 So a question I get all the time is people ask me about VPNs. Now I do like private internet access. They're very affordable. The system seems very good. They're reputable. They have a lot of options and a pretty straightforward setup to be able to put it on a VPN. And I've done videos on how to set up like a whole site VPN and things like that. I usually don't go for that even myself. I prefer to take each individual workstation that I want and have it connected to the VPN. And PA supports this. So you don't have to do your whole site. They do support individual, several computers logged in simultaneously through the VPN. Then we have only putting the devices that I want on a VPN on a VPN. And I don't put them all the time on a VPN for a good reason. VPN blocking. This is becoming a problem occasionally where companies like Hulu, Netflix and other companies decide to block VPN. So while you think you can use it to get around certain things, such as geo blocking, those companies get lists of those IP address and stop them. Second problem I've run into and you look up the reputation. So I'm connected right now to PAA. So it's this 8.2.1.0.2.20.1.70. We do a reputation lookup and the reputation for email is poor because people are probably using it for spam. Web reputation is neutral, but it is on blacklist. And what happens is because everyone's tunneling through many, many people, you're blending into the crowd. So to speak with 8.2.1.0.2.20.1.70. Yes, the lots of people are probably doing very bad things and other companies will start doing things like going, hey, we just blocked that. We don't want people trying to be anonymous visiting our website. So you may find services you try to use, stop you from using them based on the IP address, but you want it shared like this. So what about running your own VPN with your own server? Well, that's absolutely possible. Now you can run this at home. You can run this at work. You can run this in different places. It's a really simple open VPN installer. I'm specifically running it in a digital ocean droplet. That way you can take, let's say I'm at a public Wi-Fi hotspot and coffee house, whatever. Restaurants, one of the problems you run into with places like that is you don't trust their network. They may be manipulating the DNS. So your computer gets the DNS from the local network and maybe they're manipulating. Well, one way to solve it is DNS over HTTPS or DOH. I have a video on that. Also, another option is to tunnel everything to VPN. And for us, I do have PF Sense firewalls at home and at work. So I've got open VPN on here. What if you wanted to have a droplet sitting around somewhere so you can pop out somewhere else and you control the reputation of it because you control the droplet? Oh, let's talk about that. So I have a droplet created and first actually let's run over back to the reputation. So here's the droplet IP address we're gonna be using. 157-230-4485. Email, web reputation, neutral because it doesn't have spam or otherwise. I popped this out in Singapore. So I felt like being in Singapore with this IP address. So they don't really seem to have anything in there. Network owner, digital ocean and not on any blacklist which is kind of be expected. It's a digital ocean provided someone didn't use this IP address or something bad. It won't be on a blacklist. So when you create the droplet, if you were to get a droplet with a bad IP address, you know, before you do anything with it, go ahead and delete it or I think you can request and change an IP address. If you delete it and bring it back, that'll change it as well. Let's look at what droplet we created. So I did the WN10 standard because we don't need much starter, a one gig, one CPU, 25 gig SSD and 1,000 GB of transfer. Now that is an important thing to remember is yes, you have to pay for the transfers. The way companies like PA make that cheaper because of everyone sharing an IP address. So they're buying it in bulk and you know, spreading the cost out about everyone but that's the shared IP. When you're in here, you do have to watch your transfers. Now here is the pricing of digital ocean. So take this for a worth is overages above pool transfer be charged at a rate of 0.01 per gig. So one cent per gig. So if you're getting over, so just keep that in mind that there is a fee in case you do go over on any of the transfer rates. So let's go over to what the system here. So like I said, WN10, create droplet, way we go. You don't really need to do anything more than that. Choose where you want to be. I chose Singapore when I did this one and let's see what it looks like when it's set up. So the SSH route at 157, 230, 44, 85 and we're in. Now you notice that I did already load the dot files here and what the dot files are is my customized, a lot of people ask me like this, I want to make the shell look like yours, Tom. No problem. And that's available on my GitHub. So you go here and I'll leave a link below to this and you can go ahead and download these files and you can make your shell look like mine. I've got instructions on how to do it really, really easy to do. Now by the way, if you are running as root, you do have to take the sudo out. So I did modify them slightly. You don't use