data center, and replace your IP address along the way.","speaker":null,"is_sponsor":0},{"start_s":150.68,"end_s":155.0,"text":"That's the part that hides your location. And we're going to do basically the same thing","speaker":null,"is_sponsor":0},{"start_s":155.0,"end_s":158.72,"text":"by renting a small piece of a computer from a cloud hosting provider.","speaker":null,"is_sponsor":0},{"start_s":158.72,"end_s":162.28,"text":"They have data centers all over the world with thousands of servers that are split up","speaker":null,"is_sponsor":0},{"start_s":162.28,"end_s":165.68,"text":"into what they call VPSs, or virtual private servers,","speaker":null,"is_sponsor":0},{"start_s":165.68,"end_s":169.4,"text":"with the magic of virtualization. If you've seen us talk about virtual machines before,","speaker":null,"is_sponsor":0},{"start_s":169.4,"end_s":173.12,"text":"it's the exact same thing. If you're comfortable using a Linux command line,","speaker":null,"is_sponsor":0},{"start_s":173.12,"end_s":176.84,"text":"you should be able to replicate our setup with virtually any cloud provider.","speaker":null,"is_sponsor":0},{"start_s":176.84,"end_s":180.8,"text":"But if you're not, and for the sake of simplicity, we're going to be using Vulture.","speaker":null,"is_sponsor":0},{"start_s":180.8,"end_s":184.56,"text":"They're not a sponsor, but we had great results with their high-frequency tier.","speaker":null,"is_sponsor":0},{"start_s":184.56,"end_s":190.36,"text":"So start by signing up there, and we'll come back to it in a sec. If we're being honest, traditionally setting up a VPN,","speaker":null,"is_sponsor":0},{"start_s":190.36,"end_s":194.48,"text":"it's complicated, and it requires maintenance to keep things secure and reliable.","speaker":null,"is_sponsor":0},{"start_s":194.48,"end_s":199.48,"text":"So instead of walking you through how to do all of that and keep it maintained, we distilled the entire setup","speaker":null,"is_sponsor":0},{"start_s":199.48,"end_s":203.2,"text":"down into a single config file, literally this.","speaker":null,"is_sponsor":0},{"start_s":203.2,"end_s":208.16,"text":"These 100-ish lines contain all the information our server needs to set up the VPN,","speaker":null,"is_sponsor":0},{"start_s":208.16,"end_s":213.56,"text":"create a firewall to keep it secure, and handle automatic updates for both the operating system","speaker":null,"is_sponsor":0},{"start_s":213.56,"end_s":219.16,"text":"and the VPN software, which is called Tailscale. It has a ton of cool features, but most importantly for us,","speaker":null,"is_sponsor":0},{"start_s":219.16,"end_s":222.68,"text":"it makes the setup much easier, and it allows us to use existing accounts","speaker":null,"is_sponsor":0},{"start_s":222.68,"end_s":226.56,"text":"like Google or GitHub to log in. And their free plan is good for three users","speaker":null,"is_sponsor":0},{"start_s":226.56,"end_s":229.6,"text":"or 100 clients, so we're good there. Once you're logged into Tailscale,","speaker":null,"is_sponsor":0},{"start_s":229.6,"end_s":232.68,"text":"head to the keys section of the settings and generate an auth key,","speaker":null,"is_sponsor":0},{"start_s":232.68,"end_s":235.88,"text":"which is basically a fancy password our VPN server","speaker":null,"is_sponsor":0},{"start_s":235.88,"end_s":240.56,"text":"is gonna use to log in. That auth key has to make its way into the config file I showed you earlier,","speaker":null,"is_sponsor":0},{"start_s":240.56,"end_s":245.56,"text":"but that can be tricky and kinda easy to screw up. So we made a custom tool, which will be linked in the GitHub","speaker":null,"is_sponsor":0},{"start_s":245.56,"end_s":249.16,"text":"that you can paste your key into, and then it'll spit out a config ready to go.","speaker":null,"is_sponsor":0},{"start_s":249.16,"end_s":253.48,"text":"For the nerds out there who wanna be able to remote into the machine, you'll probably wanna add an SSH key,","speaker":null,"is_sponsor":0},{"start_s":253.48,"end_s":257.04,"text":"but if you don't know what that means, just skip this step. So we've got our VPN software,","speaker":null,"is_sponsor":0},{"start_s":257.04,"end_s":260.28,"text":"and we've got a config file. Now