Build Your Own VPN Proxy

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
if you're interested in building your own personal VPN proxy server in order to surf the web privately and anonymously then this is the video for you stay tuned welcome to crosstalk Solutions my name is Chris and by now you've probably heard a lot about protecting yourself online with a VPN proxy you've probably even heard the names of some of the top VPN proxy providers Nord VPN tor guard tunnel bear and my own personal favorite which is private Internet access that's a service that I use daily and I highly recommend if you get frustrated trying to build your own VPN proxy then I recommend checking them out and my referral code is down in the description below but what does a VPN proxy do exactly well there's two parts the VPN and the proxy now essentially you're creating a secure tunnel between you and a random computer server located somewhere around the globe from that server you do all of your web surfing your YouTube or Netflix watching file downloading and whatever else now if you're connecting to a server in Seattle Washington you appear to the Internet as coming from some random IP address in Seattle Washington no matter what your actual location is that's the proxy part you're not surfing the web directly out of the IP address that was given to you by your ISP you're someone else completely and anonymous your ISP can see perhaps how much bandwidth is being transferred from the Internet to your home and back but because the tunnel is encrypted with VPN they can't tell what you're downloading where you're surfing or what you're watching I like to think of it as a big opaque garden hose stretching across your yard the ISP can hear that liquid is flowing through the hose but they don't know where that liquids going or even what kind of liquid it is there are a ton of other advantages and benefits to using a VPN proxy besides the security aspect as well but the bottom line is that using a VPN proxy is a really great habit to have your ISP can't watch you but then this brings up a logical next question are you just picking a different watcher - who's to say that your VPN proxy service isn't storing all sorts of information about you and then selling that information to the highest bidder or happily handing over years worth of server logs to anyone who comes knocking with a subpoena most VPN proxy services have very clear policies about this stuff and in the case of private Internet access they claim to not keep any traffic or access logs and they even have a transparency report that shows how many warrants and subpoenas they've received and complied to but of course the internet being the skeptical den of villainy that it is a lot of people are still not convinced that any third party VPN proxy service is trustworthy so for those people here's some good news in this video we're gonna teach you how to build your own now there's a fantastic project on github called Streisand as in the Streisand effect or the phenomenon by which an attempt to hide remove or censor a piece of information has the unintended consequence of publicizing that information more widely so back in 2003 Barbra Streisand made a big stink about trying to suppress photos of her Malibu California home it became such a big story that it actually drew a lot more attention to the home than it would have if she just stayed out of it completely so let's set up our own personal Streisand VPN proxy server this project is a great overall learning experience it gives you experience in working with a cloud server provider such as digital ocean and it has a decent amount of Linux and a decent amount of networking as well I would rate this an intermediate skill level project but it's really really satisfying once it's up and running and protecting you from your big bad ISP the Streisand VPN project tries to automate the server setup as much as possible they've really done most of the heavy lifting so huge huge kudos to the folks behind that project but these instructions will walk you through the setup start to finish step-by-step if you follow these steps exactly you will have a working Streisand server in the end and like all of my projects I will do my best to keep the documentation up to date as things change now as I said this is an intermediate level project in this video and the accompanying blog post will get you all of the way from nothing all the way up to having a fully functional strife Streisand VPN proxy server setup however and this is completely optional if you're interested in supporting cross talks efforts in documenting this process for you you can optionally purchase a downloadable PDF of these instructions that contains everything in the blog post online as well as an additional 12 pages worth of instructions for connecting your various client devices such as your PC your iOS or your Android devices in a variety of different methods now again you do not need the PDF but if you want it it does go further than I'm gonna go in this video beyond the server setup and into the client setup as well that PDF is downloadable through the crosstalk solutions store and it has a price tag of $9.95 link down below for anyone who's interested and I greatly appreciate the support now with that being said to set up streisand we're gonna need two separate digital ocean servers the first server will be our builder