# How to set up a VPN server through self-hosting or with DigitalOcean ## Introduction Whether you want to keep your online activity private by hiding your IP or protect your traffic by encrypting your internet connection, creating your own VPN server can be a solution to address these needs. Setting up a VPN server requires a good understanding of network security. Therefore, it’s always a good idea to seek assistance from cybersecurity professionals. Still, by incorporating [Meshnet ](https://nordvpn.com/meshnet/)into the process, you can configure your VPN server quickly, even if you have no prior experience. Watch this video tutorial that will walk you through the process of setting up a VPN server using Meshnet and DigitalOcean, or scroll down for a written guide. {% embed url="" fullWidth="false" %} When you create your own VPN server, you have several options for how to set it up, including: * Hosting it on your own computer * Renting a cloud server This guide describes both methods and shows how Meshnet’s routing infrastructure is used as a component of your VPN. {% hint style="info" %} **Note** Be aware that by setting up your own VPN server, you increase your online privacy but not to the same extent as when connecting to a regular VPN server provided by NordVPN, which follows a [strict no-logs policy](https://nordvpn.com/features/strict-no-logs-policy/). {% endhint %} ## Using your own device as a VPN server Creating your own VPN server at home can provide you with a secure and convenient way to access your home network. Meshnet has an integrated routing traffic feature that allows you to set up one of your devices to act as a VPN server without additional software. To learn more about the feature and its capabilities, see [Routing traffic in Meshnet](https://meshnet.nordvpn.com/features/routing-traffic-in-meshnet). ### Before you begin Here are a few things to consider before you start setting up a VPN server for personal use: * Choose a device that is turned on all the time and has a reliable power source to prevent crashes and downtime. * Make sure that the device is capable of forwarding network traffic. Meshnet allows routing traffic through devices that run the following platforms: * Windows 10 (64-bit) and Windows 11 * macOS Catalina (Version 10.15) and later * Linux {% hint style="info" %} **Note** Routing traffic through mobile devices is not available. {% endhint %} ### Set up a VPN server 1. On the device you’ve chosen to serve as a VPN host, [install NordVPN](https://nordvpn.com/download/). 2. Log in to your account and [turn on Meshnet](https://meshnet.nordvpn.com/getting-started/how-to-start-using-meshnet). 3. Link devices to Meshnet by enabling Meshnet on your other devices or by [sending invitations to other NordVPN users](https://meshnet.nordvpn.com/features/linking-devices-in-meshnet). 4. Ensure your [traffic routing permissions](https://meshnet.nordvpn.com/features/explaining-permissions/traffic-routing-permissions) and [local network permissions](https://meshnet.nordvpn.com/features/explaining-permissions/local-network-permissions) are enabled for each client device.\ \ ![](https://3559400189-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0cTezbT2vN0lurEio8Z5%2Fuploads%2FhuHZHHPn62SzCu1NnkOq%2Fimage.png?alt=media\&token=94077981-b62e-4134-9c62-0edb72b274b4) {% hint style="warning" %} **Caution** To ensure the security of your home network and the devices inside it, we highly recommend enabling the local network permission only for devices that you have the utmost confidence in. {% endhint %} ### Connect to your VPN server Once your home VPN server is set up, you can use any device connected to your Meshnet as a VPN client. To do this: 1. On your client device, log in to your NordVPN account. 2. Start routing traffic through the linked host device you set up. For specific instructions, see the [Routing traffic in Meshnet](https://meshnet.nordvpn.com/features/routing-traffic-in-meshnet#see-also) article. Now you can access other devices on your home network by their local IP address. This requires you to know the IP address of each device. ## Set up a VPN server in the cloud Because you can rent a server in a country of your choice, setting up a VPN server in the cloud gives you the ability to access content that might otherwise be restricted in your region. ### Choose a cloud service provider To set up a VPN server on a cloud service platform, first, choose a cloud service provider. Most cloud platforms charge a monthly subscription fee. However, some also offer a free version, like [Amazon Web Services](https://meshnet.nordvpn.com/how-to/traffic-routing/vpn-server-with-aws) or [Microsoft Azure](https://meshnet.nordvpn.com/how-to/traffic-routing/vpn-server-with-azure). {% hint style="info" %} **Note** If you choose to rent a cloud server for your VPN, keep in mind that most cloud server providers can disclose your personal information to authorities if they are required to do so by law. {% endhint %} ### Create a virtual machine on the cloud platform For the purposes of this guide, DigitalOcean Droplets will be used to show how to configure a virtual machine (VM). The exact steps you need to follow will depend on the cloud service platform you’ve chosen. Droplets are Linux-based VMs provided by DigitalOcean. They allow you to create and manage virtual servers for your needs. 1. [Sign up for DigitalOcean](https://cloud.digitalocean.com/login) and log in to your account. 2. Create a VM by clicking **Create** and selecting **Droplets**. 3. Select the region where you want your server to be located. 4. Choose an operating system (for example, Ubuntu). 5. Choose a plan and size for your VM. 6. Add an SSH key following the instructions provided on the page (recommended) or create a password for the VM. 7. In the **Hostname** box, enter a name for your VM and click **Create**. ### Connect to the virtual machine Once your server is up and running, you can log in to it using your SSH key or password based on the authentication method you’ve selected. 1. Open **Terminal** (on Linux and macOS) or **Command prompt** (on Windows). 2. If you chose the **Password** option upon Droplet creation, follow these steps: 1. Enter the `ssh root@` command, replacing `` with the IP address of your VM. You can find your VM’s IP address at [DigitalOcean Control Panel](https://cloud.digitalocean.com/).\ \ **Example**

