Download Blog

How to set up a VPN server through self-hosting or with DigitalOcean

Learn how to create and configure a self-hosted or a cloud VPN server using Meshnet.

Introduction

Whether you want to keep your online activity private by hiding your IP or protect your traffic by encrypting your internet connection, creating your own VPN server can be a solution to address these needs.

Setting up a VPN server requires a good understanding of network security. Therefore, it’s always a good idea to seek assistance from cybersecurity professionals. Still, by incorporating Meshnet into the process, you can configure your VPN server quickly, even if you have no prior experience.

Watch this video tutorial that will walk you through the process of setting up a VPN server using Meshnet and DigitalOcean, or scroll down for a written guide.

When you create your own VPN server, you have several options for how to set it up, including:

  • Hosting it on your own computer

  • Renting a cloud server

This guide describes both methods and shows how Meshnet’s routing infrastructure is used as a component of your VPN.

Note

Be aware that by setting up your own VPN server, you increase your online privacy but not to the same extent as when connecting to a regular VPN server provided by NordVPN, which follows a strict no-logs policy.

Using your own device as a VPN server

Creating your own VPN server at home can provide you with a secure and convenient way to access your home network.

Meshnet has an integrated routing traffic feature that allows you to set up one of your devices to act as a VPN server without additional software. To learn more about the feature and its capabilities, see Routing traffic in Meshnet.

Before you begin

Here are a few things to consider before you start setting up a VPN server for personal use:

  • Choose a device that is turned on all the time and has a reliable power source to prevent crashes and downtime.

  • Make sure that the device is capable of forwarding network traffic. Meshnet allows routing traffic through devices that run the following platforms:

    • Windows 10 (64-bit) and Windows 11

    • macOS Catalina (Version 10.15) and later

    • Linux

Note

Routing traffic through mobile devices is not available.

Set up a VPN server

  1. On the device you’ve chosen to serve as a VPN host, install NordVPN.

  2. Log in to your account and turn on Meshnet.

  3. Link devices to Meshnet by enabling Meshnet on your other devices or by sending invitations to other NordVPN users.

Caution

To ensure the security of your home network and the devices inside it, we highly recommend enabling the local network permission only for devices that you have the utmost confidence in.

Connect to your VPN server

Once your home VPN server is set up, you can use any device connected to your Meshnet as a VPN client. To do this:

  1. On your client device, log in to your NordVPN account.

  2. Start routing traffic through the linked host device you set up. For specific instructions, see the Routing traffic in Meshnet article.

Now you can access other devices on your home network by their local IP address. This requires you to know the IP address of each device.

Set up a VPN server in the cloud

Because you can rent a server in a country of your choice, setting up a VPN server in the cloud gives you the ability to access content that might otherwise be restricted in your region.

Choose a cloud service provider

To set up a VPN server on a cloud service platform, first, choose a cloud service provider. Most cloud platforms charge a monthly subscription fee. However, some also offer a free version, like Amazon Web Services or Microsoft Azure.

Note

If you choose to rent a cloud server for your VPN, keep in mind that most cloud server providers can disclose your personal information to authorities if they are required to do so by law.

Create a virtual machine on the cloud platform

For the purposes of this guide, DigitalOcean Droplets will be used to show how to configure a virtual machine (VM). The exact steps you need to follow will depend on the cloud service platform you’ve chosen.

Droplets are Linux-based VMs provided by DigitalOcean. They allow you to create and manage virtual servers for your needs.

  1. Sign up for DigitalOcean and log in to your account.

  2. Create a VM by clicking Create and selecting Droplets.

  3. Select the region where you want your server to be located.

  4. Choose an operating system (for example, Ubuntu).

  5. Choose a plan and size for your VM.

  6. Add an SSH key following the instructions provided on the page (recommended) or create a password for the VM.

  7. In the Hostname box, enter a name for your VM and click Create.

Connect to the virtual machine

Once your server is up and running, you can log in to it using your SSH key or password based on the authentication method you’ve selected.

