Categories
Connected Devices Data and Security hosting server VPN

How to Install and Run Your Own Private VPN Server for Extra Security Online

vpn

In recent years, the fundamental insecurity of the internet has driven many to seek ways of protecting themselves and their data online. Businesses have pushed many of them in an attempt to help customers stay secure. There have been browser plugins to help force users to take advantage of SSL encryption on websites where it’s available.

The latest IoT devices are turning to short-range Z-Wave encrypted radio technology to keep attackers out. And email providers have increasingly adopted TLS encryption to protect email while it transits the internet.

For individual users, though, the latest internet security method of choice uses a virtual private network (VPN). Subscriptions for them are now available from countless commercial providers all around the world.

A VPN creates an encrypted tunnel that protects internet traffic between a user’s device and an endpoint server located elsewhere, where it exits onto the public internet. That grants the user a measure of security and privacy and some valuable extra benefits, such as the ability to watch any country’s Netflix library.

That doesn’t mean, however, that commercial VPNs are the only option. It’s becoming increasingly common for internet users (who are tech-savvy or have an adventurous spirit) to set up and operate their own VPN servers for private use. Doing so gives them greater control over where their data goes, who might have access to it, and exactly how it’s secured en route to its destination.

For those interested in setting up their own VPN server, here’s a basic rundown on the steps involved to make the process as user-friendly as possible.

First, Consider the Limitations

Before deciding to set up a personal VPN server, it’s essential to consider how you plan to use it and what you need it to do. If the primary purpose is to enhance your online security and keep your ISP (or another local network operator) from spying on you, a personal VPN is a good fit.

If you are looking for a VPN to anonymize your traffic or allow you to use services like BitTorrent without anyone tracing the activity back to you, a commercial VPN provider is a better option. With that out of the way — here’s what you need to do to get a VPN server up and running:

Choose a Cloud Hosting Provider

To operate a VPN server, you’ll need a machine to run it on that’s available from anywhere you might travel, and that has sufficient bandwidth to handle whatever traffic you send its way. For most people, that means choosing one of the many major cloud providers like Google GCP, Amazon AWS, or Microsoft Azure.

Any of those would make a good fit for a VPN server, but it’s important to look at the pricing details to see how much the traffic you expect to generate will cost you each month. If you’re planning to use your VPN to protect all of your web traffic, it might be worth looking into an unmetered VPS solution instead.

Choose a VPN Server Platform and Install

With a cloud provider lined up, the next decision to make is which VPN server type to deploy. Today, most commercial VPN providers rely on software called OpenVPN, which is freely available and open-source. Besides, many major cloud providers have ready-built OpenVPN server instances available, which make deploying one a snap.

It’s also among the fastest VPN protocols available so that it won’t slow down the internet connections of anyone using it. For all-around use, OpenVPN makes a good choice.

There are other options available, too. One is called SoftEther, another open-source project that acts as something of a Swiss Army knife for VPN provisioning. It supports connections using any major current VPN protocols, including OpenVPN, IPsec, MS-SSTP, and L2TPv3.

That means it’s capable of supporting connections from almost every internet-connected device imaginable, which makes it ideal if you need to protect a house full of devices.

By far, though, the best current solution for anyone deploying their own VPN server is Algo. It’s an easy-to-set-up VPN system that supports every cloud provider imaginable and has a step-by-step install process that makes getting it up and running easy enough for a novice to handle.

Better still, it supports connections using the WireGuard protocol, which is a highly-secure and blazing fast protocol that most people expect to be the eventual successor to the widely-used OpenVPN.

The great thing about WireGuard works very well with mobile devices, negotiating unstable wireless signals with ease. That’s something that other VPN systems like OpenVPN struggle with. In many cases, a mobile device with a weak signal can be a nightmare to use with a VPN, with frequent disconnections and pauses for re-authentication.

WireGuard, by contrast, takes less than a second to reconnect when there’s a signal issue, providing a stable and seamless VPN experience no matter where you use it.

Configure and Connect Clients

With the VPN server up and running, the next step is to collect the information needed to connect devices to it. In the case of OpenVPN, the server installation process will have also created a client configuration file that may be used on any device with a native OpenVPN client available.

