How to set up a VPN server through self-hosting or with DigitalOcean
Learn how to create and configure a self-hosted or a cloud VPN server using Meshnet.
Last updated
Learn how to create and configure a self-hosted or a cloud VPN server using Meshnet.
Last updated
© 2024 Nord Security. All Rights Reserved.
Whether you want to keep your online activity private by hiding your IP or protect your traffic by encrypting your internet connection, creating your own VPN server can be a solution to address these needs.
Setting up a VPN server requires a good understanding of network security. Therefore, it’s always a good idea to seek assistance from cybersecurity professionals. Still, by incorporating Meshnet into the process, you can configure your VPN server quickly, even if you have no prior experience.
Watch this video tutorial that will walk you through the process of setting up a VPN server using Meshnet and DigitalOcean, or scroll down for a written guide.
When you create your own VPN server, you have several options for how to set it up, including:
Hosting it on your own computer
Renting a cloud server
This guide describes both methods and shows how Meshnet’s routing infrastructure is used as a component of your VPN.
Note
Be aware that by setting up your own VPN server, you increase your online privacy but not to the same extent as when connecting to a regular VPN server provided by NordVPN, which follows a strict no-logs policy.
Creating your own VPN server at home can provide you with a secure and convenient way to access your home network.
Meshnet has an integrated routing traffic feature that allows you to set up one of your devices to act as a VPN server without additional software. To learn more about the feature and its capabilities, see Routing traffic in Meshnet.
Here are a few things to consider before you start setting up a VPN server for personal use:
Choose a device that is turned on all the time and has a reliable power source to prevent crashes and downtime.
Make sure that the device is capable of forwarding network traffic. Meshnet allows routing traffic through devices that run the following platforms:
Windows 10 (64-bit) and Windows 11
macOS Catalina (Version 10.15) and later
Linux
Note
Routing traffic through mobile devices is not available.
On the device you’ve chosen to serve as a VPN host, install NordVPN.
Log in to your account and turn on Meshnet.
Link devices to Meshnet by enabling Meshnet on your other devices or by sending invitations to other NordVPN users.
Caution
To ensure the security of your home network and the devices inside it, we highly recommend enabling the local network permission only for devices that you have the utmost confidence in.
Once your home VPN server is set up, you can use any device connected to your Meshnet as a VPN client. To do this:
On your client device, log in to your NordVPN account.
Start routing traffic through the linked host device you set up. For specific instructions, see the Routing traffic in Meshnet article.
Now you can access other devices on your home network by their local IP address. This requires you to know the IP address of each device.
Because you can rent a server in a country of your choice, setting up a VPN server in the cloud gives you the ability to access content that might otherwise be restricted in your region.
To set up a VPN server on a cloud service platform, first, choose a cloud service provider. Most cloud platforms charge a monthly subscription fee. However, some also offer a free version, like Amazon Web Services or Microsoft Azure.
Note
If you choose to rent a cloud server for your VPN, keep in mind that most cloud server providers can disclose your personal information to authorities if they are required to do so by law.
For the purposes of this guide, DigitalOcean Droplets will be used to show how to configure a virtual machine (VM). The exact steps you need to follow will depend on the cloud service platform you’ve chosen.
Droplets are Linux-based VMs provided by DigitalOcean. They allow you to create and manage virtual servers for your needs.
Sign up for DigitalOcean and log in to your account.
Create a VM by clicking Create and selecting Droplets.
Select the region where you want your server to be located.
Choose an operating system (for example, Ubuntu).
Choose a plan and size for your VM.
Add an SSH key following the instructions provided on the page (recommended) or create a password for the VM.
In the Hostname box, enter a name for your VM and click Create.
Once your server is up and running, you can log in to it using your SSH key or password based on the authentication method you’ve selected.
Open Terminal (on Linux and macOS) or Command prompt (on Windows).
If you chose the Password option upon Droplet creation, follow these steps:
Enter the ssh root@<droplet_ip>
command, replacing <droplet_ip>
with the IP address of your VM. You can find your VM’s IP address at DigitalOcean Control Panel.
Example
When asked if you’re sure you want to continue connecting, type yes
.
Enter the password you created for your droplet.
If you chose Add SSH keys:
Enter the ssh -i </path/to/private/key> username@<droplet_ip>
command, specifying the path of your private key in place of </path/to/private/key>
and substituting <droplet_ip>
with the IP address of your Droplet.
Example
When asked if you’re sure you want to continue connecting, type yes
.
Enter the passphrase for your key pair.
Note
The latest builds of Windows 10 and Windows 11 include a built-in SSH client. Alternatively, you can use a third-party terminal emulator for Windows, such as Putty.
Follow these steps to set up NordVPN on the virtual machine you created:
Download and install the NordVPN Linux client by entering the command below.
Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
By running the nordvpn login
command with the --token
flag
By running the nordvpn login
command with the --callback
flag
Instructions for both methods are outlined below.
Tip
To preserve your token when logging out of the NordVPN app, use the nordvpn logout --persist-token
command. Otherwise, your token will be revoked.
Note
If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter sudo usermod -aG nordvpn $USER
. Then, reboot your instance and log back in.
On your VM, enable Meshnet by typing this command:
To view the Nord name and Meshnet IP address of your VM, enter the following command.
Example
You will also see all your connected Meshnet devices, which have the potential to access this server, depending on their permissions.
To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command:
Example
For more information, see the Traffic routing permissions page.
Your client devices should now be able to connect to the server. To do this, start routing traffic through the VM you set up, which you can now find among your Meshnet peer devices.
For specific instructions, see the Routing traffic in Meshnet article.
Your device's IP address should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.
Ensure your traffic routing permissions and local network permissions are enabled for each client device.