server and the second server will be our VPN proxy the builder server is just that we're creating a freshly installed Ubuntu Linux server that will in turn be used to build our VPN proxy server through a series of scripts and automated steps now you can use an existing server as your builder but honestly if you stray from these instructions at all you really have to have a decent knowledge of what you're doing if you're still learning stick with these steps and you'll be good the builder server on digitalocean cost five dollars a month and you really only need it up and running for a few hours to get this done it's worth a few cents to start with a clean foundation okay with all that being said let's go ahead and get started to build my VPN proxy server I'm gonna be following along with a blog post that I wrote on crosstalk solutions.com there's a link down below to the blog post and I highly suggest that you follow along with the blogpost so that you can copy and paste all the commands instead of having to type everything in manually the first step is to log into digital ocean if you don't yet have a digital ocean account you can use my affiliate link to sign up that'll get you a hundred dollars worth of digital ocean credit and I would be very appreciative of those sign ups because it helps out the crosstalk Solutions channel okay once you're logged in we need to create our streisand builder server so this is the first of the two servers that we're going to have this is the server that we're going to use to in turn then build the VPN proxy server so let's do that now I'm popping over to digital ocean I'm going to say create a droplet and we're gonna do a boon to 16.0 4.6 64-bit version we're gonna choose the standard plan and then down here we certainly don't need to go $40 a month for this server so we're gonna scroll all the way down to the bottom and we're gonna choose the five dollars per month server which is actually the point seven cents per hour server and you know assuming that everything goes well we can actually destroy this server in just a few hours here now since we're going to destroy this server in just a few hours you don't need to enable automated backups or any of the extra bells and whistles you just need to choose a data center to host this virtual server in and I'm gonna choose San Francisco to just because that is geographically close to my location all right I'm gonna scroll all the way down to the bottom and we want to give this server a hostname I'm gonna call it Streisand builder and this does not have to be a fully qualified domain name this is not something that we're gonna actually resolve DNS requests - we will need an fqdn for the VPN proxy server but we'll cross that bridge when we come to it okay go ahead and click create and what's going to happen now is your server will be created you will get an IP address and you will get an email from digitalocean with the IP address as well as the default root password so wait until you get that email and then we can move on to the next steps all right so we can see the IP address here I'm gonna copy that and I'm gonna pop open putty now you can use putty or any other SSH program to get into the server I personally prefer putty because it's free and it's easy to use and we're going to be using putty for the rest of this documentation okay so we're gonna paste the IP address as the host name and then you want to go to that email that digital ocean sent you and copy the password so we're gonna say open and say yes to the security alert and then we're gonna log in as root and then shift insert to paste the password you can also right click to paste the first thing it's going to have us do is change that password so shift insert or right-click again to paste that password one more time and now pick a new password that you're going to enter once and then confirm and now I have successfully logged into my streisand builder server okay let me rearrange my windows a little bit here and once we've logged in the first thing we want to do is create an SSH a key pair we're gonna do that by saying SSH - key Jen and then just hit enter three times to take the defaults enter enter enter now if you do LS - la SSH you should see an ID underscore RSA and an ID underscore RSA pub we want to backup both of these files these are our private and public key files so we're gonna say Kat dot SSH slash ID underscore RSA and then we can see the key is output to the screen here I'm just gonna copy that with ctrl insert and then I'm gonna paste it into notepad and save that onto my computer alright that's our private key you also want to do the same thing for the public key which is the ID underscore RSA dot Pub file ok and now I have my public and private keys backed up people always give me crap by the way about showing my public and private keys on video but by the time you guys are watching this video this server will be destroyed so there's no need go ahead and copy it down if you want it's literally of no use to you alright so now that we have our public and private keys backed up we need to install the programs that will then allow us to download the software that we need from github so we're gonna say sudo apt update and and sudo apt install git and Python - pip - why the - why is just our confirmation that we want to go ahead and do this so that it doesn't prompt us and this process takes