WEBVTT

00:00:00.000 --> 00:00:04.960
We all know how incredibly frustrating it is to be locked out of sites and apps you might rely on

00:00:04.960 --> 00:00:09.160
for work or pleasure. TikTok, The Hub, and many other services

00:00:09.160 --> 00:00:12.200
are being restricted or outright banned in parts of the world.

00:00:12.200 --> 00:00:15.800
But don't fret, for there is a shining light in the darkness,

00:00:15.800 --> 00:00:19.640
the VPN. Say a website is blocking users in your country.

00:00:19.640 --> 00:00:24.320
By connecting to a VPN in a different country, that website will think you're there.

00:00:24.320 --> 00:00:28.200
And boom, no more block. And today, we're going to show you a few ways

00:00:28.200 --> 00:00:31.520
to do just that. Level one, where all you need is a credit card.

00:00:31.520 --> 00:00:35.800
Level two, where you get to set up your own VPN. And don't worry, it's easy.

00:00:35.800 --> 00:00:39.600
And then there's my favorite. Level three, where I tell you about our sponsor.

00:00:48.600 --> 00:00:53.480
Before you decide how you're going to tackle a VPN, it's important to understand why you need one in the first place.

00:00:53.480 --> 00:00:58.640
And I figure there's four main use cases. First, getting around throttling, blocking, or bans,

00:00:58.640 --> 00:01:04.200
like your school or government blocking websites, accessing region-locked content, like a different country's

00:01:04.200 --> 00:01:07.520
Netflix library, obscuring your IP address for privacy

00:01:07.520 --> 00:01:11.040
or torrenting, legal stuff like Linux ISOs, of course,

00:01:11.040 --> 00:01:15.640
and securely accessing a remote network, like your home or business, from somewhere else.

00:01:15.640 --> 00:01:21.480
If you fall into any of the first three categories, especially torrenting, and you want the easiest solution,

00:01:21.480 --> 00:01:25.120
there's level one. Using one of the many public VPN providers,

00:01:25.120 --> 00:01:30.040
our personal favorite, is private internet access. And all you've got to do to get these going is sign up,

00:01:30.040 --> 00:01:33.480
download their client, and hit connect. All right. Whoa, whoa, whoa.

00:01:33.480 --> 00:01:38.280
There's nothing wrong with taking the easy route. But it doesn't mean you're not in control of your data.

00:01:38.280 --> 00:01:41.520
And even a VPN provider who's trustworthy today

00:01:41.520 --> 00:01:46.040
could change their behavior in the future. For instance, if they got bought out by a different company.

00:01:46.040 --> 00:01:50.440
So let's talk level two, where you get to host your very own private VPN server.

00:01:50.440 --> 00:01:54.920
While there are just about a million different ways to skin this cat, the setup I'm going to show you today

00:01:54.920 --> 00:01:57.960
isn't scary, requires virtually zero maintenance,

00:01:57.960 --> 00:02:01.760
and puts you in control. And you might even learn something along the way,

00:02:01.760 --> 00:02:05.880
like this disclaimer. Anything we show you today is purely in the interest of education and privacy.

00:02:05.880 --> 00:02:09.600
We aren't condoning or recommending piracy, bypassing legislative bans, or anything similar.

00:02:09.600 --> 00:02:13.320
The illegal implications of your actions are your own responsibility. Thanks Riley.

00:02:13.320 --> 00:02:17.720
If you're following along at home, you're going to want to check out the GitHub repo we have linked down in the description,

00:02:17.720 --> 00:02:21.080
because that's where you're going to find all the necessary files, along with some step-by-step

00:02:21.080 --> 00:02:25.760
instructions in case you get lost. Public VPNs work by tunneling your internet traffic

00:02:25.760 --> 00:02:30.680
through a dedicated computer in a data center, and replace your IP address along the way.

00:02:30.680 --> 00:02:35.000
That's the part that hides your location. And we're going to do basically the same thing

00:02:35.000 --> 00:02:38.720
by renting a small piece of a computer from a cloud hosting provider.

