You may have seen many online advertisements for paid VPN services. However, as we explain in a previous articleIt's not a good idea to funnel all your Internet traffic through a VPN service.
Unlike what they say on their websites, VPN companies Generally, we do not care about protecting your privacy.. These companies can see your entire web browsing history while handling your Internet traffic and DNS requests. Sometimes they even keep logs of your IP address and connection history, meaning they could hand this data over to authorities or it could be stolen by cybercriminals.
In most cases, it is not necessary to enable a VPN connection before browsing the web, as almost all websites are delivered to your browser over a secure, encrypted connection (called HTTPS).
But VPNs can come in handy from time to time, depending on your risk profile, aka threat model. Sometimes you can't access a website from a public network because it is blocked. Or you could be traveling to a country where the content you want to access, such as news or music and video streaming services, is not available. In those cases, it's all about minimizing risk while using a VPN.
That's why we're going to highlight a few different methods for setting up your own encrypted VPN server at home or in a nearby data center.
Easy: Run Tailscale on an Extra Home Computer
Queue scale It makes it easy to create a virtual network and connect all your devices to that network. Tailscale is built on WireGuarda robust open source VPN protocol that works on virtually any device.
There are many use cases for Tailscale. Developers use it to access remote servers. Companies use it so that employees can access all types of corporate services even when they are not in the office. In our case, we will use it as an alternative to a VPN service that allows you to encrypt and redirect all your Internet traffic.
If you have a computer at home that is always running, or an old laptop that you no longer use, download and install Tailscale on that device. The Tailscale app is available for both Windows and macOS. (Also available on Linux using the terminal.)
Create a back scale accountand create your first tailnet. In Tailscale parlance, a tailnet is your own private peer-to-peer mesh network that allows your devices to interact with each other.
Click the Tailscale icon in the menu bar on macOS or the taskbar on Windows. Activate Tailscale and then go to the “Exit Nodes” menu. Click “Run Exit Node…”
You can now install Tailscale on personal devices you travel with, like your laptop or phone. Install Tailscale, then log in to your account. You'll see your computer running at home in the list of devices on your private network.
Once again, go to the “Exit Nodes” section. This time, choose your home computer as the exit node. That's all! When your devices use your home computer as their exit nodesall Internet traffic passes through that exit node.
Tailscale's role is to manage the coordination server that makes this VPN connection possible. This coordination server is responsible for distributing public keys to all of your devices on your Tailscale network so they can securely communicate with each other. Tailscale does not route traffic through its coordination servers.
As for private keys, they remain on your devices at all times. Without those private keys, no one else, including Tailscale, can't decrypt the data flowing through your VPN tunnel. With this setup, you get all the benefits of an encrypted VPN connection without having to manually generate, distribute, and manage your public keys.
The result is that even if you are thousands of miles away on a very restricted Wi-Fi network, you can browse the web as if you were at home.
At this point, you might think, “This is great, but I don't want to have a computer running 24/7.” The good news is that Tailscale allows you turns an Apple TV into an exit node. Because Apple TV is designed to run constantly, so it can be turned on and used at any time, its output node will also always be available. If you're not an Apple TV user, you might have an Android-based set-top box or an old Android phone sitting in a drawer. Tailscale allows you run an exit node on an android devicealso.
Medium: Install Tailscale on a Raspberry Pi
If your modem or router is in a peculiar location, you may want to build a dedicated Tailscale device yourself and connect it to your router with an Ethernet cable.
In that case, you could buy a raspberry pia small, cheap single board microcomputer. We recommend a Raspberry Pi 4 or Raspberry Pi 5, as these models have a Gigabit Ethernet port. If you have a fiber connection at home, you'll be able to get faster speeds with that Gigabit Ethernet port when you turn on the VPN connection.
You can flash a microSD card with Raspberry Pi Desktop, the operating system designed specifically for these computers. You'll also need a USB keyboard and mouse, as well as a micro-HDMI to HDMI cable to set up the Raspberry Pi.
After that, you can connect your Raspberry Pi to a computer screen or TV and turn it on. You will have to open the terminal and run some commands detailed in Tailscale website to install and run Tailscale.
You must also enable IP forwarding with the following three commands on Raspberry OS:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.confAfter the last command, run the following command:
sudo tailscale up --advertise-exit-nodeAnd this completes turning this Raspberry Pi into a Tailscale output node.
You can now install Tailscale on the personal devices you travel with and use the Raspberry Pi as an exit node.
If you like this setup and are comfortable with the terminal, you can follow the same instructions with Raspberry Pi OS Lite, the operating system for Raspberry Pi that does not have a traditional desktop interface.
You can also follow the same instructions to create your own VPN server in a nearby data center. Many companies, such as DigitalOcean, Vultr, Linode, Scaleway, Hetzner Cloud, and OVHcloud, offer cheap virtual servers for around $5 per month.
After creating a server with one of those cloud hosting companies, start a server and use its web console to install Tailscale. You can also log in using SSH, commonly used for remote access, from your own terminal.
Advanced: Tailscale on Fly.io or WireGuard on a VPS
At this point, you may find that setting up your own encrypted VPN server and routing all your Internet traffic through that server isn't that difficult. So, you can get creative with your setup.
For example, developer Patrick Recher has created a global network of Tailscale exit nodes on Fly.io, a cloud hosting company that allows you to create virtual machines on the fly based on a configuration file.
Recher can add a server in a new region with a single command line. And when it's done, it stops the virtual machine and destroys it. You can learn more at Recher's GitHub repository.
If you don't want to rely on Tailscale to coordinate your peer-to-peer network, you can install and configure WireGuard directly. There is various tutorials around the web that will guide you through the WireGuard configuration process. Setting up WireGuard isn't that complicated and you'll learn a few things along the way.
Leave feedback about this