we need to get them on Vulture,","speaker":null,"is_sponsor":0},{"start_s":260.28,"end_s":264.92,"text":"and that's where Flatcar, a lightweight operating system built for high security","speaker":null,"is_sponsor":0},{"start_s":264.92,"end_s":267.92,"text":"and more importantly, low maintenance comes into play.","speaker":null,"is_sponsor":0},{"start_s":267.92,"end_s":273.0,"text":"You see, it's like, it's a little train car with containers on it. The container, that's our VPN.","speaker":null,"is_sponsor":0},{"start_s":273.0,"end_s":276.06,"text":"Anyways, back on Vulture, click deploy new server","speaker":null,"is_sponsor":0},{"start_s":276.06,"end_s":280.2,"text":"and select the region you wanna use. If you're not trying to get around region restrictions,","speaker":null,"is_sponsor":0},{"start_s":280.2,"end_s":285.56,"text":"you can pick whatever region is closest to you. If you are, pick whatever region is closest to you","speaker":null,"is_sponsor":0},{"start_s":285.6,"end_s":290.4,"text":"in an area that doesn't have those restrictions. Now, there are a lot of plans to choose from,","speaker":null,"is_sponsor":0},{"start_s":290.4,"end_s":294.44,"text":"but we found these shared CPU high-frequency ones to be the best bang for your buck.","speaker":null,"is_sponsor":0},{"start_s":294.44,"end_s":298.56,"text":"Specifically, the $6 a month base plan, which includes a terabyte of bandwidth per month,","speaker":null,"is_sponsor":0},{"start_s":298.56,"end_s":302.88,"text":"and can handle gigabit speeds without issue. You might be able to make it work with cheaper tiers,","speaker":null,"is_sponsor":0},{"start_s":302.88,"end_s":306.12,"text":"so let us know down in the description how that goes. Disable automatic backup,","speaker":null,"is_sponsor":0},{"start_s":306.12,"end_s":311.24,"text":"since we won't be storing any data on the machine. Select the stable version of Flatcar container Linux,","speaker":null,"is_sponsor":0},{"start_s":311.24,"end_s":314.88,"text":"and then select cloud init user data. And that's where you're gonna be pasting","speaker":null,"is_sponsor":0},{"start_s":314.88,"end_s":318.92,"text":"the configuration we generated earlier. Hit deploy, and while we're waiting for the VPN server","speaker":null,"is_sponsor":0},{"start_s":318.92,"end_s":323.2,"text":"to show up in Tailscale's dashboard, it's a great time to download Tailscale","speaker":null,"is_sponsor":0},{"start_s":323.2,"end_s":328.36,"text":"on whatever device you wanna use your VPN with. So go to their website, hit download, install,","speaker":null,"is_sponsor":0},{"start_s":328.36,"end_s":332.84,"text":"and then once it's installed, log in. If you're on macOS, you have to agree to a few system prompts,","speaker":null,"is_sponsor":0},{"start_s":332.84,"end_s":335.88,"text":"but once that's done, it should just connect.","speaker":null,"is_sponsor":0},{"start_s":335.88,"end_s":341.1,"text":"Once you're logged in, you should see your client in the Tailscale dashboard, and hopefully by now, also your VPN server,","speaker":null,"is_sponsor":0},{"start_s":341.1,"end_s":345.28,"text":"which we have to make a few changes to. First, you wanna go into edit route settings,","speaker":null,"is_sponsor":0},{"start_s":345.28,"end_s":350.16,"text":"and then select use as exit node. This is gonna allow us to tunnel our client's traffic","speaker":null,"is_sponsor":0},{"start_s":350.16,"end_s":353.84,"text":"to the VPN server, and then you want to disable key expiry.","speaker":null,"is_sponsor":0},{"start_s":353.84,"end_s":358.28,"text":"And you might also wanna do this for your client as well. If you don't do this, after 180 days,","speaker":null,"is_sponsor":0},{"start_s":358.28,"end_s":361.5,"text":"the VPN server will stop being able to connect to Tailscale","speaker":null,"is_sponsor":0},{"start_s":361.5,"end_s":365.32,"text":"and just stop working as a VPN. Assuming you've done everything correctly,","speaker":null,"is_sponsor":0},{"start_s":365.32,"end_s":369.28,"text":"you should have yourself a functioning, self-updating VPN server.","speaker":null,"is_sponsor":0},{"start_s":369.28,"end_s":372.32,"text":"And I'm sure you did great, but now's a good time to check our