So if there's anything that I
understood about my audience in the past 3 or so years of running this channel is that you guys really seem to like my VPN videos the 2 of my videos about VPN seem to get the most attention on my channel with a huge margin and, well, I like attention So here I am back with another banger I guess So a lot of you guys asked me in
the comments on those 2 VPN videos: "Wolfgang, look, I don't trust those
VPN companies and VPS companies. I don't want to spend my hard
earned dollars every month to pay for some kind of a VPS or VPN service. Can't I just host VPN at home,
in the comfort of my own house?" and the answer to that
question is "Well, it depends". So let's talk real quick about why
people use VPNs in the first place. Here are some of the most
common use cases for a VPN: Getting access to your home or corporate
network securely while being somewhere else Protecting yourself in a hostile or an
unsecured network on an airport or café Wi-Fi Or in some cases avoiding
tracking and surveillance by a malicious ISP at school or at work Tricking websites into thinking that you're
in a different country to get access to some kind of a gear restricted content Circumventing censorship and
getting access to stuff that is normally blocked by your ISP or your government And last but not least piracy – downloading illegal stuff
in countries where doing that on your normal ISP connection would get
you a hefty fine or a warning. Now obviously, those are not all
things that you can use a VPN for, because if I listed all the used
cases you'd be sitting here all day. But basically one thing that is
common about all of those cases is that people usually use a VPN
to pretend they're somewhere else ...for many reasons. And if you want to host your VPN at home it will be useful for you only when you need to pretend
that you're at home... Does that make sense? For example, you want to be out
and about somewhere in the café and you want to connect to
the unsecured Wi-Fi hotspot and if you don't quite trust
the network you're connecting to you can just establish a secured
encrypted tunnel to your own house to browse the internet safely
as though you were at home. And of course if you have
a homelab or a home server you can get access to all of
your local services securely without the need of exposing them to the Internet. This setup might also come in handy for
you if you often travel to countries where you can't torrent or visit certain websites or maybe if you want to watch your
local TV shows while you're abroad. So all of that begs the
question: Why not just use a VPN? Well first of all: no monthly costs. The only thing you need to pay is
the upfront cost for the hardware. I'll be using a Raspberry Pi here and it
costs about $60 with all the accessories but we'll also talk about cheaper
alternatives later in the video. The second reason is that you
don't have to trust any third party if you watched some of my
previous videos about VPNs you know my opinions about VPN
providers, they can be pretty sketchy but in this case you are
literally your own VPN provider. As long as you trust your ISP more than you
trust a random unsecured network in a café, you're good to go. And then last but not least,
accessing your local services securely while you're on the go I already mentioned that one so I
won't be going too much in depth here. Now let's talk about the requirements So, what are you going to need for this project First of all you need basic technical skills We won't be doing any PHD
level nuclear science here, but you will need some basic knowledge
of, you know, using a computer, some Google-Fu and basic problem solving skills. A lot of people in the
comments have been asking me "Look, Wolfgang, is there like a way, for like
less technically savvy people to do all of that?" and unfortunately that's just the entry
price you have to pay for that kind of stuff. You can either get yourself a VPN
service subscription and have no insight at what's going on behind the curtains, or who's getting your data where it goes to, etc. or you can spend some time
and do everything yourself and yes it might be technically challenging but you do get some kind of a control over
what you do and where your data goes to I'll keep this tutorial as simple as possible
and the video will be divided into chapters and you can use the YouTube speed setting
if i'm going a little bit too fast for you and I will also include a text version
of this guide in the video description so make sure you take a look at
that if you like this format better All in all, I think it's a cool weekend project
and definitely a good learning experience So let's talk about the technical requirements now First thing you'll need is a