In those cases, all that’s required is to copy that file to the device and tell the client software where to find it. Then simply provide the username and password selected during the server installation, and the connection should complete with no issues.

For a SoftEther server, connecting a client can be a little more complicated. The server can generate configuration files for OpenVPN and IPsec clients, so if those are in use, the generated files should be all that’s needed on the client (besides the username and password you’ve set).

If the server is configured to use the native SoftEther protocol, nothing more than the server’s external IP address and the login information is necessary to get up and running.

If the server’s running Algo, the installer will have created configuration files for any device capable of running either the WireGuard client or an IPsec-compatible client. The server’s installer will specify where the files reside, and they’re all that’s needed to connect. Best of all, Algo will even generate a QR code with the required configuration information that makes connecting mobile devices as easy as snapping a picture.

Check for Leaks

VPN not connected on a laptop
Photo by Kevin Paster from Pexels

Once the necessary clients are connected, the last step is to check to ensure that all of the device traffic is being appropriately routed through the new VPN server.

The simplest way to do this is to visit a testing site that can scan your connection information. If the results reveal the device’s actual IP address or geographic location, something’s not working correctly. If everything’s right, the test should show the VPN server’s IP address and location and the DNS server information used during the server setup process.

In the case of an issue, retrace the setup steps on the server and client to ensure nothing’s been missed. Chances are; however, everything will work on the first try.

Safe and Secure

If all went well, the result should be a fast, secure personal VPN server that is capable of protecting as many devices as you need (as long as you’re willing to pay for sufficient bandwidth).

Best of all, the setup is entirely disposable, which means it can be terminated or moved to a new hosting provider at any time. After getting through the setup once, it should be easy for just about anyone to repeat the process as many times as they need or want to.

The best part of all is that everything about the setup is under the direct control of its owner – meaning there’s no third-party to trust. And for the security-minded, there can be no more significant asset.

The post How to Install and Run Your Own Private VPN Server for Extra Security Online appeared first on ReadWrite.

Categories
Data and Security DNS ReadWrite security VPN

How to Use a DNS Server to Increase Security and Work Around Geofences

increase security

As this year is shaped with worldwide self-isolation, the tendency is to move activities online in response to the COVID-19 pandemic. People are seeking reliable means to protect their devices from malware for work and broaden their reach of new content for leisure. Here is how to use a DNS server to increase security and work around geofences.

The conventional way to achieve geofencing is to use a VPN that offers security and privacy protection.

On the one hand, you can use a VPN to achieve privacy and allow users to override geo-restrictions, on the other.

However, there is another option that works well for individual and small-scale consumers: DNS-based solutions, such as Smart DNS and DNS Firewall. They offer more targeted solutions for the problems we face in our daily activities at a lower price. This distinguishes them from comprehensive enterprise tools that protect extensive business networks. 

What is DNS?

Generally speaking, the Domain Name System, or DNS, is the way that domain names are located and translated into IP addresses. You can compare DNS to a phone book where every domain name is mapped to a specified IP address. 

When we surf the Internet, we use domain names, like google.com or facebook.com. However, Web browsers use Internet Protocol (IP) addresses like 69.63.181.15 to access the website. What DNS does is matching these addresses. When you type an URL in a Web browser, it sends a request to a dedicated DNS server that returns a corresponding IP address. The web browser can then use it to access the website. Without such a system, we’d have to memorize all IP addresses.

At the same time, DNS is much more than just a directory. You also can use it to bypass geoblocking and enhance security while surfing the web. But does this mean that DNS could replace a VPN connection?

Smart DNS and geoblocking

Probably, every Internet user has encountered a geoblocking problem.  You want to watch a new episode of your favorite series on Netflix or click on a video on Youtube. But suddenly, all you can see is the error saying that the video is unavailable in your region. Such limiting access to a particular region is called “geoblocking,� and it is widely used by video-streaming sites, like BBC’s iPlayer, Netflix and ABC iView.

The underlying principle is quite simple: each device connected to the Internet has a unique IP address. IP addresses are allocated in blocks to internet service providers (ISPs) who in turn, allocate them to customers. This scheme makes IP addresses traceable to a geographic location. Thus, companies can limit access only to IP addresses from a particular region.

