How to set up a VPN server through self-hosting or with DigitalOcean

Learn how to create and configure your private VPN server using Meshnet.


Whether you want to keep your online activity private by hiding your IP, protect your traffic by encrypting your internet connection, or bypass geo-restrictions and censorship to access content around the globe, creating your own VPN server can be a solution to address these needs. With additional layers of privacy that a VPN provides, you can also avoid having your information used by advertisers.
Setting up a VPN server requires technical expertise and a good understanding of network security. Therefore, it’s always a good idea to seek assistance from cybersecurity professionals. Still, by incorporating Meshnet into the process, you will be able to configure your VPN quickly, even if you have no previous experience.
When you create your own VPN server, you have several options for how to set it up, including:
  • Hosting it on your own computer
  • Renting a cloud server
This guide describes both methods and shows how Meshnet’s routing infrastructure is used as a component of your VPN.
Be aware that by setting up your own VPN server, you increase your online privacy but not to the same extent as when connecting to a regular VPN server provided by NordVPN, which follows a strict no-logs policy.

Using your own device as a VPN server

Creating your own VPN server at home can provide you with a secure and convenient way to access your home network.
Meshnet has an integrated routing traffic feature that allows you to set up one of your devices to act as a VPN server without additional software. To learn more about the feature and its capabilities, see Routing traffic in Meshnet.

Before you begin

Here are a few things to consider before you start setting up a VPN server for personal use:
  • Choose a device that is turned on all the time and has a reliable power source to prevent crashes and downtime.
  • Make sure that the device is capable of forwarding network traffic. Meshnet allows routing traffic through devices that run the following platforms:
    • Windows 10 (64-bit) and Windows 11
    • macOS Catalina (Version 10.15) and later
    • Linux
Routing traffic through mobile devices is not available.

Set up a VPN server

  1. 1.
    On the device you’ve chosen to serve as a VPN host, install NordVPN.
  2. 2.
    Log in to your account and turn on Meshnet.
  3. 3.
    Link devices to Meshnet by enabling Meshnet on your other devices or by sending invitations to other NordVPN users.
  4. 4.
    Ensure your traffic routing permissions and local network permissions are enabled for each client device. While these permissions are allowed for your other Meshnet devices by default, for external ones, you set them when sending an invitation.
    The Traffic routing and Allow access to your local network options are selected in the Send invitation dialog
To ensure the security of your home network and the devices inside it, we highly recommend enabling the local network permission only for devices that you have the utmost confidence in.

Connect to your VPN server

Once your home VPN server is set up, you can use any device connected to your Meshnet as a VPN client. To do this:
  1. 1.
    On your client device, log in to your NordVPN account.
  2. 2.
    Start routing traffic through the linked host device you set up. For specific instructions, see the Using traffic routing section of Routing traffic in Meshnet.
Now you can access other devices on your home network by their local IP address. This requires you to know the IP address of each device.

Setting up a VPN server in the cloud

Because you can rent a server in a country of your choice, setting up a VPN server in the cloud gives you the ability to access content that might otherwise be restricted in your region.

Choose a cloud service provider

To set up a VPN server on a cloud service platform, first, choose a cloud service provider. Most cloud platforms charge a monthly subscription fee. However, some also offer a free version, like Amazon Web Services or Microsoft Azure.
If you choose to rent a cloud server for your VPN, keep in mind that most cloud server providers can disclose your personal information to authorities if they are required to do so by law.

Create a virtual machine on the cloud platform

For the purposes of this guide, DigitalOcean Droplets will be used to show how to configure a virtual machine (VM). The exact steps you need to follow will depend on the cloud service platform you’ve chosen.
Droplets are Linux-based VMs provided by DigitalOcean. They allow you to create and manage virtual servers for your needs.
  1. 1.
    Sign up for DigitalOcean and log in to your account.
  2. 2.
    Create a VM by clicking Create and selecting Droplets.
  3. 3.
    Select the region where you want your server to be located.
  4. 4.
    Choose an operating system (for example, Ubuntu).
  5. 5.
    Choose a plan and size for your VM.
  6. 6.
    Add an SSH key following the instructions provided on the page (recommended) or create a password for the VM.
  7. 7.
    In the Hostname box, enter a name for your VM and click Create.