  1. Open Terminal (on Linux and macOS) or Command prompt (on Windows).

  2. If you chose the Password option upon Droplet creation, follow these steps:

    1. Enter the ssh root@<droplet_ip> command, replacing <droplet_ip> with the IP address of your VM. You can find your VM’s IP address at DigitalOcean Control Panel. Example

      ssh root@46.101.233.23

    2. When asked if you’re sure you want to continue connecting, type yes.

    3. Enter the password you created for your droplet.

  3. If you chose Add SSH keys:

    1. Enter the ssh -i </path/to/private/key> username@<droplet_ip> command, specifying the path of your private key in place of </path/to/private/key> and substituting <droplet_ip> with the IP address of your Droplet. Example 

      ssh -i /Users/MeshnetUser/ssh_key.txt root@64.227.156.106

    2. When asked if you’re sure you want to continue connecting, type yes.

    3. Enter the passphrase for your key pair.

Note

The latest builds of Windows 10 and Windows 11 include a built-in SSH client. Alternatively, you can use a third-party terminal emulator for Windows, such as Putty.

Install NordVPN on the virtual machine

Follow these steps to set up NordVPN on the virtual machine you created:

  1. Download and install the NordVPN Linux client by entering the command below. 

    sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)

  2. Log in to your NordVPN account.

Log in to NordVPN

You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:

  • By running the nordvpn login command with the --token flag

  • By running the nordvpn login command with the --callback flag

Instructions for both methods are outlined below.

Log in using a token

  1. On any device, log in to your Nord Account dashboard and select the Meshnet (by NordVPN) card.

  2. Under Manual setup, select Set up NordVPN manually.

  3. Enter the verification code sent to your email address.

  4. Under Access token, click Generate new token.

  5. In the dialog that appears, choose either a token that expires in 30 days or one that never expires, and then select Generate token.

  6. Select Copy and close.

  7. On your virtual machine, run the nordvpn login --token <your_token> command, replacing <your_token> with the copied token. Example 

    nordvpn login --token 3fe460cefb8dcf1478c92e45903cec9f9bdbadf7a456a6dfb35dc2c58ee39d5b

You should now see a welcome message.

Log in using a URL

  1. Run the following command: 

    nordvpn login

  2. Open the provided link on any device in your browser.

  3. Complete the login procedure.

  4. Right-click the Continue button and select Copy link address.

  5. Run the nordvpn login --callback "<URL>" command, replacing <URL> with the previously copied link address. Example

    nordvpn login --callback "nordvpn://login?action=login&exchange_token=MGFlY2E1NmE4YjM2NDM4NjUzN2VjOWIzYWM3ZTU3ZDliNDdiNzRjZTMwMjE5YjkzZTNhNTI3ZWZlOTIwMGJlOQ%3D%3D&status=done"

You should now see a welcome message.

Tip

To preserve your token when logging out of the NordVPN app, use the nordvpn logout --persist-token command. Otherwise, your token will be revoked.

Note

If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter sudo usermod -aG nordvpn $USER. Then, reboot your instance and log back in.

Enable Meshnet

On your VM, enable Meshnet by typing this command:

nordvpn set meshnet on

To view the Nord name and Meshnet IP address of your VM, enter the following command.

nordvpn meshnet peer list

Example

You will also see all your connected Meshnet devices, which have the potential to access this server, depending on their permissions.

Grant the traffic routing permission

To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command:

nordvpn meshnet peer routing allow <device>

Example

nordvpn meshnet peer routing allow secret.raccoon-everest.nord

For more information, see the Traffic routing permissions page.

Route traffic through your server

Your client devices should now be able to connect to the server. To do this, start routing traffic through the VM you set up, which you can now find among your Meshnet peer devices.

For specific instructions, see the Routing traffic in Meshnet article.

Your device's IP address should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.

PreviousOwn VPN server setupNextHow to create a VPN server with Microsoft Azure

Last updated

© 2024 Nord Security. All Rights Reserved.