sudo and that's because I don't have it installed. Now let's talk about this one click open VPN install. And I really like this one. And I've covered this before, but this one goes a little bit further and it has a few more options. So here is the things you need to do to get it loaded. And we can just copy and paste the command. Someone will complain that you don't just copy random things off the internet, but yeah, take it for what it's worth. Type it out by hand if you want. We're going to go ahead and copy. Now before and from a clean install of a digital ocean droplet, you do have to do apt-get install curl. You have to make sure you do have the curl in there. Curl is already installed because I already put it in here. Knowing I needed that. Cause if not, you'll get an error. So I've already updated it. So you know, you do an apt-get update. Make sure the systems is completely up to date. It's actually one of the very first steps you always do. And then an upgrade. And I'll go ahead and throw this in here real quick. Unattended upgrades. We'll throw this on here and say yes while we're waiting real quick. Because I don't want you putting out a system that you'll forget to ever patch. So if you use unattended upgrades, the default is installing security patches for the system. At least it will be security patched. It's the default for unattended upgrades. That just means go ahead and apply those security patches. But do go in and make sure, I'm not gonna get too off topic on this, but do make sure you keep your servers up to date if you're gonna use them. Don't become part of the botnet of things out there. All right, so now we in curl and download this. That's curl that right there. Sage mod plus X, which means make it executable. The open VPN install. All right, there it is. Now watch the magic happen. We're gonna go ahead and dot slash open VPN install. What's the IP address right here? By the way, this is smart enough. If you do this internally on a server, it will ask you for your public IP as it realizes it must be behind a firewall. So FYI, I thought that was kind of neat. So do we want an evil IPv6? Nope. Default port, yes, but you can change it. They made it very easy or they'll pick one for you. You can let it pick a random port, but because we have the firewall set to 1194, we're just gonna use it default port. DCP or UDP? Yep, we're gonna go ahead with UDP. Who do you wanna use for DNS? This seems to be like a controversial topic, but you can use whatever the system has for DNS. You can use quad nine, et cetera, et cetera. They've got a few different options in here. But if you have something custom, edit your own resolve comp, put the custom thing that makes you happy in there. But we're gonna go ahead and use the cloudflare DNS option three, which is the default. Do you want to use compression? It is not recommended since the voracle attack to make use of it. If you're not familiar with this, this is a weird edge case where someone could try to determine what traffic was inside of VPN based on how compressible it is. It's an unusual angle for an attack in my opinion, but I thought it was interesting. So it does have the default option of no, it's up to you if you wanna use the compression or not. A lot of sites use compression anyways, like GZO compression. So there's already a level of compression happening. I don't really know how much of a benefit it is in terms of VPN speed. If you are wanting to mess with, it gives you the option to customize encryption settings. We're not gonna choose that. We're gonna use the defaults. It does have solid encryption from default, the center. And now I'm gonna make you a open VPN server. It goes out, updates, grabs the package as needed. And we're almost done. Doing this on real time. I'm not fast-forwarding anything. You can see how fast it sets up. Client name. This is an added feature, some of the other ones. You have the option to password protect the open VPN files. Now granted, it's not on a tax surface, not having the password is bad as you might think because with a username and all the certificates, they still need that open VPN file with those certificates in it in order to log in. So I'm not gonna set up a password but we'll set up the client name of Thomas. So here we go. Add a password list client. We're gonna say yes, but you do have like an option if you wanted to have a username password on there for ease of use. I just, this is just a VPN so I'm able to get out to the internet. Now I will admit, if you're ever doing a work VPN, please don't ever set it to be password list. That's way too much convenient because you're getting inside of a network. This is just so we can quickly grab this and tunnel through this network which I'm a little bit less concerned about but obviously if someone grabbed that file without a password on it, all they need is that file and they'd be able to tunnel in. Take that for what it's worth. It has the option to add a password if you want it. Now, for each user you create, there's a Thomas one. Let's create another user. And all you have to do is create another user. You run it again. It realizes it's already installed which by the way it gives you an option to add on a user, revoke a user or remove