Build Your Own VPN Proxy

if you're interested in building your

own personal VPN proxy server in order

to surf the web privately and

anonymously then this is the video for

you stay tuned

welcome to crosstalk Solutions my name

is Chris and by now you've probably

heard a lot about protecting yourself

online with a VPN proxy you've probably

even heard the names of some of the top

VPN proxy providers Nord VPN tor guard

tunnel bear and my own personal favorite

which is private Internet access that's

a service that I use daily and I highly

recommend if you get frustrated trying

to build your own VPN proxy then I

recommend checking them out and my

referral code is down in the description

below but what does a VPN proxy do

exactly well there's two parts the VPN

and the proxy now essentially you're

creating a secure tunnel between you and

a random computer server located

somewhere around the globe from that

server you do all of your web surfing

your YouTube or Netflix watching file

downloading and whatever else now if

you're connecting to a server in Seattle

Washington you appear to the Internet as

coming from some random IP address in

Seattle Washington no matter what your

actual location is that's the proxy part

you're not surfing the web directly out

of the IP address that was given to you

by your ISP you're someone else

completely and anonymous your ISP can

see perhaps how much bandwidth is being

transferred from the Internet to your

home and back but because the tunnel is

encrypted with VPN they can't tell what

you're downloading where you're surfing

or what you're watching I like to think

of it as a big opaque garden hose

stretching across your yard the ISP can

hear that liquid is flowing through the

hose but they don't know where that

liquids going or even what kind of

liquid it is there are a ton of other

advantages and benefits to using a VPN

proxy besides the security aspect as

well but the bottom line is that using a

VPN proxy is a really great habit to

have your ISP can't watch you but then

this brings up a logical next question

are you just picking a different watcher

- who's to say that your VPN proxy

service isn't storing all sorts of

information about you and then selling

that information to the highest bidder

or happily handing over years worth of

server logs to anyone who comes knocking

with a subpoena most VPN proxy services

have very clear policies about this

stuff and in the case of private

Internet access they claim to not keep

any traffic or access logs and they even

have a transparency report that shows

how many warrants and subpoenas they've

received and complied to but of course

the internet being the skeptical den of

villainy that it is a lot of people are

still not convinced that any third party

VPN proxy service is trustworthy so for

those people here's some good news in

this video we're gonna teach you how to

build your own now there's a fantastic

project on github called Streisand as in

the Streisand effect or the phenomenon

by which an attempt to hide remove or

censor a piece of information has the

unintended consequence of publicizing

that information more widely so back in

2003 Barbra Streisand made a big stink

about trying to suppress photos of her

Malibu California home it became such a

big story that it actually drew a lot

more attention to the home than it would

have if she just stayed out of it

completely so let's set up our own

personal Streisand VPN proxy server this

project is a great overall learning

experience it gives you experience in

working with a cloud server provider

such as digital ocean and it has a

decent amount of Linux and a decent

amount of networking as well I would

rate this an intermediate skill level

project but it's really really

satisfying once it's up and running and

protecting you from your big bad ISP the

Streisand VPN project tries to automate

the server setup as much as possible

they've really done most of the heavy

lifting so huge huge kudos to the folks

behind that project but these

instructions will walk you through the

setup start to finish step-by-step if

you follow these steps exactly you will

have a working Streisand server in the

end and like all of my projects I will

do my best to keep the documentation up

to

date as things change now as I said this

is an intermediate level project in this

video and the accompanying blog post

will get you all of the way from nothing

all the way up to having a fully

functional strife Streisand VPN proxy

server setup however and this is

completely optional if you're interested

in supporting cross talks efforts in

documenting this process for you you can

optionally purchase a downloadable PDF

of these instructions that contains

everything in the blog post online as

well as an additional 12 pages worth of

instructions for connecting your various

client devices such as your PC your iOS

or your Android devices in a variety of

different methods now again you do not

need the PDF but if you want it it does

go further than I'm gonna go in this

video beyond the server setup and into

the client setup as well that PDF is

downloadable through the crosstalk