00:02:38.720 --> 00:02:42.280
They have data centers all over the world with thousands of servers that are split up

00:02:42.280 --> 00:02:45.680
into what they call VPSs, or virtual private servers,

00:02:45.680 --> 00:02:49.400
with the magic of virtualization. If you've seen us talk about virtual machines before,

00:02:49.400 --> 00:02:53.120
it's the exact same thing. If you're comfortable using a Linux command line,

00:02:53.120 --> 00:02:56.840
you should be able to replicate our setup with virtually any cloud provider.

00:02:56.840 --> 00:03:00.800
But if you're not, and for the sake of simplicity, we're going to be using Vulture.

00:03:00.800 --> 00:03:04.560
They're not a sponsor, but we had great results with their high-frequency tier.

00:03:04.560 --> 00:03:10.360
So start by signing up there, and we'll come back to it in a sec. If we're being honest, traditionally setting up a VPN,

00:03:10.360 --> 00:03:14.480
it's complicated, and it requires maintenance to keep things secure and reliable.

00:03:14.480 --> 00:03:19.480
So instead of walking you through how to do all of that and keep it maintained, we distilled the entire setup

00:03:19.480 --> 00:03:23.200
down into a single config file, literally this.

00:03:23.200 --> 00:03:28.160
These 100-ish lines contain all the information our server needs to set up the VPN,

00:03:28.160 --> 00:03:33.560
create a firewall to keep it secure, and handle automatic updates for both the operating system

00:03:33.560 --> 00:03:39.160
and the VPN software, which is called Tailscale. It has a ton of cool features, but most importantly for us,

00:03:39.160 --> 00:03:42.680
it makes the setup much easier, and it allows us to use existing accounts

00:03:42.680 --> 00:03:46.560
like Google or GitHub to log in. And their free plan is good for three users

00:03:46.560 --> 00:03:49.600
or 100 clients, so we're good there. Once you're logged into Tailscale,

00:03:49.600 --> 00:03:52.680
head to the keys section of the settings and generate an auth key,

00:03:52.680 --> 00:03:55.880
which is basically a fancy password our VPN server

00:03:55.880 --> 00:04:00.560
is gonna use to log in. That auth key has to make its way into the config file I showed you earlier,

00:04:00.560 --> 00:04:05.560
but that can be tricky and kinda easy to screw up. So we made a custom tool, which will be linked in the GitHub

00:04:05.560 --> 00:04:09.160
that you can paste your key into, and then it'll spit out a config ready to go.

00:04:09.160 --> 00:04:13.480
For the nerds out there who wanna be able to remote into the machine, you'll probably wanna add an SSH key,

00:04:13.480 --> 00:04:17.040
but if you don't know what that means, just skip this step. So we've got our VPN software,

00:04:17.040 --> 00:04:20.280
and we've got a config file. Now we need to get them on Vulture,

00:04:20.280 --> 00:04:24.920
and that's where Flatcar, a lightweight operating system built for high security

00:04:24.920 --> 00:04:27.920
and more importantly, low maintenance comes into play.

00:04:27.920 --> 00:04:33.000
You see, it's like, it's a little train car with containers on it. The container, that's our VPN.

00:04:33.000 --> 00:04:36.060
Anyways, back on Vulture, click deploy new server

00:04:36.060 --> 00:04:40.200
and select the region you wanna use. If you're not trying to get around region restrictions,

00:04:40.200 --> 00:04:45.560
you can pick whatever region is closest to you. If you are, pick whatever region is closest to you

00:04:45.600 --> 00:04:50.400
in an area that doesn't have those restrictions. Now, there are a lot of plans to choose from,

00:04:50.400 --> 00:04:54.440
but we found these shared CPU high-frequency ones to be the best bang for your buck.