about one minute or so to complete okay there we go and now that we've done that we need to download and execute the scripts that will allow us to create our Streisand VPN proxy server so we're gonna clone that software from github which basically just means we're grabbing a copy of that software from the github repository so I'm gonna copy this command here and paste it into putty and if we do LS - la we can see that we have now moved into the slash strife streisand folder and we have all of this software that was downloaded so this next part is a little bit tricky and what we're gonna do here is we're gonna run this command dot slash util keep in mind that this command is relative to the streisand path that we're currently in so it's slash util slash V env - dependencies SH dot slash ve and V now the first time that we run this command it should be relatively quick and it's gonna tell us setup will fail without these packages so basically what we did was a dependency check and it found all of these different packages that we need to install first before we can run that same command again so let's go ahead and do that it gives us the command right here so we're gonna copy this and I'm gonna say sudo space and then shift insert - paste it and I don't know if you need sudo there or not for sure but I always just do it to be safe and then that has now installed all of those missing dependencies so we can hit up up and we can run that util vem dependencies SH command one more time okay so now this is running this is installing some stuff it's going to stop install everything that we need to do the actual build of the Streisand VPN proxy server and this process is going to take about two minutes or so you also might see some Python 2.7 warnings in red text you can safely ignore those warnings okay so once that has completed you'll see this command you'll see this here all dependencies installed to use this environment run this in your shell okay so now is the fun part we're actually going to start building our VPN proxy server we're gonna say source dot ve NV dot slash V env scuse me slash bin slash activate and now you'll see the command prompt here has changed to a V E and V in the front and then we want to say dot slash streisand so the first thing that we are asked when we run this streisand command this is by the way in ansible script if you're not familiar with what that is it's basically a scripting language that is really really powerful as you can see this is going to do a lot of stuff for us and I'll explain what it's doing as we're going but the first thing that we are asked is which cloud service provider we are using I have set this up in two different ways I've set it up with digitalocean I've also set it up using an existing server so just a blank ubuntu 16.04 server both works perfectly fine for me but you can also do lie node or Rackspace or Amazon or Azure there's a bunch of different options here this tutorial is on digital ocean so I can only support or you know talk about what's happening with digital ocean so we're gonna say three for digital ocean and it says do you wish to customize which services streisand will install I don't want to do any customization so we're going to say no and it starts to do its thing now it's going to ask me which region should the server be located in and that is basically you know when we created the droplet for the streisand builder remember I picked San Francisco datacenter number two now you don't have to pick the same data center that you picked for your streisand builder however I'm going to go ahead and do that just because it's convenient so I'm gonna say number 10 here which is San Francisco data center 2 and now we can say what should the server be named and this is the name as it's going to show up in the digital ocean interface so I'm just going to call this stri sand VPN server and we're gonna press Enter the next thing it asks us for is our digital ocean personal access token now the personal ask access token is basically an API string that we're going to download from digital ocean that allows us to run commands and successfully authenticate ourselves from a third-party application so let's pop back over to digital ocean and in digital ocean we want to click down here on API and then here we can see personal access tokens now I have an old one in here from an older streisand VPN server so I'm just going to delete that one first and then we're gonna create a brand-new one as if we're just starting from scratch so I'm gonna say generate new token we're gonna call this streisand VPN server and then we're gonna say generate token now your token is generated here we're gonna copy that token again this will be destroyed by the time you guys are watching this video so don't even try it and we're going to go back to SSH and we're just gonna paste that API token and hit enter next this is asking us for what we want to call our SSH key pair so the SSH key pair that we already generated is going to end up showing up in our digital ocean interface and this is just a friendly name for that SSH key pair that we could potentially reuse with other servers even other Streisand VPN proxy servers if we're going to build multiple servers so if you don't have an SSH key already in digitalocean that's named Streisand then you can just safely press enter here and now it's telling us Streisand will now set up your