work.","speaker":null,"is_sponsor":0},{"start_s":372.32,"end_s":377.72,"text":"So open up command prompt or terminal, if you're on macOS like me, and run ping VPN server.","speaker":null,"is_sponsor":0},{"start_s":377.72,"end_s":382.12,"text":"If everything's working, you should see responses with the latency listed, and if it's not,","speaker":null,"is_sponsor":0},{"start_s":382.12,"end_s":385.64,"text":"well, go back a few steps and make sure you've followed everything correctly.","speaker":null,"is_sponsor":0},{"start_s":385.64,"end_s":389.32,"text":"Assuming this is working, you're then gonna wanna run Tailscale status,","speaker":null,"is_sponsor":0},{"start_s":389.32,"end_s":392.4,"text":"which if you're on macOS is a little bit more complicated.","speaker":null,"is_sponsor":0},{"start_s":392.4,"end_s":395.56,"text":"We'll just copy paste that, boom, status.","speaker":null,"is_sponsor":0},{"start_s":395.56,"end_s":400.12,"text":"And you should see direct in the response. That means you're making a direct connection","speaker":null,"is_sponsor":0},{"start_s":400.12,"end_s":403.12,"text":"to the VPN server. If you see relay here instead,","speaker":null,"is_sponsor":0},{"start_s":403.12,"end_s":407.08,"text":"you might have a funky or restrictive firewall that's blocking the connection,","speaker":null,"is_sponsor":0},{"start_s":407.08,"end_s":410.24,"text":"and you can try asking for help on the LTT forum or Discord server.","speaker":null,"is_sponsor":0},{"start_s":410.24,"end_s":415.16,"text":"If all looks good, like this WAN deskpad from LTTstore.com, you can go ahead and finally try it out.","speaker":null,"is_sponsor":0},{"start_s":415.16,"end_s":420.16,"text":"So go to the Tailscale in your taskbar, select exit nodes, and then click on VPN server.","speaker":null,"is_sponsor":0},{"start_s":420.16,"end_s":424.72,"text":"At this point, we're now tunneling our own traffic through our very own VPN server.","speaker":null,"is_sponsor":0},{"start_s":424.72,"end_s":428.16,"text":"Assuming we still have internet, let me try pinging. Ping.","speaker":null,"is_sponsor":0},{"start_s":428.16,"end_s":431.72,"text":"Hey, it's still working. Sick. Thanks.","speaker":null,"is_sponsor":0},{"start_s":431.72,"end_s":435.6,"text":"We just have to try it out. Let's go, what is my IP address?","speaker":null,"is_sponsor":0},{"start_s":436.52,"end_s":442.12,"text":"That's kind of the easiest way to figure it out. Hey, I see an IP address that's different","speaker":null,"is_sponsor":0},{"start_s":442.12,"end_s":446.88,"text":"than the network that I'm actually on. And you can see our ISP shows us Vulture Holdings.","speaker":null,"is_sponsor":0},{"start_s":446.88,"end_s":450.8,"text":"Great job. Now you should only have to select the exit node once per device.","speaker":null,"is_sponsor":0},{"start_s":450.8,"end_s":455.2,"text":"It should remember the settings, but if you're ever unsure, it does actually change the icon in the taskbar,","speaker":null,"is_sponsor":0},{"start_s":455.2,"end_s":458.8,"text":"or you can use a website like I just showed you to check your external IP address.","speaker":null,"is_sponsor":0},{"start_s":458.8,"end_s":462.24,"text":"Now this setup can work great if your goal is to better protect your privacy","speaker":null,"is_sponsor":0},{"start_s":462.24,"end_s":466.68,"text":"or to get around throttling or region blocks. And at this point, you can go ahead and test it out.","speaker":null,"is_sponsor":0},{"start_s":466.68,"end_s":470.64,"text":"But if you're trying to get around a potential TikTok ban or maybe another app, for instance,","speaker":null,"is_sponsor":0},{"start_s":470.64,"end_s":474.44,"text":"you might still be locked out since some of these services use other things","speaker":null,"is_sponsor":0},{"start_s":474.44,"end_s":478.0,"text":"to determine your location, like the app store region you downloaded from,","speaker":null,"is_sponsor":0},{"start_s":478.0,"end_s":482.04,"text":"sometimes GPS location, or maybe even your account billing information.","speaker":null,"is_sponsor":0},{"start_s":482.04,"end_s":486.36,"text":"If that's the case, you can try changing your app store region and read downloading, for