ssh root@46.101.233.23

2. When asked if you’re sure you want to continue connecting, type `yes`. 3. Enter the password you created for your droplet.
3. If you chose **Add SSH keys**: 1. Enter the `ssh -i username@` command, specifying the path of your private key in place of `` and substituting `` with the IP address of your Droplet.\ \ **Example**

ssh -i /Users/MeshnetUser/ssh_key.txt root@64.227.156.106

2. When asked if you’re sure you want to continue connecting, type `yes`. 3. Enter the passphrase for your key pair.

An example of entering a private key in the terminal to connect to the virtual machine

{% hint style="info" %} **Note** The latest builds of Windows 10 and Windows 11 include a built-in SSH client. Alternatively, you can use a third-party terminal emulator for Windows, such as [Putty](https://en.wikipedia.org/wiki/PuTTY). {% endhint %} ### Install NordVPN on the virtual machine Follow these steps to set up NordVPN on the virtual machine you created: 1. Download and install the NordVPN Linux client by entering the command below.

sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)

2. Log in to your NordVPN account. #### Log in to NordVPN You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways: * By running the `nordvpn login` command with the `--token` flag * By running the `nordvpn login` command with the `--callback` flag Instructions for both methods are outlined below.

1. On any device, log in to your [Nord Account](https://my.ndaccount.com/) dashboard and select the **Meshnet (by NordVPN)** card.

"Meshnet (by NordVPN)" card highlighted.

2. Under **Advanced settings**, select **Get access token**.

Clicking the 'Set up NordVPN manually' button.

3. Enter the verification code sent to your email address. 4. Under **Access token**, click **Generate new token**.

5. In the dialog that appears, choose either a token that expires in 30 days or one that never expires, and then select **Generate token**.

6. Select **Copy and close**. 7. On your virtual machine, run the `nordvpn login --token ` command, replacing `` with the copied token.\ \ **Example**

nordvpn login --token 3fe460cefb8dcf1478c92e45903cec9f9bdbadf7a456a6dfb35dc2c58ee39d5b

You should now see a welcome message.

1. Run the following command:

nordvpn login

2. Open the provided link on any device in your browser. 3. Complete the login procedure. 4. Right-click the **Continue** button and select **Copy link address**. 5. Run the `nordvpn login --callback ""` command, replacing `` with the previously copied link address.\ \ **Example**

nordvpn login --callback "nordvpn://login?action=login&exchange_token=MGFlY2E1NmE4YjM2NDM4NjUzN2VjOWIzYWM3ZTU3ZDliNDdiNzRjZTMwMjE5YjkzZTNhNTI3ZWZlOTIwMGJlOQ%3D%3D&status=done"

You should now see a welcome message.

{% hint style="success" %} **Tip** To preserve your token when logging out of the NordVPN app, use the `nordvpn logout --persist-token` command. Otherwise, your token will be revoked. {% endhint %} {% hint style="info" %} **Note** If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter `sudo usermod -aG nordvpn $USER`. Then, reboot your instance and log back in. {% endhint %} ### Enable Meshnet On your VM, [enable Meshnet ](https://meshnet.nordvpn.com/getting-started/how-to-start-using-meshnet/using-meshnet-on-linux)by typing this command: {% code overflow="wrap" %} ```bash nordvpn set meshnet on ``` {% endcode %} To view the Nord name and Meshnet IP address of your VM, enter the following command. {% code overflow="wrap" %} ```bash nordvpn meshnet peer list ``` {% endcode %} **Example**

The device's Nord name and IP address are highlighted

You will also see all your connected Meshnet devices, which have the potential to access this server, depending on their permissions. ### Grant the traffic routing permission To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command: {% code overflow="wrap" %} ```bash nordvpn meshnet peer routing allow ``` {% endcode %} **Example** {% code overflow="wrap" %} ```bash nordvpn meshnet peer routing allow secret.raccoon-everest.nord ``` {% endcode %} For more information, see the [Traffic routing permissions](https://meshnet.nordvpn.com/features/explaining-permissions/traffic-routing-permissions#changing-permissions) page. ### Route traffic through your server Your client devices should now be able to connect to the server. To do this, start routing traffic through the VM you set up, which you can now find among your Meshnet peer devices.

The VM set up is visible among Meshnet peer devices in the NordVPN app

For specific instructions, see the [Routing traffic in Meshnet](https://meshnet.nordvpn.com/features/routing-traffic-in-meshnet#see-also) article. [Your device's IP address](https://nordvpn.com/what-is-my-ip/) should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.