Build Your Own VPN in 15 Minutes

Something I noticed recently: if you use Twitter/X from the US, the algorithm shows you much more recent content than from other regions. Trending tweets are different, the feed feels more alive. And it's not just Twitter — Netflix, YouTube, and many other services change what they show you depending on where you connect from.

That got me thinking — I need a VPN. But honestly, paying $12-15 a month for NordVPN or ExpressVPN when I can set up my own? No thanks. So I did it, and turns out it's way easier than I thought.

In this guide I'll show you how to set up your own VPN server in about 15 minutes. It costs $4/month (less than any commercial service) and you control it 100%.

Why build your own VPN?

The good:

• ▸Full control — you own the server, no third parties
• ▸Cheaper — $4/month vs $10-15/month for commercial VPNs
• ▸No logging — you decide what gets stored and what doesn't
• ▸Dedicated IP — your own unique IP address
• ▸No throttling — all bandwidth is yours
• ▸Native iOS/macOS support — no extra apps needed

The not so good:

• ▸Requires basic terminal knowledge
• ▸You're responsible for server maintenance
• ▸Single location (though you can create more if you want)

What you need

• ▸A VPS provider account (I use DigitalOcean, but Linode, Vultr, or AWS work too)
• ▸A Mac or Linux computer to run commands
• ▸An iPhone or Mac to connect to the VPN
• ▸15-20 minutes of your time
• ▸$4/month for hosting

Step 1: Create your VPS

On DigitalOcean:

1. ▸Go to DigitalOcean.com and create an account
2. ▸Click the green "Create" button in the top right, then select "Droplets"
3. ▸Configure your droplet:
   • ▸Image: Ubuntu 25.04 x64 (or latest version)
   • ▸Plan: Basic
   • ▸CPU options: Regular — $4/month (512 MB RAM, 1 vCPU, 10GB SSD)
   • ▸Datacenter region: Choose based on where you want your VPN to appear (I chose San Francisco for a US IP)
   • ▸Authentication: Select "SSH Key" and add your SSH public key (if you don't have one, see below)
   • ▸Hostname: Give it a memorable name like "vpn-server"
4. ▸Click "Create Droplet"
5. ▸Wait about 60 seconds for your server to spin up. You'll see an IP address — write it down

SSH key setup (if you don't have one)

If you've never generated an SSH key, open Terminal on your Mac and run:

# Generate a new SSH key
ssh-keygen -t ed25519 -C "your_email@example.com"

# Press Enter to accept default location
# Press Enter twice to skip passphrase (or set one if you prefer)

# Copy your public key
cat ~/.ssh/id_ed25519.pub

Copy the entire output and paste it into DigitalOcean's SSH key field.

Step 2: Connect to your server

Open Terminal on your Mac and connect:

ssh root@YOUR_SERVER_IP

Replace YOUR_SERVER_IP with the IP from DigitalOcean.

You might see a message about authenticity — type yes and press Enter.

You should see a prompt like: root@vpn-server:~#

Step 3: Update your server

Before installing anything, update your system packages:

apt update && apt upgrade -y

This takes 2-3 minutes. You'll see a lot of text scrolling — that's normal.

Why this matters: Ensures you have the latest security patches and software versions.

Step 4: Install the VPN server

Here comes the good part. We'll use an automated script that installs and configures IKEv2/IPSec:

wget https://get.vpnsetup.net -O vpn.sh

Once you've reviewed it:

sudo sh vpn.sh

What this does:

• ▸Installs strongSwan (the VPN software)
• ▸Configures IKEv2/IPSec
• ▸Generates SSL certificates
• ▸Creates client configuration files
• ▸Sets up firewall rules

This takes 5-10 minutes. Good time to grab a coffee.

What you'll see when it finishes:

================================================
IKEv2 setup successful. Details for IKEv2 mode:

VPN server address: YOUR_SERVER_IP
VPN client name: vpnclient

Client configuration is available at:
/root/vpnclient.p12 (for Windows & Linux)
/root/vpnclient.sswan (for Android)
/root/vpnclient.mobileconfig (for iOS & macOS)
================================================

Important: Screenshot or copy these details.

Step 5: Download the configuration file

The VPN is now running, but you need to get the config file to your devices.

Open a new Terminal window (don't close the SSH connection) and run:

scp root@YOUR_SERVER_IP:/root/vpnclient.mobileconfig ~/Desktop/

This downloads the .mobileconfig file to your Desktop. It contains all the certificates and settings you need to connect.

