1
00:00:00,000 --> 00:00:04,960
We all know how incredibly frustrating it is to be locked out of sites and apps you might rely on

2
00:00:04,960 --> 00:00:09,160
for work or pleasure. TikTok, The Hub, and many other services

3
00:00:09,160 --> 00:00:12,200
are being restricted or outright banned in parts of the world.

4
00:00:12,200 --> 00:00:15,800
But don't fret, for there is a shining light in the darkness,

5
00:00:15,800 --> 00:00:19,640
the VPN. Say a website is blocking users in your country.

6
00:00:19,640 --> 00:00:24,320
By connecting to a VPN in a different country, that website will think you're there.

7
00:00:24,320 --> 00:00:28,200
And boom, no more block. And today, we're going to show you a few ways

8
00:00:28,200 --> 00:00:31,520
to do just that. Level one, where all you need is a credit card.

9
00:00:31,520 --> 00:00:35,800
Level two, where you get to set up your own VPN. And don't worry, it's easy.

10
00:00:35,800 --> 00:00:39,600
And then there's my favorite. Level three, where I tell you about our sponsor.

11
00:00:48,600 --> 00:00:53,480
Before you decide how you're going to tackle a VPN, it's important to understand why you need one in the first place.

12
00:00:53,480 --> 00:00:58,640
And I figure there's four main use cases. First, getting around throttling, blocking, or bans,

13
00:00:58,640 --> 00:01:04,200
like your school or government blocking websites, accessing region-locked content, like a different country's

14
00:01:04,200 --> 00:01:07,520
Netflix library, obscuring your IP address for privacy

15
00:01:07,520 --> 00:01:11,040
or torrenting, legal stuff like Linux ISOs, of course,

16
00:01:11,040 --> 00:01:15,640
and securely accessing a remote network, like your home or business, from somewhere else.

17
00:01:15,640 --> 00:01:21,480
If you fall into any of the first three categories, especially torrenting, and you want the easiest solution,

18
00:01:21,480 --> 00:01:25,120
there's level one. Using one of the many public VPN providers,

19
00:01:25,120 --> 00:01:30,040
our personal favorite, is private internet access. And all you've got to do to get these going is sign up,

20
00:01:30,040 --> 00:01:33,480
download their client, and hit connect. All right. Whoa, whoa, whoa.

21
00:01:33,480 --> 00:01:38,280
There's nothing wrong with taking the easy route. But it doesn't mean you're not in control of your data.

22
00:01:38,280 --> 00:01:41,520
And even a VPN provider who's trustworthy today

23
00:01:41,520 --> 00:01:46,040
could change their behavior in the future. For instance, if they got bought out by a different company.

24
00:01:46,040 --> 00:01:50,440
So let's talk level two, where you get to host your very own private VPN server.

25
00:01:50,440 --> 00:01:54,920
While there are just about a million different ways to skin this cat, the setup I'm going to show you today

26
00:01:54,920 --> 00:01:57,960
isn't scary, requires virtually zero maintenance,

27
00:01:57,960 --> 00:02:01,760
and puts you in control. And you might even learn something along the way,

28
00:02:01,760 --> 00:02:05,880
like this disclaimer. Anything we show you today is purely in the interest of education and privacy.

29
00:02:05,880 --> 00:02:09,600
We aren't condoning or recommending piracy, bypassing legislative bans, or anything similar.

30
00:02:09,600 --> 00:02:13,320
The illegal implications of your actions are your own responsibility. Thanks Riley.

31
00:02:13,320 --> 00:02:17,720
If you're following along at home, you're going to want to check out the GitHub repo we have linked down in the description,

32
00:02:17,720 --> 00:02:21,080
because that's where you're going to find all the necessary files, along with some step-by-step

33
00:02:21,080 --> 00:02:25,760
instructions in case you get lost. Public VPNs work by tunneling your internet traffic

34
00:02:25,760 --> 00:02:30,680
through a dedicated computer in a data center, and replace your IP address along the way.

35
00:02:30,680 --> 00:02:35,000
That's the part that hides your location. And we're going to do basically the same thing

36
00:02:35,000 --> 00:02:38,720
by renting a small piece of a computer from a cloud hosting provider.