server this process usually takes around 10 minutes press ENTER to begin setup and so we're going to go ahead and press enter now it's gonna start running through all of these scripts and if you go back to digitalocean and click on droplets one of the first things you're going to see here is that it is already creating a new Streisand VPN server droplet that's the friendly name that I gave it just a few steps ago so it's going to create this droplet and then it is going to prompt us next for a fully qualified domain name and that is for let's encrypt so what you want to do is keep an eye on the Streisand VPN server progress and then as soon as you have an IP address like the one that I have here you want to log in to your DNS provider whether that's your hosting provider or whomever you know hosts the DNS names where you can create an a record and you need to create an a record for some fully qualified domain name and it needs to point to this IP address for the Streisand VPN server so while it's building in the background once you have the IP go ahead and shoot over to your DNS hosting provider and create that DNS a record okay so we can see here that we are now being prompted for that DNS a record it says enter your fully qualified domain name below we can see that digitalocean gave me an IP address of 206 that 189 dot 72 52 and if I ping my VPN crosstalk solutions comm which is the fqdn that I chose for my own install here we can see that that resolves to 206 189 72 52 okay so that a record already resolves to the Streisand VPN server so we know we are good to go at this point and I'm gonna type in my VPN cross-talk solutions.com and press enter now it asked us for a contact email this is for let's encrypt so basically if there's a problem renewing your certificate it's going to shoot you an email to this email if you want to skip this you can just press ENTER but I do suggest you put in a valid email address once you have that email address in once again press ENTER once the process has finished and in my case it took about 14 minutes to complete all of the steps to create the Streisand VPN server you're going to get this message server setup is complete and if you press ENTER you get a summary of some stuff that either passed or failed now during the installation you may have noticed that there were a couple of packages that quote-unquote failed and then there was a 20-second pause okay and it shows a big red scary-looking error all right those are okay I got to Feiler failures in my setup and that's fine however if you get like 30 failures or 12 failures or some higher number of failures then you probably did something wrong in the initial steps but two failures like said the ones that I have here that appears to be normal and I believe those failures were just GPG checks that that did not pass the the check for a piece of software that was downloaded okay so once we have our server built the next thing we need to do is connect to our Streisand VPN server and if we go here to generated Docs so if we look in the directory that we're in right now we are in /root slash Streisand if we do LS - LA there is a new folder that's been created called generated Docs let's go in there CD generated Docs and here we have basically two far two files we have a French and an English version of the same two files we have Streisand VPN server HTML and then we have Streisand VPN server - firewall - information - HTML so let's go ahead and take a look at the Streisand VPN server HTML one of the easiest ways to do that from windows of course you can just download that file and open it up with any you know browser but I like to use winscp so I'm going to bring up winscp first and I'm going to connect to the Streisand builder server using the root root as the username and the password that I set when we initially created that server okay and now we can go into Streisand and then generated Docs and then I'm just gonna right click on Streisand VPN server and choose open and here we can see that this is how we're going to connect to the Streisand gateway so with SSL HTTPS we can right-click open in a new tab and then here's our username and password it's streisand for the username and then a randomly generated passphrase for the passwords let me copy this and we're gonna say Streisand and paste sign in okay this is on our Streisand VPN server so number one make a copy of this information right here and then once you've connected to my VPN whatever comm this gives you all of the information that you're going to need to connect up your clients your iPhone your Android devices your Windows or Mac PCs all of the information needed to connect those devices along with full like really detailed instructions are in the is it's in this document right here now I'm not going to cover how to connect every type of different little client to this Streisand VPN server but what I am going to do is we're going to connect to this server using SSH and we're going to connect to the server with a SSH tunnel in place so that once we connect we will be able to surf using Firefox surf through our Streisand VPN server okay so let's go ahead and do that next plus there's one additional step that needs to be done in some of the open VPN configuration files in order to be able to connect successfully with Open VPN so we're going to fix that one configuration file and we're going to connect using