solutions store and it has a price tag

of $9.95 link down below for anyone

who's interested and I greatly

appreciate the support now with that

being said to set up streisand we're

gonna need two separate digital ocean

servers the first server will be our

builder server and the second server

will be our VPN proxy the builder server

is just that we're creating a freshly

installed Ubuntu Linux server that will

in turn be used to build our VPN proxy

server through a series of scripts and

automated steps now you can use an

existing server as your builder but

honestly if you stray from these

instructions at all you really have to

have a decent knowledge of what you're

doing if you're still learning stick

with these steps and you'll be good the

builder server on digitalocean cost five

dollars a month and you really only need

it up and running for a few hours to get

this done it's worth a few cents to

start with a clean foundation okay

with all that being said let's go ahead

and get started to build my VPN proxy

server I'm gonna be following along with

a blog post that I wrote on crosstalk

solutions.com there's a link down below

to the blog post and I

highly suggest that you follow along

with the blogpost so that you can copy

and paste all the commands instead of

having to type everything in manually

the first step is to log into digital

ocean if you don't yet have a digital

ocean account you can use my affiliate

link to sign up that'll get you a

hundred dollars worth of digital ocean

credit and I would be very appreciative

of those sign ups because it helps out

the crosstalk Solutions channel okay

once you're logged in we need to create

our streisand builder server so this is

the first of the two servers that we're

going to have this is the server that

we're going to use to in turn then build

the VPN proxy server so let's do that

now I'm popping over to digital ocean

I'm going to say create a droplet and

we're gonna do a boon to 16.0 4.6 64-bit

version we're gonna choose the standard

plan and then down here we certainly

don't need to go $40 a month for this

server so we're gonna scroll all the way

down to the bottom and we're gonna

choose the five dollars per month server

which is actually the point seven cents

per hour server and you know assuming

that everything goes well we can

actually destroy this server in just a

few hours here now since we're going to

destroy this server in just a few hours

you don't need to enable automated

backups or any of the extra bells and

whistles you just need to choose a data

center to host this virtual server in

and I'm gonna choose San Francisco to

just because that is geographically

close to my location all right I'm gonna

scroll all the way down to the bottom

and we want to give this server a

hostname I'm gonna call it Streisand

builder and this does not have to be a

fully qualified domain name this is not

something that we're gonna actually

resolve DNS requests - we will need an

fqdn for the VPN proxy server but we'll

cross that bridge when we come to it

okay go ahead and click create and

what's going to happen now is your

server will be created you will get an

IP address and you will get an email

from digitalocean with the IP address as

well as the default root password so

wait until you get that email and then

we can move on to the next steps all

right so we can see the IP address here

I'm gonna copy that and I'm gonna pop

open putty now you can use putty or any

other SSH program to get into the server

I personally prefer putty because it's

free and it's easy to use and we're

going to be using putty for the

rest of this documentation okay so we're

gonna paste the IP address as the host

name and then you want to go to that

email that digital ocean sent you and

copy the password so we're gonna say

open and say yes to the security alert

and then we're gonna log in as root and

then shift insert to paste the password

you can also right click to paste the

first thing it's going to have us do is

change that password so shift insert or

right-click again to paste that password

one more time and now pick a new

password that you're going to enter once

and then confirm and now I have

successfully logged into my streisand

builder server okay let me rearrange my

windows a little bit here and once we've

logged in the first thing we want to do

is create an SSH a key pair we're gonna

do that by saying SSH - key Jen and then

just hit enter three times to take the

defaults enter enter enter now if you do

LS - la SSH you should see an ID

underscore RSA and an ID underscore RSA

pub we want to backup both of these

files these are our private and public

key files so we're gonna say Kat dot SSH

slash ID underscore RSA and then we can

see the key is output to the screen here

I'm just gonna copy that with ctrl

insert and then I'm gonna paste it into

notepad and save that onto my computer

alright that's our private key you also

want to do the same thing for the public

key which is the ID underscore RSA dot

Pub file ok and now I have my public and

private keys backed up people always

give me crap by the way about showing my