37
00:02:38,720 --> 00:02:42,280
They have data centers all over the world with thousands of servers that are split up

38
00:02:42,280 --> 00:02:45,680
into what they call VPSs, or virtual private servers,

39
00:02:45,680 --> 00:02:49,400
with the magic of virtualization. If you've seen us talk about virtual machines before,

40
00:02:49,400 --> 00:02:53,120
it's the exact same thing. If you're comfortable using a Linux command line,

41
00:02:53,120 --> 00:02:56,840
you should be able to replicate our setup with virtually any cloud provider.

42
00:02:56,840 --> 00:03:00,800
But if you're not, and for the sake of simplicity, we're going to be using Vulture.

43
00:03:00,800 --> 00:03:04,560
They're not a sponsor, but we had great results with their high-frequency tier.

44
00:03:04,560 --> 00:03:10,360
So start by signing up there, and we'll come back to it in a sec. If we're being honest, traditionally setting up a VPN,

45
00:03:10,360 --> 00:03:14,480
it's complicated, and it requires maintenance to keep things secure and reliable.

46
00:03:14,480 --> 00:03:19,480
So instead of walking you through how to do all of that and keep it maintained, we distilled the entire setup

47
00:03:19,480 --> 00:03:23,200
down into a single config file, literally this.

48
00:03:23,200 --> 00:03:28,160
These 100-ish lines contain all the information our server needs to set up the VPN,

49
00:03:28,160 --> 00:03:33,560
create a firewall to keep it secure, and handle automatic updates for both the operating system

50
00:03:33,560 --> 00:03:39,160
and the VPN software, which is called Tailscale. It has a ton of cool features, but most importantly for us,

51
00:03:39,160 --> 00:03:42,680
it makes the setup much easier, and it allows us to use existing accounts

52
00:03:42,680 --> 00:03:46,560
like Google or GitHub to log in. And their free plan is good for three users

53
00:03:46,560 --> 00:03:49,600
or 100 clients, so we're good there. Once you're logged into Tailscale,

54
00:03:49,600 --> 00:03:52,680
head to the keys section of the settings and generate an auth key,

55
00:03:52,680 --> 00:03:55,880
which is basically a fancy password our VPN server

56
00:03:55,880 --> 00:04:00,560
is gonna use to log in. That auth key has to make its way into the config file I showed you earlier,

57
00:04:00,560 --> 00:04:05,560
but that can be tricky and kinda easy to screw up. So we made a custom tool, which will be linked in the GitHub

58
00:04:05,560 --> 00:04:09,160
that you can paste your key into, and then it'll spit out a config ready to go.

59
00:04:09,160 --> 00:04:13,480
For the nerds out there who wanna be able to remote into the machine, you'll probably wanna add an SSH key,

60
00:04:13,480 --> 00:04:17,040
but if you don't know what that means, just skip this step. So we've got our VPN software,

61
00:04:17,040 --> 00:04:20,280
and we've got a config file. Now we need to get them on Vulture,

62
00:04:20,280 --> 00:04:24,920
and that's where Flatcar, a lightweight operating system built for high security

63
00:04:24,920 --> 00:04:27,920
and more importantly, low maintenance comes into play.

64
00:04:27,920 --> 00:04:33,000
You see, it's like, it's a little train car with containers on it. The container, that's our VPN.

65
00:04:33,000 --> 00:04:36,060
Anyways, back on Vulture, click deploy new server

66
00:04:36,060 --> 00:04:40,200
and select the region you wanna use. If you're not trying to get around region restrictions,

67
00:04:40,200 --> 00:04:45,560
you can pick whatever region is closest to you. If you are, pick whatever region is closest to you

68
00:04:45,600 --> 00:04:50,400
in an area that doesn't have those restrictions. Now, there are a lot of plans to choose from,

69
00:04:50,400 --> 00:04:54,440
but we found these shared CPU high-frequency ones to be the best bang for your buck.