Connect to the virtual machine

Once your server is up and running, you can log in to it using your SSH key or password based on the authentication method you’ve selected.
  1. 1.
    Open Terminal (on Linux and macOS) or Command prompt (on Windows).
  2. 2.
    If you chose the Password option upon Droplet creation, follow these steps:
    1. 1.
      Enter the ssh [email protected]<droplet_ip> command, replacing <droplet_ip> with the IP address of your VM. You can find your VM’s IP address at DigitalOcean Control Panel. Example
    2. 2.
      When asked if you’re sure you want to continue connecting, type yes.
    3. 3.
      Enter the password you created for your droplet.
  3. 3.
    If you chose Add SSH keys:
    1. 1.
      Enter the ssh -i </path/to/private/key> [email protected]<droplet_ip> command, specifying the path of your private key in place of </path/to/private/key> and substituting <droplet_ip> with the IP address of your Droplet. Example
      ssh -i /Users/MeshnetUser/ssh_key.txt [email protected]
    2. 2.
      When asked if you’re sure you want to continue connecting, type yes.
    3. 3.
      Enter the passphrase for your key pair.
      An example of entering a private key in the terminal to connect to the virtual machine
The latest builds of Windows 10 and Windows 11 include a built-in SSH client. Alternatively, you can use a third-party terminal emulator for Windows, such as Putty.

Install NordVPN on the virtual machine

Follow these steps to set up NordVPN on the virtual machine you created:
  1. 1.
    Download and install the NordVPN Linux client by entering the command below.
    sh <(wget -qO -
  2. 2.
    Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
  • By running the nordvpn login command with the --token flag
  • By running the nordvpn login command with the --callback flag
Instructions for both methods are outlined below.
Log in using a token
Log in using a URL
  1. 1.
    On any device, go to the Nord Account website and log in to your NordVPN account.
  2. 2.
    Select NordVPN and scroll down until you see Access token.
    The Access token section displaying the generate new token button
  3. 3.
    Select the Generate new token button.
  4. 4.
    In the dialog that appears, choose either a token that expires in 30 days or one that never expires, and then select Generate token.
    The Set to expire in 30 days option is selected
  5. 5.
    Select Copy and close.
  6. 6.
    On your virtual machine, run the nordvpn login --token <your_token> command, replacing <your_token> with the copied token. Example
    nordvpn login --token 3fe460cefb8dcf1478c92e45903cec9f9bdbadf7a456a6dfb35dc2c58ee39d5b
You should now see a welcome message.
  1. 1.
    Run the nordvpn login command.
  2. 2.
    Open the provided link on any device in your browser.
  3. 3.
    Complete the login procedure.
  4. 4.
    Right-click the Continue button and select Copy link address.
  5. 5.
    Run the nordvpn login --callback "<URL>" command, replacing <URL> with the previously copied link address. Example
    nordvpn login --callback "nordvpn://login?action=login&exchange_token=MGFlY2E1NmE4YjM2NDM4NjUzN2VjOWIzYWM3ZTU3ZDliNDdiNzRjZTMwMjE5YjkzZTNhNTI3ZWZlOTIwMGJlOQ%3D%3D&status=done"

Enable Meshnet

On your VM, enable Meshnet by typing this command:
nordvpn set meshnet on
To view the Nord name and Meshnet IP address of your VM, enter the following command.
nordvpn meshnet peer list
The device's Nord name and IP address are highlighted
You will also see all your connected Meshnet devices, which have the potential to access this server, depending on their permissions.

Connect to the VPN server

Your client devices should now be able to connect to the server. To do this, start routing traffic through the VM you set up, which you can now find among your Meshnet peer devices.
The VM set up is visible among Meshnet peer devices in the NordVPN app
For specific instructions, see the Using traffic routing section of Routing traffic in Meshnet.
Your device's IP address should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.
© 2023 Nord Security. All Rights Reserved.