Got tired of trusting VPN companies with my data. Decided to roll my own. Turns out it's easier than I thought, and you can pay for everything with Bitcoin through Tor. Full privacy from start to finish.
Why Bother?
Most VPN services log your data despite what they claim. Even the "no logs" ones can be compromised or forced to start logging. Plus they know who you are because you paid with a credit card tied to your identity.
Running your own VPN means you control everything. No third party to trust. No logs unless you make them. And if you're smart about it, nobody knows it's yours.
What You Need
- Bitcoin (obviously)
- Tor browser
- Basic Linux knowledge (I'll walk you through it)
- About 30 minutes
- 5000 sats for hosting
Step 1: Get a VPS with Bitcoin
I used 1984 hosting because they're based in Iceland, accept Bitcoin, and don't ask for ID. Access their site through Tor.
Through Tor browser:
- Go to 1984hosting.com (they have an onion address too)
- Pick a VPS plan - their smallest one works fine for personal use
- At checkout, select Bitcoin payment
- They'll give you a Bitcoin address
- Send payment from your wallet (use a mixing service first if you're paranoid)
- Wait for confirmation
Takes about an hour to get your VPS details via email. They'll send you IP address, root password, etc.
Step 2: Secure Your VPS
First thing - change that root password and set up proper access.
SSH into your VPS:
ssh root@your-vps-ip
Update everything:
apt update && apt upgrade -y
Create a new user (don't use root for everything):
adduser yourusername
usermod -aG sudo yourusername
Set up SSH keys for secure access:
mkdir ~/.ssh
chmod 700 ~/.ssh
Copy your public key to the server, then disable password auth:
nano /etc/ssh/sshd_config
Change these lines:
PasswordAuthentication no
PermitRootLogin no
Restart SSH:
systemctl restart ssh
Step 3: Install WireGuard
WireGuard is fast, modern, and way simpler than OpenVPN.
apt install wireguard -y
Generate server keys:
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
Create server config:
nano /etc/wireguard/wg0.conf
Put this in the file:
[Interface]
PrivateKey = [your server private key]
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = [your client public key - we'll generate this next]
AllowedIPs = 10.0.0.2/32
Step 4: Set Up Client
On your local machine, install WireGuard and generate client keys:
wg genkey | tee client_privatekey | wg pubkey > client_publickey
Create client config:
nano client.conf
[Interface]
PrivateKey = [your client private key]
Address = 10.0.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = [your server public key]
Endpoint = your-vps-ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Step 5: Enable IP Forwarding
Back on the server:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
Add your client's public key to the server config, then start WireGuard:
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
Step 6: Configure Firewall
Set up UFW to only allow what you need:
ufw allow ssh
ufw allow 51820/udp
ufw enable
Step 7: Connect
Import the client config into your WireGuard app and connect. Check your IP at whatismyipaddress.com - should show your VPS location now.
Random Tips
- Change the default WireGuard port from 51820 to something random
- Use different VPS providers for different purposes
- Consider running your own DNS resolver too
- Don't use the VPS for anything else that could identify you
- Rotate servers periodically
Troubleshooting
If it's not working:
- Check firewall rules on both ends
- Make sure IP forwarding is enabled
- Verify your keys are correct
- Check if your ISP blocks WireGuard ports
Other Providers
1984 hosting works well but there are others:
- Njalla (accepts Bitcoin, privacy focused)
- BitLaunch (Bitcoin only, multiple providers)
- VirMach (cheap, accepts crypto)
The Paranoid Version
Want maximum privacy?
- Pay for VPS through multiple hops (exchange Bitcoin first)
- Use Tails OS for the setup process
- Route through multiple VPS servers
- Change servers monthly
Is It Worth It?
For €5/month you get your own private VPN that nobody else controls. No logging policies to trust, no jurisdiction issues, no bandwidth sharing with sketchy users.
Setup takes maybe an hour. Maintenance is basically zero. And you learn how VPNs actually work instead of just clicking "connect" on some app.
Current Status
Been running mine for 6 months now. Zero issues. Fast speeds. Complete privacy as far as I can tell.
Cost about €30 total so far. Compare that to NordVPN or whatever charging €100/year for worse privacy.
Plus now I actually understand how this stuff works instead of just trusting some company's marketing.