70
00:04:54,440 --> 00:04:58,560
Specifically, the $6 a month base plan, which includes a terabyte of bandwidth per month,

71
00:04:58,560 --> 00:05:02,880
and can handle gigabit speeds without issue. You might be able to make it work with cheaper tiers,

72
00:05:02,880 --> 00:05:06,120
so let us know down in the description how that goes. Disable automatic backup,

73
00:05:06,120 --> 00:05:11,240
since we won't be storing any data on the machine. Select the stable version of Flatcar container Linux,

74
00:05:11,240 --> 00:05:14,880
and then select cloud init user data. And that's where you're gonna be pasting

75
00:05:14,880 --> 00:05:18,920
the configuration we generated earlier. Hit deploy, and while we're waiting for the VPN server

76
00:05:18,920 --> 00:05:23,200
to show up in Tailscale's dashboard, it's a great time to download Tailscale

77
00:05:23,200 --> 00:05:28,360
on whatever device you wanna use your VPN with. So go to their website, hit download, install,

78
00:05:28,360 --> 00:05:32,840
and then once it's installed, log in. If you're on macOS, you have to agree to a few system prompts,

79
00:05:32,840 --> 00:05:35,880
but once that's done, it should just connect.

80
00:05:35,880 --> 00:05:41,100
Once you're logged in, you should see your client in the Tailscale dashboard, and hopefully by now, also your VPN server,

81
00:05:41,100 --> 00:05:45,280
which we have to make a few changes to. First, you wanna go into edit route settings,

82
00:05:45,280 --> 00:05:50,160
and then select use as exit node. This is gonna allow us to tunnel our client's traffic

83
00:05:50,160 --> 00:05:53,840
to the VPN server, and then you want to disable key expiry.

84
00:05:53,840 --> 00:05:58,280
And you might also wanna do this for your client as well. If you don't do this, after 180 days,

85
00:05:58,280 --> 00:06:01,500
the VPN server will stop being able to connect to Tailscale

86
00:06:01,500 --> 00:06:05,320
and just stop working as a VPN. Assuming you've done everything correctly,

87
00:06:05,320 --> 00:06:09,280
you should have yourself a functioning, self-updating VPN server.

88
00:06:09,280 --> 00:06:12,320
And I'm sure you did great, but now's a good time to check our work.

89
00:06:12,320 --> 00:06:17,720
So open up command prompt or terminal, if you're on macOS like me, and run ping VPN server.

90
00:06:17,720 --> 00:06:22,120
If everything's working, you should see responses with the latency listed, and if it's not,

91
00:06:22,120 --> 00:06:25,640
well, go back a few steps and make sure you've followed everything correctly.

92
00:06:25,640 --> 00:06:29,320
Assuming this is working, you're then gonna wanna run Tailscale status,

93
00:06:29,320 --> 00:06:32,400
which if you're on macOS is a little bit more complicated.

94
00:06:32,400 --> 00:06:35,560
We'll just copy paste that, boom, status.

95
00:06:35,560 --> 00:06:40,120
And you should see direct in the response. That means you're making a direct connection

96
00:06:40,120 --> 00:06:43,120
to the VPN server. If you see relay here instead,

97
00:06:43,120 --> 00:06:47,080
you might have a funky or restrictive firewall that's blocking the connection,

98
00:06:47,080 --> 00:06:50,240
and you can try asking for help on the LTT forum or Discord server.

99
00:06:50,240 --> 00:06:55,160
If all looks good, like this WAN deskpad from LTTstore.com, you can go ahead and finally try it out.

100
00:06:55,160 --> 00:07:00,160
So go to the Tailscale in your taskbar, select exit nodes, and then click on VPN server.

101
00:07:00,160 --> 00:07:04,720
At this point, we're now tunneling our own traffic through our very own VPN server.

102
00:07:04,720 --> 00:07:08,160
Assuming we still have internet, let me try pinging. Ping.

103
00:07:08,160 --> 00:07:11,720
Hey, it's still working. Sick. Thanks.

104
00:07:11,720 --> 00:07:15,600
We just have to try it out. Let's go, what is my IP address?

105
00:07:16,520 --> 00:07:22,120
That's kind of the easiest way to figure it out. Hey, I see an IP address that's different

106
00:07:22,120 --> 00:07:26,880
than the network that I'm actually on. And you can see our ISP shows us Vulture Holdings.

107
00:07:26,880 --> 00:07:30,800
Great job. Now you should only have to select the exit node once per device.

108
00:07:30,800 --> 00:07:35,200
It should remember the settings, but if you're ever unsure, it does actually change the icon in the taskbar,

109
00:07:35,200 --> 00:07:38,800
or you can use a website like I just showed you to check your external IP address.