00:04:54.440 --> 00:04:58.560
Specifically, the $6 a month base plan, which includes a terabyte of bandwidth per month,

00:04:58.560 --> 00:05:02.880
and can handle gigabit speeds without issue. You might be able to make it work with cheaper tiers,

00:05:02.880 --> 00:05:06.120
so let us know down in the description how that goes. Disable automatic backup,

00:05:06.120 --> 00:05:11.240
since we won't be storing any data on the machine. Select the stable version of Flatcar container Linux,

00:05:11.240 --> 00:05:14.880
and then select cloud init user data. And that's where you're gonna be pasting

00:05:14.880 --> 00:05:18.920
the configuration we generated earlier. Hit deploy, and while we're waiting for the VPN server

00:05:18.920 --> 00:05:23.200
to show up in Tailscale's dashboard, it's a great time to download Tailscale

00:05:23.200 --> 00:05:28.360
on whatever device you wanna use your VPN with. So go to their website, hit download, install,

00:05:28.360 --> 00:05:32.840
and then once it's installed, log in. If you're on macOS, you have to agree to a few system prompts,

00:05:32.840 --> 00:05:35.880
but once that's done, it should just connect.

00:05:35.880 --> 00:05:41.100
Once you're logged in, you should see your client in the Tailscale dashboard, and hopefully by now, also your VPN server,

00:05:41.100 --> 00:05:45.280
which we have to make a few changes to. First, you wanna go into edit route settings,

00:05:45.280 --> 00:05:50.160
and then select use as exit node. This is gonna allow us to tunnel our client's traffic

00:05:50.160 --> 00:05:53.840
to the VPN server, and then you want to disable key expiry.

00:05:53.840 --> 00:05:58.280
And you might also wanna do this for your client as well. If you don't do this, after 180 days,

00:05:58.280 --> 00:06:01.500
the VPN server will stop being able to connect to Tailscale

00:06:01.500 --> 00:06:05.320
and just stop working as a VPN. Assuming you've done everything correctly,

00:06:05.320 --> 00:06:09.280
you should have yourself a functioning, self-updating VPN server.

00:06:09.280 --> 00:06:12.320
And I'm sure you did great, but now's a good time to check our work.

00:06:12.320 --> 00:06:17.720
So open up command prompt or terminal, if you're on macOS like me, and run ping VPN server.

00:06:17.720 --> 00:06:22.120
If everything's working, you should see responses with the latency listed, and if it's not,

00:06:22.120 --> 00:06:25.640
well, go back a few steps and make sure you've followed everything correctly.

00:06:25.640 --> 00:06:29.320
Assuming this is working, you're then gonna wanna run Tailscale status,

00:06:29.320 --> 00:06:32.400
which if you're on macOS is a little bit more complicated.

00:06:32.400 --> 00:06:35.560
We'll just copy paste that, boom, status.

00:06:35.560 --> 00:06:40.120
And you should see direct in the response. That means you're making a direct connection

00:06:40.120 --> 00:06:43.120
to the VPN server. If you see relay here instead,

00:06:43.120 --> 00:06:47.080
you might have a funky or restrictive firewall that's blocking the connection,

00:06:47.080 --> 00:06:50.240
and you can try asking for help on the LTT forum or Discord server.

00:06:50.240 --> 00:06:55.160
If all looks good, like this WAN deskpad from LTTstore.com, you can go ahead and finally try it out.

00:06:55.160 --> 00:07:00.160
So go to the Tailscale in your taskbar, select exit nodes, and then click on VPN server.

00:07:00.160 --> 00:07:04.720
At this point, we're now tunneling our own traffic through our very own VPN server.

00:07:04.720 --> 00:07:08.160
Assuming we still have internet, let me try pinging. Ping.

00:07:08.160 --> 00:07:11.720
Hey, it's still working. Sick. Thanks.

00:07:11.720 --> 00:07:15.600
We just have to try it out. Let's go, what is my IP address?

00:07:16.520 --> 00:07:22.120
That's kind of the easiest way to figure it out. Hey, I see an IP address that's different

00:07:22.120 --> 00:07:26.880
than the network that I'm actually on. And you can see our ISP shows us Vulture Holdings.

00:07:26.880 --> 00:07:30.800
Great job. Now you should only have to select the exit node once per device.

00:07:30.800 --> 00:07:35.200
It should remember the settings, but if you're ever unsure, it does actually change the icon in the taskbar,

00:07:35.200 --> 00:07:38.800
or you can use a website like I just showed you to check your external IP address.