Step 6: Install on iPhone

Method 1: AirDrop (easiest)

1. ▸On your Mac, right-click the vpnclient.mobileconfig file on your Desktop
2. ▸Select Share → AirDrop
3. ▸Choose your iPhone
4. ▸On your iPhone, tap Accept

Method 2: Email

1. ▸Email the file to yourself
2. ▸Open the email on your iPhone
3. ▸Tap the attachment

Installing the profile:

1. ▸When you open the file, you'll see "Profile Downloaded"
2. ▸Go to Settings → General → VPN & Device Management
3. ▸Under Downloaded Profile, tap the VPN profile
4. ▸Tap Install (top right)
5. ▸Enter your iPhone passcode if prompted
6. ▸Tap Install again to confirm
7. ▸Tap Install one more time
8. ▸Tap Done

Connecting:

1. ▸Go to Settings → VPN
2. ▸You'll see your VPN connection listed
3. ▸Toggle the switch ON
4. ▸You should see "Connected" and a VPN icon in your status bar

Step 7: Install on Mac

1. ▸On your Mac, double-click the vpnclient.mobileconfig file on your Desktop
2. ▸System Settings will open automatically
3. ▸You'll see: "'vpnclient' wants to install a profile"
4. ▸Click Continue
5. ▸Click Install
6. ▸Enter your Mac password
7. ▸Click Install again
8. ▸Click Done

Connecting:

1. ▸Go to System Settings → VPN
2. ▸Toggle your VPN connection ON
3. ▸You should see "Connected"

Pro tip: Add VPN to your menu bar for quick access — System Settings → Control Center → VPN → "Show in Menu Bar". Now you can connect and disconnect with one click.

Step 8: Test your VPN

Basic test:

1. ▸With VPN off: Open Safari and go to whatismyipaddress.com — you should see your real location (e.g., Mexico City). Note your IP.
2. ▸Turn VPN on (toggle the switch in Settings)
3. ▸Refresh the page — you should now see your VPS location (e.g., San Francisco) and your IP should be your server's IP

If the location changed, it works.

DNS leak test:

1. ▸With VPN connected, go to dnsleaktest.com
2. ▸Click "Extended test"
3. ▸Wait for results
4. ▸All DNS servers should show your VPS location, NOT your real location

Speed test:

1. ▸Go to fast.com with VPN off — note your speed
2. ▸Connect VPN and test again
3. ▸Expect 10-30% slower — totally usable

Troubleshooting

"VPN won't connect"

• ▸Verify your VPS is running (SSH into it)
• ▸Check you used the correct .mobileconfig file
• ▸Try deleting the profile and reinstalling
• ▸Check your VPS firewall isn't blocking ports 500 and 4500 UDP

"Connected but no internet"

Usually a DNS issue:

# SSH into your VPS
ssh root@YOUR_SERVER_IP

# Check if VPN service is running
ipsec status

# Restart VPN service
ipsec restart

"DNS leak detected"

If dnsleaktest.com shows your real location:

# SSH into your VPS
nano /etc/ipsec.conf

# Find the line with "rightdns"
# Make sure it says: rightdns=8.8.8.8,8.8.4.4

# Save and restart
ipsec restart

"Can't download config file"

Make sure you're running the scp command from a new Terminal window (not from the SSH session).

Alternative — manual copy:

# In your SSH session
cat /root/vpnclient.mobileconfig

Copy the entire output, paste into a text editor, save as vpnclient.mobileconfig.

Security: things you should do

Change the default SSH port (optional but recommended):

nano /etc/ssh/sshd_config
# Change "Port 22" to "Port 2222" (or another number)
systemctl restart sshd

Enable automatic security updates:

apt install unattended-upgrades -y
dpkg-reconfigure -plow unattended-upgrades

Set up a firewall:

ufw allow 22/tcp   # SSH
ufw allow 500/udp  # IKEv2
ufw allow 4500/udp # IKEv2
ufw enable

Things to keep in mind

• ▸Your VPS provider (DigitalOcean) can technically see your traffic
• ▸This isn't as anonymous as Tor
• ▸The VPN doesn't encrypt traffic between your VPN server and destination sites (only between you and the VPN)
• ▸For maximum privacy, use HTTPS even when connected to VPN

How much does this cost?

Initial setup: Free (just your time)

Monthly cost: DigitalOcean VPS: $4/month

vs. commercial VPNs:

• ▸NordVPN: ~$12/month
• ▸ExpressVPN: ~$13/month
• ▸Private Internet Access: ~$10/month

Your savings: $4-7/month = $48-84/year. Plus you own the server and can use it for other projects.

Adding more devices

The same .mobileconfig file works on unlimited devices. Just AirDrop or email it to each device, install the profile, and connect. You can have your iPhone, iPad, Mac, and any other iOS/macOS device all using the same VPN simultaneously.

Managing your VPN

# Check VPN status
ipsec status

# View connected clients
ipsec statusall

# Restart VPN service
ipsec restart

# View logs
tail -f /var/log/syslog | grep ipsec

What's next

If you want to go further:

• ▸Set up a domain name instead of using IP addresses
• ▸Create multiple client certificates for different devices
• ▸Monitor your VPS with DigitalOcean's built-in monitoring
• ▸Set up automatic backups ($1.20/month for weekly backups on DigitalOcean)

Done. You now have your own private VPN server that you fully control. No more wondering what commercial VPN providers are doing with your data, no more speed throttling, and significant monthly savings.

The setup took about 15 minutes, and now you have a VPN that will serve you as long as you keep the VPS running.

Time invested: 15-20 minutes — Monthly cost: $4 — Privacy: priceless