110
00:07:38,800 --> 00:07:42,240
Now this setup can work great if your goal is to better protect your privacy

111
00:07:42,240 --> 00:07:46,680
or to get around throttling or region blocks. And at this point, you can go ahead and test it out.

112
00:07:46,680 --> 00:07:50,640
But if you're trying to get around a potential TikTok ban or maybe another app, for instance,

113
00:07:50,640 --> 00:07:54,440
you might still be locked out since some of these services use other things

114
00:07:54,440 --> 00:07:58,000
to determine your location, like the app store region you downloaded from,

115
00:07:58,000 --> 00:08:02,040
sometimes GPS location, or maybe even your account billing information.

116
00:08:02,040 --> 00:08:06,360
If that's the case, you can try changing your app store region and read downloading, for instance.

117
00:08:06,360 --> 00:08:09,960
But if you can't get that to work, the web version in a webpage on your computer

118
00:08:09,960 --> 00:08:14,280
or your phone should still work. Now, if you're trying to use another country's Netflix library,

119
00:08:14,280 --> 00:08:19,320
they, like most streaming services, aggressively block hosting, VPN,

120
00:08:19,320 --> 00:08:23,560
and data center related IP addresses. So this setup probably won't work.

121
00:08:23,560 --> 00:08:27,240
Your best bet is one of the more streaming oriented public VPN providers,

122
00:08:27,240 --> 00:08:31,720
or if you happen to have a friend in the country of choice, hosting a VPN at their house

123
00:08:31,720 --> 00:08:35,800
could also be a workable solution. What's less workable is torrenting.

124
00:08:35,800 --> 00:08:39,520
I mentioned earlier that torrenting is a great use case for public VPNs.

125
00:08:39,520 --> 00:08:42,720
That's because whether you're trying to avoid DMCA notices

126
00:08:42,720 --> 00:08:47,120
or circumvent ISP throttling, practically all big cloud providers

127
00:08:47,120 --> 00:08:51,960
will forward abuse reports from your totally legal torrents directly to you.

128
00:08:51,960 --> 00:08:55,560
And depending on their terms of service, they might even suspend your server.

129
00:08:55,560 --> 00:09:01,280
There are hosting companies that operate in countries that don't abide by the DMCA and therefore don't care.

130
00:09:01,280 --> 00:09:05,680
So if you're looking for that, Google is your friend, but you may have to get a little bit more manual on the setup.

131
00:09:05,680 --> 00:09:10,280
Now, if you fall into the last camp of wanting to remotely access your home or business network

132
00:09:10,280 --> 00:09:14,640
without having to port forward, like to check security cameras or stream video games,

133
00:09:14,640 --> 00:09:19,720
or hell, run a Minecraft server. You can easily do that with tail scale,

134
00:09:19,720 --> 00:09:24,040
no VPS required, and therefore for free. Just install the tail scale client directly

135
00:09:24,040 --> 00:09:27,080
on the device you wanna access, like say your Minecraft server,

136
00:09:27,080 --> 00:09:30,320
and then on your remote device and log them into the same account.

137
00:09:30,320 --> 00:09:34,880
You can even run it in subnet routing mode and share services on other devices

138
00:09:34,880 --> 00:09:38,800
or even your entire network. Just keep in mind that by default,

139
00:09:38,800 --> 00:09:42,320
tail scale doesn't block any connections within the little tail scale network.

140
00:09:42,320 --> 00:09:46,720
So if you do explore it, we recommend locking things down with their access control rules,

141
00:09:46,720 --> 00:09:51,640
especially if you're inviting your friends. Put that all together and assuming you didn't take the easy route,

142
00:09:51,640 --> 00:09:55,140
in just a few minutes, you've got your very own low maintenance,

143
00:09:55,140 --> 00:10:00,480
automatically updating VPN server that's easily capable of reaching full gigabit speeds

144
00:10:00,480 --> 00:10:04,540
where you're in control of your own data. And if you don't want it anymore,

145
00:10:04,540 --> 00:10:08,740
just get rid of it. Delete, boom!

146
00:10:08,740 --> 00:10:12,180
Now all you're left with is our sponsor. So thanks for watching. If you liked this video,

147
00:10:12,180 --> 00:10:17,700
why not check out our last server room update? I think it was called Our Network Is Bigger Than Yours.

148
00:10:17,700 --> 00:10:19,700
That was a good one, and you should watch it.