00:07:38.800 --> 00:07:42.240
Now this setup can work great if your goal is to better protect your privacy

00:07:42.240 --> 00:07:46.680
or to get around throttling or region blocks. And at this point, you can go ahead and test it out.

00:07:46.680 --> 00:07:50.640
But if you're trying to get around a potential TikTok ban or maybe another app, for instance,

00:07:50.640 --> 00:07:54.440
you might still be locked out since some of these services use other things

00:07:54.440 --> 00:07:58.000
to determine your location, like the app store region you downloaded from,

00:07:58.000 --> 00:08:02.040
sometimes GPS location, or maybe even your account billing information.

00:08:02.040 --> 00:08:06.360
If that's the case, you can try changing your app store region and read downloading, for instance.

00:08:06.360 --> 00:08:09.960
But if you can't get that to work, the web version in a webpage on your computer

00:08:09.960 --> 00:08:14.280
or your phone should still work. Now, if you're trying to use another country's Netflix library,

00:08:14.280 --> 00:08:19.320
they, like most streaming services, aggressively block hosting, VPN,

00:08:19.320 --> 00:08:23.560
and data center related IP addresses. So this setup probably won't work.

00:08:23.560 --> 00:08:27.240
Your best bet is one of the more streaming oriented public VPN providers,

00:08:27.240 --> 00:08:31.720
or if you happen to have a friend in the country of choice, hosting a VPN at their house

00:08:31.720 --> 00:08:35.800
could also be a workable solution. What's less workable is torrenting.

00:08:35.800 --> 00:08:39.520
I mentioned earlier that torrenting is a great use case for public VPNs.

00:08:39.520 --> 00:08:42.720
That's because whether you're trying to avoid DMCA notices

00:08:42.720 --> 00:08:47.120
or circumvent ISP throttling, practically all big cloud providers

00:08:47.120 --> 00:08:51.960
will forward abuse reports from your totally legal torrents directly to you.

00:08:51.960 --> 00:08:55.560
And depending on their terms of service, they might even suspend your server.

00:08:55.560 --> 00:09:01.280
There are hosting companies that operate in countries that don't abide by the DMCA and therefore don't care.

00:09:01.280 --> 00:09:05.680
So if you're looking for that, Google is your friend, but you may have to get a little bit more manual on the setup.

00:09:05.680 --> 00:09:10.280
Now, if you fall into the last camp of wanting to remotely access your home or business network

00:09:10.280 --> 00:09:14.640
without having to port forward, like to check security cameras or stream video games,

00:09:14.640 --> 00:09:19.720
or hell, run a Minecraft server. You can easily do that with tail scale,

00:09:19.720 --> 00:09:24.040
no VPS required, and therefore for free. Just install the tail scale client directly

00:09:24.040 --> 00:09:27.080
on the device you wanna access, like say your Minecraft server,

00:09:27.080 --> 00:09:30.320
and then on your remote device and log them into the same account.

00:09:30.320 --> 00:09:34.880
You can even run it in subnet routing mode and share services on other devices

00:09:34.880 --> 00:09:38.800
or even your entire network. Just keep in mind that by default,

00:09:38.800 --> 00:09:42.320
tail scale doesn't block any connections within the little tail scale network.

00:09:42.320 --> 00:09:46.720
So if you do explore it, we recommend locking things down with their access control rules,

00:09:46.720 --> 00:09:51.640
especially if you're inviting your friends. Put that all together and assuming you didn't take the easy route,

00:09:51.640 --> 00:09:55.140
in just a few minutes, you've got your very own low maintenance,

00:09:55.140 --> 00:10:00.480
automatically updating VPN server that's easily capable of reaching full gigabit speeds

00:10:00.480 --> 00:10:04.540
where you're in control of your own data. And if you don't want it anymore,

00:10:04.540 --> 00:10:08.740
just get rid of it. Delete, boom!

00:10:08.740 --> 00:10:12.180
Now all you're left with is our sponsor. So thanks for watching. If you liked this video,

00:10:12.180 --> 00:10:17.700
why not check out our last server room update? I think it was called Our Network Is Bigger Than Yours.

00:10:17.700 --> 00:10:19.700
That was a good one, and you should watch it.