dedicated Internet connection and access to your router's admin panel if you're connected to the public
Wi-Fi in your student dorm, unfortunately that's just not going to work. Then you'll need an ISP that is
okay with you hosting stuff at home Here in Germany, where I live, most of the
ISPs will let you host stuff at home just fine Except for the mail for some reason A lot of ISPs are blocking the
port 25 for outgoing mail here But in other countries some ISPs might put your
Internet connection behind a shared IP address and only offer a dedicated
IP address as a business service or something they have to pay for extra If you want an easy way to know
whether your ISP is dedicated or shared you can go to website like whoer.net and see
if it maybe says that you're behind a proxy If it does, that's a pretty good indicator that
your PC won't be accessible from the Internet so that tutorial is not going
to work for you, unfortunately You'll also need a router that supports
a function called "Port Forwarding" The easiest way to check is open your browser
and go to your router's administration panel (Usually something like 192.168.0.1 or 1.1) and look for a function called "Port Forwarding" I've had about 4 routers here in Germany,
and they all support that function One more thing that you'll need is a computer
that will basically live in your house and be on 24/7 It doesn't have to be super powerful or beefy if you have like an old laptop or a netbook,
laying around, that will do just fine. For this tutorial though, I'll use
a tiny computer called Raspberry Pi I'm sure that a lot of you are familiar with it It's small, relatively cheap, and
has a very low power consumption You can even run it off of
solar energy if you want Do keep in mind that apart from the board itself, you also need a power adapter
and at least an 8GB microSD card I wouldn't cheap out on microSD
cards because, you know, inexpensive microSD cards from Aliexpress
tend to break much faster than, you know, the brand ones from Kingston, Transcend
and other brands, so do keep that in mind. Optionally if you do have a monitor a
keyboard and a mouse somewhere in the house I would suggest buying a microHDMI to HDMI adapter That way you can connect your Raspberry
Pi directly to your monitor keyboard and mouse and it'll be a little bit easier to set up But if you don't have a monitor or a
TV that supports HDMI that's okay too, we'll go over the whole setup
process later in the video. You'll also need an Ethernet
cable and a microSD card reader if your computer doesn't already have that one Otherwise if you don't pay a lot for
electricity where you live and you don't care about the place the computer takes or the noise
you can take whatever you have laying around, just make sure it has Ethernet port and that
it's capable of running 64-bit operating systems. That being said, I will only be covering the
setup process for Raspberry Pi in this video. But do let me know in the comments if you'd
like to see a separate video on this topic, on how to set up a VPN on a regular
computer, such as a laptop or a netbook. Now with all the requirements and disclaimers
out of the way, let's get started! First thing we need to do is download
the operating system for our Raspberry Pi Depending on whether you're
setting it up with a monitor or without one you can download
either Raspberry Pi OS Desktop which looks like that or Raspberry Pi
OS Lite which looks kind of like that If you're doing it with a monitor or TV though the former has a benefit of being able
to open a browser and copy commands from my handy dandy text guide which I'll put in the video description down below Now I must say that Raspberry Pi
OS is a bit controversial and got into a bit of trouble lately for including
Microsoft's repositories in the installation So if you're a die-hard Linux veteran and you
don't want to contaminate your home network with the evil Microsoft software
feel free to choose something else Personally, I can recommend Ubuntu MATE or
"Mate" if you prefer as a solid alternative Next thing we need to do is download Etcher Etcher is a tool that will help us write the operating system that we just
downloaded to the micro SD card I chose Etcher because it runs
on Windows, Linux and macOS but if you have some other tool that you prefer,
such as dd or Rufus, you can use that instead After you have both Etcher and
Raspberry Pi on your computer you can now insert the microSD
card into your computer Then, launch Etcher, choose the Raspberry
Pi OS image that you just downloaded, select your microSD card and click "Flash" This is going to take some time so feel free to
grab a cup of coffee or tea while you're waiting After the flashing is done you'll see a
new volume in "This PC" menu called "boot" Go to that volume, create a new text file, and call it "ssh".