public and private keys on video but by

the time you guys are watching this

video this server will be destroyed so

there's no need go ahead and copy it

down if you want it's literally of no

use to you alright so now that we have

our public and private keys backed up we

need to install the programs that will

then allow us to download the software

that we need from github so we're gonna

say sudo apt update and and sudo apt

install git and Python - pip - why the -

why is just our confirmation that we

want to go ahead and do this so that it

doesn't prompt us

and this process takes about one minute

or so to complete okay there we go and

now that we've done that we need to

download and execute the scripts that

will allow us to create our Streisand

VPN proxy server so we're gonna clone

that software from github which

basically just means we're grabbing a

copy of that software from the github

repository so I'm gonna copy this

command here and paste it into putty and

if we do LS - la we can see that we have

now moved into the slash strife

streisand folder and we have all of this

software that was downloaded so this

next part is a little bit tricky and

what we're gonna do here is we're gonna

run this command dot slash util keep in

mind that this command is relative to

the streisand path that we're currently

in

so it's slash util slash V env -

dependencies SH dot slash ve and V now

the first time that we run this command

it should be relatively quick and it's

gonna tell us setup will fail without

these packages so basically what we did

was a dependency check and it found all

of these different packages that we need

to install first before we can run that

same command again so let's go ahead and

do that it gives us the command right

here so we're gonna copy this and I'm

gonna say sudo space and then shift

insert - paste it and I don't know if

you need sudo there or not for sure but

I always just do it to be safe and then

that has now installed all of those

missing dependencies so we can hit up up

and we can run that util vem

dependencies SH command one more time

okay so now this is running this is

installing some stuff it's going to stop

install everything that we need to do

the actual build of the Streisand VPN

proxy server and this process is going

to take about two minutes or so you also

might see some Python 2.7 warnings in

red text you can safely ignore those

warnings okay so once that has completed

you'll see this command you'll see this

here all dependencies installed to use

this environment run this in your shell

okay so now is the fun part we're

actually going to start building our VPN

proxy server we're gonna say source dot

ve NV dot slash V env scuse me slash bin

slash activate and now you'll see the

command prompt here has changed to a V E

and V in the front and then we want to

say dot slash streisand

so the first thing that we are asked

when we run this streisand command this

is by the way in ansible script if

you're not familiar with what that is

it's basically a scripting language that

is really really powerful as you can see

this is going to do a lot of stuff for

us and I'll explain what it's doing as

we're going but the first thing that we

are asked is which cloud service

provider we are using I have set this up

in two different ways I've set it up

with digitalocean I've also set it up

using an existing server so just a blank

ubuntu 16.04 server both works perfectly

fine for me but you can also do lie node

or Rackspace or Amazon or Azure there's

a bunch of different options here this

tutorial is on digital ocean so I can

only support or you know talk about

what's happening with digital ocean so

we're gonna say three for digital ocean

and it says do you wish to customize

which services streisand will install I

don't want to do any customization so

we're going to say no and it starts to

do its thing now it's going to ask me

which region should the server be

located in and that is basically you

know when we created the droplet for the

streisand builder remember I picked San

Francisco datacenter number two now you

don't have to pick the same

data center that you picked for your

streisand builder however I'm going to

go ahead and do that just because it's

convenient so I'm gonna say number 10

here which is San Francisco data center

2 and now we can say what should the

server be named and this is the name as

it's going to show up in the digital

ocean interface so I'm just going to

call this stri sand VPN server and we're

gonna press Enter

the next thing it asks us for is our

digital ocean personal access token now

the personal ask access token is

basically an API string that we're going

to download from digital ocean that

allows us to run commands and

successfully authenticate ourselves from

a third-party application so let's pop

back over to digital ocean and in

digital ocean we want to click down here

on API and then here we can see personal

access tokens now I have an old one in

here from an older streisand VPN server

so I'm just going to delete that one

first and then we're gonna create a

brand-new one as if we're just starting