open VPN and start over and remove all of this. We're gonna add one more user. YouTube. Yep, same thing. Way to go. So now we can import those files and it just drops them right here in root. Now, if you're on Windows, you're gonna have to use a tool like WinSCP or something that you get in here. I'm on Linux, so it's not a big deal. Or, and I do recommend this, if you're using Windows 10, learn how to use the Windows subsystem for Linux and you can get a cool shell and they did a nice update so you can run Bash from the command line. You can set your SSH keys up. I really like that they added that into Windows but I'm a Linux user, so it's novel but not necessary. If you're wondering how to do this, it's scp root on backslash. It's root because we know where it's at. We know it's in the root folder and it's YouTube.ovpn. And then we're gonna call it ovpn here. What this does, instead of scp to copy to something, you're actually saying no, copy this to a local file with the same name and away we go. Now, there's the YouTube OpenVPN file. So how do we connect with it? Well, you can do the import and that varies with a lot of Linux distributions of how you import it and put the settings in. You can, and actually we can open it up real quick. These are human readable. So here's the static settings for like the remote, DevTon, blah, blah, blah, which encryption you're using. Here's the keys and you can manually set up the VPN. Like I said, sometimes you can import them. It all depends on which version of Linux you're using. One of the other things you can do in Linux is because this is command line, you do have to do sudo if you're not running as root to get this to connect. So sudo, open VPN, YouTube. Didn't mean to put the dot slash in front of it. So sudo, open VPN, put the password in. Now, if you were to do it without sudo, it doesn't have permission to modify the network and this is often even in Windows you have to run open VPN as administrator because it has to make network changes. So now the changes have been made, we're connected. That's it, no password. It's got the username in there. So let's look at our IP address now. Here too, and there's my IP address. 157-230-4485, which like I said, same as our digital ocean. That's it, it's done, it's set up. Now any of the data transfers I do as far as where am I at? I like this one here. So it thinks I'm in Singapore. Here's the location on the map. So I show in Singapore. It's just like any other VPN at this point. I'm surfing the web, fine. What does Google think? Hey look, Google's has different options. Me, so like I said, even Google thinks right here at the bottom that I'm in Singapore. That's it, that's all you have to do to get this set up and working. And like I said, you can add more users and things like that. It's really straightforward and simple. Now for those of you running Windows, it's kind of the same thing you can go through and download the open VPN tool and import that file, that old VPN file and then you have your own VPN. There's really not much else to it. This script is really simple. I really like how it's pretty much, you can even auto install it. So they have options in here. So go ahead and like build installer and go ahead and just build it even faster, which I thought was actually kind of cool. So it does have the option of working behind that. So you can port forward to it. So if you don't have like something nice like a PF Sense Firewall that has VPN built in, it does have that option to work behind there. It does support more than just DB and 10, Fedora, Ubuntu, et cetera, et cetera. They have a whole compatibility list. Like I said, leave links to all this. And if you want to sign up for DigitalOcean, I do have an offer code and affiliate link. If you'd like to sign up to that, it does help out the channel and I do appreciate it. And if you want to sign up for PIA because you're going, I don't want to do any of this. I just want to use a VPN like PIA. PIA is a great service and I use them as well. There's an offer code down there for that too. So like I said, leave links to all this. It's kind of fun to play with, but it's really easy to run your own VPN and then put it in a place and maybe get around things because like I said, the reputation on this and I'm the only one using it or any friends I share it with are the only ones using it and you know, so I'm fine with this. Maybe that's something you want to do is share the VPN between you and your friends and share the $5 a month cost plus any overages for bandwidth that you have and tie it all to this VPN and just don't give it to friends that'll give this IP address a bad reputation and it should stay unblocked. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up. If you want to subscribe to this channel to see more content, hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you want to hire us for a project that you've seen or discussed in this video, head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us. Also, if you want to carry on the discussion further head over to forums.laurancesystems.com where we can keep the conversation going and if you want to help the channel out in other ways we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.