instance.","speaker":null,"is_sponsor":0},{"start_s":486.36,"end_s":489.96,"text":"But if you can't get that to work, the web version in a webpage on your computer","speaker":null,"is_sponsor":0},{"start_s":489.96,"end_s":494.28,"text":"or your phone should still work. Now, if you're trying to use another country's Netflix library,","speaker":null,"is_sponsor":0},{"start_s":494.28,"end_s":499.32,"text":"they, like most streaming services, aggressively block hosting, VPN,","speaker":null,"is_sponsor":0},{"start_s":499.32,"end_s":503.56,"text":"and data center related IP addresses. So this setup probably won't work.","speaker":null,"is_sponsor":0},{"start_s":503.56,"end_s":507.24,"text":"Your best bet is one of the more streaming oriented public VPN providers,","speaker":null,"is_sponsor":0},{"start_s":507.24,"end_s":511.72,"text":"or if you happen to have a friend in the country of choice, hosting a VPN at their house","speaker":null,"is_sponsor":0},{"start_s":511.72,"end_s":515.8,"text":"could also be a workable solution. What's less workable is torrenting.","speaker":null,"is_sponsor":0},{"start_s":515.8,"end_s":519.52,"text":"I mentioned earlier that torrenting is a great use case for public VPNs.","speaker":null,"is_sponsor":0},{"start_s":519.52,"end_s":522.72,"text":"That's because whether you're trying to avoid DMCA notices","speaker":null,"is_sponsor":0},{"start_s":522.72,"end_s":527.12,"text":"or circumvent ISP throttling, practically all big cloud providers","speaker":null,"is_sponsor":0},{"start_s":527.12,"end_s":531.96,"text":"will forward abuse reports from your totally legal torrents directly to you.","speaker":null,"is_sponsor":0},{"start_s":531.96,"end_s":535.56,"text":"And depending on their terms of service, they might even suspend your server.","speaker":null,"is_sponsor":0},{"start_s":535.56,"end_s":541.28,"text":"There are hosting companies that operate in countries that don't abide by the DMCA and therefore don't care.","speaker":null,"is_sponsor":0},{"start_s":541.28,"end_s":545.68,"text":"So if you're looking for that, Google is your friend, but you may have to get a little bit more manual on the setup.","speaker":null,"is_sponsor":0},{"start_s":545.68,"end_s":550.28,"text":"Now, if you fall into the last camp of wanting to remotely access your home or business network","speaker":null,"is_sponsor":0},{"start_s":550.28,"end_s":554.64,"text":"without having to port forward, like to check security cameras or stream video games,","speaker":null,"is_sponsor":0},{"start_s":554.64,"end_s":559.72,"text":"or hell, run a Minecraft server. You can easily do that with tail scale,","speaker":null,"is_sponsor":0},{"start_s":559.72,"end_s":564.04,"text":"no VPS required, and therefore for free. Just install the tail scale client directly","speaker":null,"is_sponsor":0},{"start_s":564.04,"end_s":567.08,"text":"on the device you wanna access, like say your Minecraft server,","speaker":null,"is_sponsor":0},{"start_s":567.08,"end_s":570.32,"text":"and then on your remote device and log them into the same account.","speaker":null,"is_sponsor":0},{"start_s":570.32,"end_s":574.88,"text":"You can even run it in subnet routing mode and share services on other devices","speaker":null,"is_sponsor":0},{"start_s":574.88,"end_s":578.8,"text":"or even your entire network. Just keep in mind that by default,","speaker":null,"is_sponsor":0},{"start_s":578.8,"end_s":582.32,"text":"tail scale doesn't block any connections within the little tail scale network.","speaker":null,"is_sponsor":0},{"start_s":582.32,"end_s":586.72,"text":"So if you do explore it, we recommend locking things down with their access control rules,","speaker":null,"is_sponsor":0},{"start_s":586.72,"end_s":591.64,"text":"especially if you're inviting your friends. Put that all together and assuming you didn't take the easy route,","speaker":null,"is_sponsor":0},{"start_s":591.64,"end_s":595.14,"text":"in just a few minutes, you've got your very own low maintenance,","speaker":null,"is_sponsor":0},{"start_s":595.14,"end_s":600.48,"text":"automatically updating VPN server that's easily capable of reaching full gigabit speeds","speaker":null,"is_sponsor":0},{"start_s":600.48,"end_s":604.54,"text":"where you're in control of your