Be careful! It's not "ssh.txt", it's
"ssh", without any extension. To do that, you need to have the "Hide
extensions for known file types" option disabled in the File Explorer options. With that done, you can now eject
the microSD card from your computer Now put the SD card into the Raspberry Pi, plug your Ethernet cable into
the router, and into the board Then finally plug the USB Type-C cable into it In case you want to set up your
Raspberry Pi with a monitor, you also need to plug in the monitor, the
keyboard and the mouse into it at this point So once you've booted your Raspberry Pi up, you
will be presented with a very nice setup wizard which will actually let you skip
a huge portion of this video Just follow the instructions on the
screen and reboot your Pi when asked And now you can skip to this
timecode. See you there! Now you need to wait for about a couple of
minutes while your little computer is booting up and then let's open the browser again and
go to the router's administration panel Go to the page that lists all the
devices connected to the network and there it is! Just copy the IP
address of the Raspberry Pi here Now we need to open the command line interface On Mac and Linux it’s called Terminal, and on
Windows we're going to be using PowerShell. That's really the only difference for us, since we're only going to be using
it to talk to our Raspberry Pi so if you're in Windows, go to the
start menu and search for PowerShell open it and type this command:
"ssh pi@ [and here paste the IP of the Raspberry Pi]" you can use Cmd+C as usual on Mac, on Linux you
can use Ctrl+Shift+C or sometimes Ctrl+Alt+C and on Windows just right click on the
terminal and it's going to paste the text Answer yes to the next question and
type "raspberry" when asked for password The password won't be shown on the screen not even the asterisks or, like, circles and that applies to all the password fields in the Linux command line
interface, so don't worry about it First thing we need to do, is change the
default password to something more secure We won't be exposing a Raspberry
Pi to the internet per se, so you'll only be able to
access it from your house because of that I won't be going in depth
about advanced SSH login security in this video but if you're interested you can
check out this tutorial of mine where I discuss different
methods of securing remote access So in order to change the password,
you need to type "passwd", type your current password ("raspberry") and then type your new password twice And that's it! Next thing we're going to do is update our operating system to all the
latest versions of software For that, type "sudo apt
update && sudo apt upgrade" this will take a few minutes
depending on your internet speed and meanwhile you can make yourself another tea,
stare at the blinking lights on the Raspberry Pi, or sing some sea shanties After the installation is complete and you see the green command prompt again type "sudo reboot" to reboot the board. Now that we're done with the initial preparations we need to get ourselves a dynamic DNS hostname. The thing is, unless you're using
a business broadband connection your external IP address is not static it changes every week or so. IP addresses work pretty much in the
same way as physical addresses work so let's say you have a house in New York
and are waiting for an important letter But then next week you have to
move to, let's say Los Angeles how can you be sure that you get that letter? well you set up a mail forwarding service,
which gets all the letters for you and forwards them to your current address. A dynamic DNS service is kind of a mail
forwarding service, but for computers. Now there are a lot of DDNS providers out there, some of them free, some of
them with a subscription plan. For this tutorial, I'll be using a
free plan from freedns.afraid.org That being said, you can use any service you want I am not endorsing any particular one and the only reason I chose freedns.afraid.org is because that's the first free
dynamic DNS service I've found on Google that doesn't have any weird limitations After registering in a website and
activating your account via email, click on the "add a subdomain" Here the things that we need to change are Subdomain, just put whatever you want
here, I'm going to put "wolfgangsvpn". Domain, there are a few funny domain names here to choose from and I decided
to go with "crabdance.com" Destination, by default is going to
have your current IP address in there but we need to change it to 0.0.0.0 That way we'll be able to test if our
dynamic IP assignment software actually works after that, type in the
Captcha, and click on "Save!". Now we need to log back to
our Raspberry Pi by typing "ssh pi@[the ip address]"
in PowerShell or terminal You can also just press the up arrow key and that will give you the
last command you entered Next enter the password that we created earlier Now we need to install a piece
of software called ddclient for that type "sudo apt install
ddclient" and press Enter it's going to ask you for a lot of things, just pretend you don't know anything
by tapping enter until it gives up Now we need to tell ddclient
which address it needs to update for that type "sudo nano /etc/ddclient.conf" let's just delete all of those
lines and replace them with this convenient template that you can
find in my text guide in the description here we need to replace several things: "login" and "password", replace them
with your afraid.org credentials and "somedomain.moo.org", replace it