from scratch so I'm gonna say generate

new token we're gonna call this

streisand VPN server and then we're

gonna say generate token now your token

is generated here we're gonna copy that

token again this will be destroyed by

the time you guys are watching this

video so don't even try it and we're

going to go back to SSH and we're just

gonna paste that API token and hit enter

next this is asking us for what we want

to call our SSH key pair so the SSH key

pair that we already generated is going

to end up showing up in our digital

ocean interface and this is just a

friendly name for that SSH key pair that

we could potentially reuse with other

servers even other Streisand VPN proxy

servers if we're going to build multiple

servers so if you don't have an SSH key

already in digitalocean that's named

Streisand then you can just safely press

enter here and now it's telling us

Streisand will now set up your server

this process usually takes around 10

minutes press ENTER to begin setup and

so we're going to go ahead and press

enter now it's gonna start running

through all of these scripts and if you

go back to digitalocean and click on

droplets one of the first things you're

going to see here is that it is already

creating a new Streisand VPN server

droplet that's the friendly name that I

gave it just a few steps ago so it's

going to create this droplet and then it

is going to prompt us next for a fully

qualified domain name and that is for

let's encrypt so what you want to do is

keep an eye on the Streisand VPN server

progress and then as soon as you have an

IP address like the one that I have here

you want to log in to your DNS provider

whether that's your hosting provider or

whomever you know hosts the DNS names

where you can create an a record and you

need to create an a record for some

fully qualified domain name and it needs

to point to this IP address for the

Streisand VPN server so while it's

building in the background once you have

the IP go ahead and shoot over to your

DNS hosting provider and create that DNS

a record okay so we can see here that we

are now being prompted for that DNS a

record it says enter your fully

qualified domain name below we can see

that digitalocean gave me an IP address

of 206 that 189 dot 72 52 and if I ping

my VPN crosstalk solutions comm which is

the fqdn that I chose for my own install

here we can see that that resolves to

206 189 72 52 okay so that a record

already resolves to the Streisand VPN

server so we know we are good to go at

this point and I'm gonna type in my VPN

cross-talk solutions.com and press enter

now it asked us for a contact email this

is for let's encrypt so basically if

there's a problem renewing your

certificate it's going to shoot you an

email to this email if you want to skip

this you can just press ENTER but I do

suggest you put in a valid email address

once you have that email address in once

again press ENTER once the process has

finished and in my case it took about 14

minutes to complete all of the steps to

create the Streisand VPN server you're

going to get this message server setup

is complete and if you press ENTER you

get a summary of some stuff that either

passed or failed now during the

installation you may have noticed that

there were a couple of packages that

quote-unquote failed and then there was

a 20-second pause okay and it shows a

big red scary-looking error all right

those are okay I got to Feiler failures

in my setup and that's fine

however if you get like 30 failures or

12 failures or some higher number of

failures then you probably did something

wrong in the initial steps but two

failures like said the ones that I have

here that appears to be normal and I

believe those failures were just GPG

checks that that did not pass the the

check for a piece of software that was

downloaded okay so once we have our

server built the next thing we need to

do is connect to our Streisand VPN

server and if we go here to generated

Docs so if we look in the directory that

we're in right now we are in /root slash

Streisand if we do LS - LA there is a

new folder that's been created called

generated Docs let's go in there CD

generated Docs and here we have

basically two far two files we have a

French and an English version of the

same two files we have Streisand VPN

server HTML and then we have Streisand

VPN server - firewall - information -

HTML so let's go ahead and take a look

at the Streisand VPN server HTML one of

the easiest ways to do that from windows

of course you can just download that

file and open it up with any you know

browser but I like to use winscp so I'm

going to bring up winscp first and I'm

going to connect to the Streisand

builder server using the root root as

the username and the password that I set

when we initially created that server

okay and now we can go into Streisand

and then generated Docs and then I'm

just gonna right click on Streisand VPN

server and choose open and here we can

see that this is how we're going to

connect to the Streisand gateway so with

SSL HTTPS

we can right-click open in a new tab and

then here's our username and password

it's streisand for the username and then