own data. And if you don't want it anymore,","speaker":null,"is_sponsor":0},{"start_s":604.54,"end_s":608.74,"text":"just get rid of it. Delete, boom!","speaker":null,"is_sponsor":0},{"start_s":608.74,"end_s":612.18,"text":"Now all you're left with is our sponsor. So thanks for watching. If you liked this video,","speaker":null,"is_sponsor":0},{"start_s":612.18,"end_s":617.7,"text":"why not check out our last server room update? I think it was called Our Network Is Bigger Than Yours.","speaker":null,"is_sponsor":0},{"start_s":617.7,"end_s":619.7,"text":"That was a good one, and you should watch it.","speaker":null,"is_sponsor":0}],"full_text":"We all know how incredibly frustrating it is to be locked out of sites and apps you might rely on for work or pleasure. TikTok, The Hub, and many other services are being restricted or outright banned in parts of the world. But don't fret, for there is a shining light in the darkness, the VPN. Say a website is blocking users in your country. By connecting to a VPN in a different country, that website will think you're there. And boom, no more block. And today, we're going to show you a few ways to do just that. Level one, where all you need is a credit card. Level two, where you get to set up your own VPN. And don't worry, it's easy. And then there's my favorite. Level three, where I tell you about our sponsor. Before you decide how you're going to tackle a VPN, it's important to understand why you need one in the first place. And I figure there's four main use cases. First, getting around throttling, blocking, or bans, like your school or government blocking websites, accessing region-locked content, like a different country's Netflix library, obscuring your IP address for privacy or torrenting, legal stuff like Linux ISOs, of course, and securely accessing a remote network, like your home or business, from somewhere else. If you fall into any of the first three categories, especially torrenting, and you want the easiest solution, there's level one. Using one of the many public VPN providers, our personal favorite, is private internet access. And all you've got to do to get these going is sign up, download their client, and hit connect. All right. Whoa, whoa, whoa. There's nothing wrong with taking the easy route. But it doesn't mean you're not in control of your data. And even a VPN provider who's trustworthy today could change their behavior in the future. For instance, if they got bought out by a different company. So let's talk level two, where you get to host your very own private VPN server. While there are just about a million different ways to skin this cat, the setup I'm going to show you today isn't scary, requires virtually zero maintenance, and puts you in control. And you might even learn something along the way, like this disclaimer. Anything we show you today is purely in the interest of education and privacy. We aren't condoning or recommending piracy, bypassing legislative bans, or anything similar. The illegal implications of your actions are your own responsibility. Thanks Riley. If you're following along at home, you're going to want to check out the GitHub repo we have linked down in the description, because that's where you're going to find all the necessary files, along with some step-by-step instructions in case you get lost. Public VPNs work by tunneling your internet traffic through a dedicated computer in a data center, and replace your IP address along the way. That's the part that hides your location. And we're going to do basically the same thing by renting a small piece of a computer from a cloud hosting provider. They have data centers all over the world with thousands of servers that are split up into what they call VPSs, or virtual private servers, with the magic of virtualization. If you've seen us talk about virtual machines before, it's the exact same thing. If you're comfortable using a Linux command line, you should be able to replicate our setup with virtually any cloud provider. But if you're not, and for the sake of simplicity, we're going to be using Vulture. They're not a sponsor, but we had great results with their high-frequency tier. So start by signing up there, and we'll