SSH with an SSH tunnel that will allow us to in turn use Firefox to browse securely through our Streisand VPN server proxy okay hopefully that's not too confusing let's go ahead and get started for the connections start instructions you can click down here on SSH and this will give you SSH instructions for using putty very similarly to the way that we're about to do it and these instructions 100% work I have tested them out however they don't allow you to actually create a command shell or log in to the Streisand VPN server in order to you know fix that config file so I'm gonna do this a little bit differently then you have in the instructions here but but these instructions do absolutely work okay so the first thing we need to do is open up puttygen and we need to convert the private key file that we downloaded in like step 3 we need to convert that to a dot PPK file so let's go ahead and run puttygen and you want to click on load and load up the ID underscore RSA key that you saved earlier ok we've successfully imported that key and then we just want to save private key as a dot PPK file ok that's it we can close puttygen and now we need to do a new putty session okay so for the hostname we're gonna say my VPN dot crosstalk solutions.com again substitute your own fully qualified domain name there then we want to click on connection SSH right here and then open that up and click on off au th or authentication then you want to browse and select that PPK file that we just generated from puttygen ok I have that in place now and the next thing we want to do is we want to click on SSH connection SSH and then click on tunnels right here and we're going to add a new source port of 8080 and we want that to be dynamic then we're gonna click Add and it's gonna show up in this box up here as d 8080 finally scroll all the way back up and click back on session and then what you can do here is click save or a copy your fqdn copy paste it under save sessions and then hit save in order to save all this information so you don't have to type it in again the next time you launch putty and want to connect to your server once you've saved your session go ahead and click open and then say yes we're gonna log in as root and we should successfully authenticate with our streisand VPN proxy server okay so we have SSH into our streisand VPN server and now we're going to proxy Firefox through our streisand VPN server on port 8080 since we added port 8080 as an SSH tunnel when we created the putty session okay so the first thing we want to do is bring a firefox over and you want to click on these three little lines and choose options scroll down to the very bottom click settings and then you should be configured as no proxy by default but we're going to change this to manual proxy configuration this is going to be a Sox v5 proxy the Sox host is going to be our localhost address 1 2700 dot one on port 8080 okay so we have that set we're gonna click OK and now you can surf through Firefox through your Streisand VPN proxy server and how can we tell that it's working we can tell that by going to a website that's going to show us our external IP address such as what is my IP comm or IP cow comm or IP chicken comm or any other number of sites that will show a win IP address so let's just go to what is my IP comm and you can see here that my IP address is 2 Oh 6.1 89.7 T 252 now if we bring over our digitalocean droplet page the IP address of our Strife's and VPN server is 206 dot 189 dot 72-52 so that matches and that means that anything that we are surfing from firefox any web pages that we go to etc we are going to be surfing through the streisand VPN proxy server so that is working and the next thing that we need to do is actually fix Open VPN so we can successfully proxy Firefox through but if you wanted to use opie Open VPN so that you could proxy all of your computer's traffic using Open VPN through the Streisand VPN server there are a couple of settings that we need to change in order to make that happen otherwise when you try to connect Open VPN it just goes into a loop and it never actually connects ok so let's fix that this is going to be step 12 of the documentation fix Open VPN configuration settings and we need to just change this line limit and procs equals and we need to change that line in three different files on the streisand VPN server the first file is this one Lib system D system Open VPN at service so we're gonna copy this here paste that in there and then we want to scroll down until we find limit and proc equals it's ten by default we want to change it to 27 now what does this line do and why are we changing it to 27 I haven't the slightest idea honestly and if you do know what limit and proc is I'm sure I could look it up but put that down in the comments below I'd be happy to hear about that when it wasn't working for me I emailed the project the people that put on the streisand project and they emailed me back and said yeah it's a known issue you just have to change this to 27 bla bla bla and so I did it and it worked and that's good enough for me okay so control X followed by yes and entered to save and exit that file and then we want to do the same thing for two other files Etsy system D system openvpn @ server dot service and OpenVPN @ server - UDP dot service again all of this is in the blog post just copy and paste make your life easy okay 27 control