a randomly generated passphrase for the

passwords let me copy this and we're

gonna say Streisand and paste sign in

okay this is on our Streisand VPN server

so number one make a copy of this

information right here and then once

you've connected to my VPN whatever comm

this gives you all of the information

that you're going to need to connect up

your clients your iPhone your Android

devices your Windows or Mac PCs all of

the information needed to connect those

devices along with full like really

detailed instructions are in the is it's

in this document right here now I'm not

going to cover how to connect every type

of different little client to this

Streisand VPN server but what I am going

to do is we're going to connect to this

server using SSH and we're going to

connect to the server with a SSH tunnel

in place so that once we connect we will

be able to surf using Firefox surf

through our Streisand VPN server okay so

let's go ahead and do that next plus

there's one additional step that needs

to be done in some of the open VPN

configuration files in order to be able

to connect successfully with Open VPN so

we're going to fix that one

configuration file and we're going to

connect using SSH with an SSH tunnel

that will allow us to in turn use

Firefox to browse securely through our

Streisand VPN server proxy okay

hopefully that's not too confusing let's

go ahead and get started for the

connections start instructions you can

click down here on SSH and this will

give you SSH instructions for using

putty very similarly to the way that

we're about to do it and these

instructions 100% work I have tested

them out however they don't allow you to

actually create a command shell or log

in to the Streisand VPN server in order

to you know fix that config file so I'm

gonna do this a little bit differently

then you have in the instructions here

but but these instructions do absolutely

work okay so the first thing we need to

do is open up puttygen and we need to

convert the private key file that we

downloaded in like step 3 we need to

convert that to a dot PPK file so let's

go ahead and run puttygen and you want

to click on load and load up the ID

underscore RSA key that you saved

earlier ok we've successfully imported

that key and then we just want to save

private key as a dot PPK file ok that's

it we can close puttygen and now we need

to do a new putty session okay so for

the hostname we're gonna say my VPN dot

crosstalk solutions.com again substitute

your own fully qualified domain name

there then we want to click on

connection SSH right here and then open

that up and click on off au th or

authentication then you want to browse

and select that PPK file that we just

generated from puttygen ok I have that

in place now and the next thing we want

to do is we want to click on SSH

connection SSH and then click on tunnels

right here and we're going to add a new

source port of 8080 and we want that to

be dynamic then we're gonna click Add

and it's gonna show up in this box up

here as d 8080 finally scroll all the

way back up and click back on session

and then what you can do here is click

save or a copy your fqdn copy paste it

under save sessions and then hit save in

order to save all this information so

you don't have to type it in again the

next time you launch putty and want to

connect to your server once you've saved

your session go ahead and click open and

then say yes we're gonna log in as root

and we should successfully authenticate

with our streisand VPN proxy server

okay so we have SSH into our streisand

VPN server and now we're going to proxy

Firefox through our streisand VPN server

on port 8080 since we added port 8080 as

an SSH tunnel when we created the

putty session okay so the first thing we

want to do is bring a firefox over and

you want to click on these three little

lines and choose options scroll down to

the very bottom click settings and then

you should be configured as no proxy by

default but we're going to change this

to manual proxy configuration this is

going to be a Sox v5 proxy the Sox host

is going to be our localhost address 1

2700 dot one on port 8080 okay so we

have that set we're gonna click OK and

now you can surf through Firefox through

your Streisand VPN proxy server and how

can we tell that it's working we can

tell that by going to a website that's

going to show us our external IP address

such as what is my IP comm or IP cow

comm or IP chicken comm or any other

number of sites that will show a win IP

address so let's just go to what is my

IP comm and you can see here that my IP

address is 2 Oh 6.1 89.7 T 252 now if we

bring over our digitalocean droplet page

the IP address of our Strife's and VPN

server is 206 dot 189 dot 72-52

so that matches and that means that

anything that we are surfing from

firefox any web pages that we go to etc

we are going to be surfing through the

streisand VPN proxy server so that is

working and the next thing that we need

to do is actually fix Open VPN so we can

successfully proxy Firefox through but

if you wanted to use opie Open VPN so

that you could proxy all of your

computer's traffic using Open VPN