come back to it in a sec. If we're being honest, traditionally setting up a VPN, it's complicated, and it requires maintenance to keep things secure and reliable. So instead of walking you through how to do all of that and keep it maintained, we distilled the entire setup down into a single config file, literally this. These 100-ish lines contain all the information our server needs to set up the VPN, create a firewall to keep it secure, and handle automatic updates for both the operating system and the VPN software, which is called Tailscale. It has a ton of cool features, but most importantly for us, it makes the setup much easier, and it allows us to use existing accounts like Google or GitHub to log in. And their free plan is good for three users or 100 clients, so we're good there. Once you're logged into Tailscale, head to the keys section of the settings and generate an auth key, which is basically a fancy password our VPN server is gonna use to log in. That auth key has to make its way into the config file I showed you earlier, but that can be tricky and kinda easy to screw up. So we made a custom tool, which will be linked in the GitHub that you can paste your key into, and then it'll spit out a config ready to go. For the nerds out there who wanna be able to remote into the machine, you'll probably wanna add an SSH key, but if you don't know what that means, just skip this step. So we've got our VPN software, and we've got a config file. Now we need to get them on Vulture, and that's where Flatcar, a lightweight operating system built for high security and more importantly, low maintenance comes into play. You see, it's like, it's a little train car with containers on it. The container, that's our VPN. Anyways, back on Vulture, click deploy new server and select the region you wanna use. If you're not trying to get around region restrictions, you can pick whatever region is closest to you. If you are, pick whatever region is closest to you in an area that doesn't have those restrictions. Now, there are a lot of plans to choose from, but we found these shared CPU high-frequency ones to be the best bang for your buck. Specifically, the $6 a month base plan, which includes a terabyte of bandwidth per month, and can handle gigabit speeds without issue. You might be able to make it work with cheaper tiers, so let us know down in the description how that goes. Disable automatic backup, since we won't be storing any data on the machine. Select the stable version of Flatcar container Linux, and then select cloud init user data. And that's where you're gonna be pasting the configuration we generated earlier. Hit deploy, and while we're waiting for the VPN server to show up in Tailscale's dashboard, it's a great time to download Tailscale on whatever device you wanna use your VPN with. So go to their website, hit download, install, and then once it's installed, log in. If you're on macOS, you have to agree to a few system prompts, but once that's done, it should just connect. Once you're logged in, you should see your client in the Tailscale dashboard, and hopefully by now, also your VPN server, which we have to make a few changes to. First, you wanna go into edit route settings, and then select use as exit node. This is gonna allow us to tunnel our client's traffic to the VPN server, and then you want to disable key expiry. And you might also wanna do this for your client as well. If you don't do this, after 180 days, the VPN server will stop being able to connect to Tailscale and just stop working as a VPN. Assuming you've done everything correctly, you should have yourself a functioning, self-updating VPN server. And I'm sure you did great, but now's a good time to check our work. So open up command prompt or terminal, if you're on macOS like me, and run ping VPN server. If everything's working, you should see responses with the latency listed, and if it's not, well, go back a few steps and make sure you've followed everything correctly. Assuming this is working, you're then gonna wanna run Tailscale status, which if you're on macOS is a little bit more complicated. We'll just copy paste that, boom, status. And you should see direct in the response. That means