with the domain name that you chose After that is done, press Ctrl+O to
save the file and Ctrl+X to exit. Another file that we need to
edit is "/etc/default/ddclient" here we need to change everything to "false" except for this option, "run_daemon", this one we need to change to "true" Once that's done, Ctrl+O, Ctrl+X Now that all the configuration is done let's restart the ddclient service by
using "sudo systemctl restart ddclient" and see what it's been up to by typing
"sudo systemctl status ddclient" As you can see it actually
says "FAILED" in all caps but if you go back to our browser and
refresh the page with our subdomain you'll see that 0.0.0.0 changed
to our actual real IP address which means it worked. Finally let's make sure that
ddclient starts automatically every time we power our Raspberry Pi on,
by typing "sudo systemctl enable ddclient" Now one last thing that we need to
do before actually setting up the VPN is making sure that our VPN is accessible
from the outside of the home network for that go to your router's admin page and go to the port forwarding settings on FritzBox routers it's called
"Permit Access" for some reason. What we need to do here is
add another device for sharing Here on most routers you'll be
able to pick a device from a list so I'm going to pick Raspberry Pi here. Then we need to create a new port forwarding entry Here in the field "Application" I'm
going to select "Other application" and for the name let's enter "WireGuard" For the protocol, make sure to select "UDP" And as for the port we need
to forward the port 51820 on a lot of routers you'll need to select
2 ports, so "from" port and "to" port just select 51820 in both, and then make sure
that Internet access is allowed via IPv4 and IPv6 Then apply the settings and that's it! As usual with computers the hardest part
of a project is often preparing for it Now we're finally ready to
actually install and set up our VPN and this is really the easiest part of the video to set it up we're going to be
using a WireGuard install script from the Github user Nyr I've been using this script in my
personal machines for a few months and it's really solid and
reliable like a clockwork Let's copy this command from the Github page Go back to our terminal and paste it. As you can see, this command
actually needs root privileges to run so we need to type "sudo
bash wireguard-install.sh" The script is going to ask us for the
hostname that we want to use for the VPN: type your dynamic DNS domain
that we created earlier For client name just put any name you want and for "DNS" this is kind of personal preference I like to use the third option, 1.1.1.1 so if you're unsure just use that, and that's it! Let's just press F here and the
installation is going to begin So as you can see, the
Wireguard VPN is now installed and we have a big beautiful QR
code right here on the screen which we're going to use to
connect to our VPN from the phone Now you can simply download the WireGuard
application from App Store or Google Play launch the app and click on the "+" button Here choose "From a QR code"
and scan the code on the screen And that's it! Now you might want to ask
"why test it on a phone?" "Why not just use the same computer
that we're using to set everything up?" Well, the catch 22 here is that we can't
test our VPN on the home network because ...we're already on the home network So what I'm going to do now is I'm
going to turn off the Wi-Fi on my phone and then try to connect to our
VPN on the cellular network to see if my IP changes. As you can see after
connecting to the WireGuard VPN I can now see the IP of my
home internet connection and since I'm technically browsing
the Internet from my house I can now access all of my selfhosted
network services as though I were home And that's it! Now connecting to our home baked VPN from
a computer requires a few additional steps First we need to move the configuration
files to our home directory For that, log in to the Raspberry Pi
from the terminal, and type "sudo su", Enter and then "cp /root/*.conf /home/pi" Next we need to create a folder for all
of our WireGuard configuration files Now let's go to that folder, hold
"Shift", right click on the empty space and click "Open PowerShell window here" Here you can press the Up arrow key,
replace "ssh" with "sftp", and press Enter After you've entered the password, you can now
copy all the configuration files to your machine for that type "get *.conf" and press Enter. Now that we're done here, let's type
exit and close the PowerShell windows. WireGuard VPN is cross-platform, meaning
you can use it on Windows, Linux and macOS For Windows, we need to download this file, click on the executable, and now we're
ready to install our configuration file Launch WireGuard from the Start menu, and
press "Add tunnel configuration from a file" Now, I'm going to create a Wi-Fi hotspot on
my phone and connect to it on my computer and try to connect to the VPN And as you can see, after refreshing the page,
my IP changes to the IP of my home network And there you go, that's how
you set up a VPN at home! Thank you for watching this
video, I hope it was helpful If you have any questions, do not hesitate
to leave them down below in the comments And as usual, I want to thank my Patreons,
the people who support this channel. People such as Tim, Mitchell Valentino,
Ray Perea, and many many others. Thank you guys for watching, once
again, and I'll see you in the next one! Goodbye!