X yes enter and then we're going to do this last one here okay and now at this point we want to basically just reboot the server now it says here do systemctl daemon reload and then reboot you can probably just reboot without the daemon reload but I like to be thorough so we're gonna say systemctl da e mo and - reload and then reboot okay once the server comes back up you should be able to connect up your open VPN clients no problem that's it congratulations you now have your streisand VPN proxy server up and running and let's do a speed test just to make sure we're not gonna be slowing down any of our traffic I have a spectrum business 300 by 20 cable connection here in my home office you can see what is my IP let's just double check make sure that I am still in that same proxy IP address I am and let's open up fast comm and see what kind of speeds we're getting there we go 350 megabits per second through my Streisand VPN proxy server let's also do speedtest.net just for kicks and we're gonna click go you can see that my ISP my quote/unquote ISP and when IP says digitalocean LLC and my speed test shows 331 down and four point four eight up so not so great on the upload but again your mileage may vary I've also had this running on my iPhone connected through wire guard for about the past 48 hours I have not noticed any slowdown or any problems running through this VPN proxy server through my iPhone as well it's been working just perfectly alright there you go at this point you can follow the instructions when you log into the GUI of your streisand VPN server you've got full client instructions for how to connect your iPhone your Android devices Open VPN wire guard Windows 10 Mac whatever client you happen to want to connect through your streisand VPN server there are full instructions I tested most of them and there's a little of a few caveats here and there and if you're interested in supporting cross talk solutions you can certainly purchase the PDF as I mentioned earlier where I detail some of the instructions for connecting clients I do android devices iOS devices using either open VPN or wire guard as well as Windows 10 using Open VPN so all of that extra client connection information is beyond the scope of this video but it is in that PDF if you're interested in downloading it of course you don't have to you can just look at the instructions and figure it out just like I did and if you're like Chris you're a greedy bastard for trying to charge money for that documentation again it's totally optional but if you do have extra money that's burning a hole in your wallet and you would like to donate to perhaps the streisand projects the creator of the project joshua lund out of Salt Lake City Utah does not take donations through the Streisand page however he did put a statement out on this and he said he's not looking to make any money off of Streisand but you can donate to one of these other causes which would be the ACLU Debian the Electronic Frontier Foundation the freedom of the press foundation open whisper systems or the Tor project and I will put a link to that statement as well down below if you would like to donate to any of those really good causes okay there you go there is the complete set up for the Streisand VPN server proxy what do you guys think put your thoughts down in the comments below I would love to hear them and if you enjoyed this video please give me a thumbs up if you'd like to see more videos like this please click subscribe my name is Chris for the crosstalk solutions and thank you so much for watching [Music]
Info
Channel: Crosstalk Solutions
Views: 98,197
Rating: undefined out of 5
Keywords: streisand vpn, crosstalk, crosstalk solutions, vpn proxy, build vpn proxy, vpn proxy server, vpn for android, vpn for iphone, vpn for windows 10, vpn explained, vpn proxy for pc, vpn proxy iphone, streisand vpn setup, streisand vpn tutorial, streisand vpn digitalocean, digital ocean, virtual private network, how to make a vpn, free vpn, private internet access
Id: UGNVXtSurvQ
Channel Id: undefined
Length: 33min 54sec (2034 seconds)
Published: Thu May 09 2019
Related Videos
You Should Be Using Yubikeys!
Crosstalk Solutions
427K
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
1.4M
How to Create Private and Group Calls
BridgeCom Systems, Inc
593
#295 Raspberry Pi Server based on Docker, with VPN, Dropbox backup, Influx, Grafana, etc: IOTstack
Andreas Spiess
772K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
We *ALMOST* Got Scammed! Here's the story..
Crosstalk Solutions
60K
Ubiquiti Breach Update - Mind Blowing New Info!
Crosstalk Solutions
86K
Don't Talk to the Police
Regent University School of Law
16M
PiVPN : How to Run a VPN Server on a $35 Raspberry Pi!
Lon.TV
794K
Secure IoT Network Configuration
Crosstalk Solutions
319K
$250 Slab To $7700 Table
Blacktail Studio
3.6M
Unifi Controller Security Best Practices
Crosstalk Solutions
55K
Budget 10Gbps Networking
Crosstalk Solutions
177K
How To Build Your Own Wireguard VPN Server in The Cloud
Lawrence Systems
82K
VPN - Virtual Private Networking
Eli the Computer Guy
2.1M
An Introduction to GCP for Students
Google Cloud Tech
728K
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Access Internal Networks with Reverse VPN connections - Hak5 1921
Hak5
184K
Complete UniFi Setup Start to Finish 2019
Crosstalk Solutions
703K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.