How to Set Up IPsec VPN on Your Server

In this post, I will describe the easiest way to deploy a VPN (using the native IPsec protocol for Apple devices) on your hosting.

Where to get a server

I assume that you have already purchased a VPS with an Ubuntu/Debian system deployed. You can buy a VPS at an average price of $5 on hosting providers like DigitalOcean, Vultr and others. Choose the cheapest VPS in a convenient region and launch it.

VPS Preparation

To make everything work smoothly, you should perform a few steps on your VPS:

  1. Update the packages
$ apt-get update
$ apt-get install vim
  1. Disable password access
# Редактируем файл
$ vim /etc/ssh/sshd_config
# выставляем значение `no` для `PasswordAuthentication no`
# перезапускаем SSH
$ systemctl restart ssh
  1. Enable the firewall
$ ufw allow OpenSSH
$ ufw allow 4500/udp
$ ufw allow 500/udp
$ ufw enable
$ ufw status

How to

Once your VPS is ready for work, use the following command as root:

wget -qO && sudo sh

It will install everything you need and configure the VPN. In the end, it will provide you with generated credentials. You can set up the client using the documentation.

Under the hood, it uses the most popular open-source script available on GitHub:

OR you can launch VPN with docker-compose.

Why set up your own VPN when you can use ready-made services?

Depending on the situation you’re in, you can resort to ready-made (and even free!) solutions.

In general, I highlight three methods, one of which will definitely suit you:

Free VPN is suitable when you want to access websites that are unavailable in your region (e.g., LinkedIn) and don’t want to pay $5-10 per month for it.

Paid VPN is suitable for advanced users who consume a lot of content and value access speed. One of the advantages of paid VPNs is the ability to choose a region. If you frequently use public Wi-Fi networks, using a paid (or your own) VPN should become basic hygiene for you.

Your own VPN is suitable for those who have a clear understanding of why they need it. Compared to a paid VPN, you get a significantly smaller range of possibilities but potentially higher control level.

Translated by ChatGPT