you're making a direct connection to the VPN server. If you see relay here instead, you might have a funky or restrictive firewall that's blocking the connection, and you can try asking for help on the LTT forum or Discord server. If all looks good, like this WAN deskpad from LTTstore.com, you can go ahead and finally try it out. So go to the Tailscale in your taskbar, select exit nodes, and then click on VPN server. At this point, we're now tunneling our own traffic through our very own VPN server. Assuming we still have internet, let me try pinging. Ping. Hey, it's still working. Sick. Thanks. We just have to try it out. Let's go, what is my IP address? That's kind of the easiest way to figure it out. Hey, I see an IP address that's different than the network that I'm actually on. And you can see our ISP shows us Vulture Holdings. Great job. Now you should only have to select the exit node once per device. It should remember the settings, but if you're ever unsure, it does actually change the icon in the taskbar, or you can use a website like I just showed you to check your external IP address. Now this setup can work great if your goal is to better protect your privacy or to get around throttling or region blocks. And at this point, you can go ahead and test it out. But if you're trying to get around a potential TikTok ban or maybe another app, for instance, you might still be locked out since some of these services use other things to determine your location, like the app store region you downloaded from, sometimes GPS location, or maybe even your account billing information. If that's the case, you can try changing your app store region and read downloading, for instance. But if you can't get that to work, the web version in a webpage on your computer or your phone should still work. Now, if you're trying to use another country's Netflix library, they, like most streaming services, aggressively block hosting, VPN, and data center related IP addresses. So this setup probably won't work. Your best bet is one of the more streaming oriented public VPN providers, or if you happen to have a friend in the country of choice, hosting a VPN at their house could also be a workable solution. What's less workable is torrenting. I mentioned earlier that torrenting is a great use case for public VPNs. That's because whether you're trying to avoid DMCA notices or circumvent ISP throttling, practically all big cloud providers will forward abuse reports from your totally legal torrents directly to you. And depending on their terms of service, they might even suspend your server. There are hosting companies that operate in countries that don't abide by the DMCA and therefore don't care. So if you're looking for that, Google is your friend, but you may have to get a little bit more manual on the setup. Now, if you fall into the last camp of wanting to remotely access your home or business network without having to port forward, like to check security cameras or stream video games, or hell, run a Minecraft server. You can easily do that with tail scale, no VPS required, and therefore for free. Just install the tail scale client directly on the device you wanna access, like say your Minecraft server, and then on your remote device and log them into the same account. You can even run it in subnet routing mode and share services on other devices or even your entire network. Just keep in mind that by default, tail scale doesn't block any connections within the little tail scale network. So if you do explore it, we recommend locking things down with their access control rules, especially if you're inviting your friends. Put that all together and assuming you didn't take the easy route, in just a few minutes, you've got your very own low maintenance, automatically updating VPN server that's easily capable of reaching full gigabit speeds where you're in control of your own data. And if you don't want it anymore, just get rid of it. Delete, boom! Now all you're left with is our sponsor. So thanks for watching. If you liked this video, why not check out our last server room update? I think it was called Our Network Is Bigger Than Yours. That was a good one, and you should watch it."}