The way to trick geoblocking is to change your IP address — or make it so the website in question wouldn’t be able to detect it properly — so that its location would seem eligible. Smart DNS is a technology that directs a user to a proxy server to mask the IP address. Because of that, you can gain access to geo-restricted content.

How it works

DNS address assigned by your internet service provider contains info about your geo-location. Smart DNS replaces it with the address of a new Smart DNS server. A Smart DNS provider uses proxy servers in the region eligible to view the requested content. The Smart DNS server can be located anywhere in the world.

When you are connected to this server, your traffic is routed through it. Smart DNS intercepts your connection requests to the server you want to access, and carefully replaces any data in those requests that can leak your geo-location.

Modern apps run smoothly on any platform and device with an internet connection, from routers to smart TVs and video game consoles. These modern apps have a truly global network of servers unblocking the most popular video streaming platforms, including American Netflix, Amazon Prime, and HBO Now.

Smart DNS vs. VPN

At first glance, it seems that the features of SmartDNS and VPN are quite similar. Like a VPN, Smart DNS tools hide your real location. However, in contrast to a VPN, they do not change the IP address of your device.  They only mask their original IP address. With a VPN, you connect to a secure local server in another country directly. You use that server’s internet connection – and its IP address – as your own to stream certain content.

Another crucial difference from a VPN is that a Smart DNS doesn’t encrypt your traffic. Without data encryption, the connection between your device and the webserver is much faster than through a VPN tunnel that masks and encrypts all traffic. Hence, the biggest advantage of SmartDNS over a VPN is the speed, as it allows streaming from popular channels in 4K Ultra HD without any lags or delays, limited only by your network speed.

For a user who is looking for a fast and straightforward way to bypass geo-restrictions without the necessity to dig into the device configuration, a Smart DNS is the best option. Since it doesn’t require any installation, it is wrapped in an intuitive and easy-to-use DNS Proxy app. The DNS proxy app shares the same DNS IP address across multiple devices; it becomes an optimal solution if you simply want to get access to a new series at your leisure time.

At the same time, you cannot use a Smart DNS to ensure security and privacy protection. If these are at stake, it’s worthwhile to sacrifice the speed of connection and choose a suitable VPN protocol.

Enhanced Protection with DNS Firewall

At first sight, it might seem that when it comes to online security, encryption, and online freedom, the winner is always the VPN. However, a VPN can only ensure your privacy.  It won’t shield you from malicious websites. To stay protected against possible attacks, users need a DNS firewall, a network security solution that intercepts DNS resolution for known-malicious websites.

How it works

According to the Cisco 2020 Security report, 91% of malware uses DNS services to build cyber-attacks, which makes DNS-based malware one of the most common cyber threats. To answer the threat, a DNS Firewall was designed. This solution selectively intercepts DNS resolution for known-malicious Internet locations, such as domain names, IP addresses, and name servers. The interception can entail rewriting a DNS response to direct a web browser to a “walled garden.� Another option is to make the malicious network assets invisible and unreachable by the device.

As a result, the DNS Firewall works as a cloud barrier between a device and the internet traffic from malicious servers.

The same applies to phishing websites aimed at stealing the user’s confidential data that are increasingly popular during email-based attacks, ransomware, and botnet command and control sites. A DNS Firewall effectively detects and blocks all phishing links keeping the user safe online. Besides, with its quite intuitive interface, even less tech-savvy users can blacklist websites by specific categories (like gaming, gambling, or adult sites).

In certain solutions, users can block sites with pop-up windows or undesirable content by category or by a specific domain.

DNS Firewall vs. VPN

While these technologies share much in common, they do not overlap. A VPN masks the user’s identity, and the DNS Firewall blocks external threats. There is a way to ensure safe web surfing that combines online anonymity, VPN encryption and effective shielding from cyber-attacks. You can use a combination of VPN and DNS technologies as a bundle or as standalone projects.

Similar but complementary, the two technologies can bring cybersecurity to a new level. While a VPN is essential to protect your internet privacy as it provides an encrypted connection between your device and the Internet, DNS-based tools perform a range of complementary tasks, such as unblocking geo-restricted content, like a SmartDNS, or protecting you and your children from unwanted content and phishing attacks, like a DNS Firewall.

The post How to Use a DNS Server to Increase Security and Work Around Geofences appeared first on ReadWrite.