through the Streisand VPN server there

are a couple of settings that we need to

change in order to make that happen

otherwise when you try to connect Open

VPN it just goes into a loop and it

never actually connects

ok so let's fix that this is going to be

step 12 of the documentation fix Open

VPN configuration settings and we need

to just change this line limit and procs

equals and we need to change that line

in

three different files on the streisand

VPN server the first file is this one

Lib system D system Open VPN at service

so we're gonna copy this here paste that

in there and then we want to scroll down

until we find limit and proc equals it's

ten by default we want to change it to

27 now what does this line do and why

are we changing it to 27 I haven't the

slightest idea honestly and if you do

know what limit and proc is I'm sure I

could look it up but put that down in

the comments below I'd be happy to hear

about that when it wasn't working for me

I emailed the project the people that

put on the streisand project and they

emailed me back and said yeah it's a

known issue you just have to change this

to 27 bla bla bla and so I did it and it

worked and that's good enough for me

okay so control X followed by yes and

entered to save and exit that file and

then we want to do the same thing for

two other files Etsy system D system

openvpn @ server dot service and OpenVPN

@ server - UDP dot service again all of

this is in the blog post just copy and

paste make your life easy okay

27 control X yes enter and then we're

going to do this last one here

okay and now at this point we want to

basically just reboot the server now it

says here do systemctl daemon reload and

then reboot you can probably just reboot

without the daemon reload but I like to

be thorough so we're gonna say systemctl

da e mo and - reload and then reboot

okay once the server comes back up you

should be able to connect up your open

VPN clients no problem that's it

congratulations you now have your

streisand VPN proxy server up and

running and let's do a speed test just

to make sure we're not gonna be slowing

down any of our traffic I have a

spectrum business 300 by 20 cable

connection here in my home office you

can see what is my IP let's just double

check make sure that I am still in that

same proxy IP address I am and let's

open up fast comm and see what kind of

speeds we're getting there we go

350 megabits per second through my

Streisand VPN proxy server let's also do

speedtest.net just for kicks and we're

gonna click go you can see that my ISP

my quote/unquote ISP and when IP says

digitalocean LLC and my speed test shows

331 down and four point four eight up so

not so great on the upload but again

your mileage may vary I've also had this

running on my iPhone connected through

wire guard for about the past 48 hours I

have not noticed any slowdown or any

problems running through this VPN proxy

server through my iPhone as well it's

been working just perfectly alright

there you go at this point you can

follow the instructions when you log

into the GUI of your streisand VPN

server you've got full client

instructions for how to connect your

iPhone your Android devices Open VPN

wire guard Windows 10 Mac whatever

client you happen to want to connect

through your streisand VPN server there

are full instructions I

tested most of them and there's a little

of a few caveats here and there and if

you're interested in supporting cross

talk solutions you can certainly

purchase the PDF as I mentioned earlier

where I detail some of the instructions

for connecting clients I do android

devices iOS devices using either open

VPN or wire guard as well as Windows 10

using Open VPN so all of that extra

client connection information is beyond

the scope of this video but it is in

that PDF if you're interested in

downloading it of course you don't have

to you can just look at the instructions

and figure it out just like I did

and if you're like Chris you're a greedy

bastard for trying to charge money for

that documentation again it's totally

optional but if you do have extra money

that's burning a hole in your wallet and

you would like to donate to perhaps the

streisand projects the creator of the

project joshua lund out of Salt Lake

City Utah does not take donations

through the Streisand page however he

did put a statement out on this and he

said he's not looking to make any money

off of Streisand but you can donate to

one of these other causes which would be

the ACLU Debian the Electronic Frontier

Foundation the freedom of the press

foundation open whisper systems or the

Tor project and I will put a link to

that statement as well down below if you

would like to donate to any of those

really good causes okay there you go

there is the complete set up for the

Streisand VPN server proxy what do you

guys think put your thoughts down in the

comments below I would love to hear them

and if you enjoyed this video please

give me a thumbs up if you'd like to see

more videos like this please click

subscribe my name is Chris for the

crosstalk solutions and thank you so

much for watching

[Music]