Seeking a comprehensive resource for configuring a private VPN
Seeking a comprehensive resource for configuring a private VPN
Hey everyone, I need a simple setup guide for a private VPN that doesn’t require monthly fees and works on both laptops and Android phones. Apple devices are optional. For the VPN device itself, what specs should I get to support roughly 2.5Gbps (currently WAN is 1Gbps up/down)? I need something compact and quiet. I plan to add up to 20TB of encrypted backup storage eventually, maybe scaling to 100TB later. If someone accesses it and deletes an HDD, the data should stay protected. I’ll likely have access a few times a year, so the system must restart automatically if power drops. Monitoring traffic and usage will be important—especially to catch any unusual activity. I’m open to buying used gear from eBay. The setup should support around 10 devices at once, but ideally two devices can run near full capacity. It shouldn’t need a screen, just a ready-to-use configuration at my place before changing network settings on-site. I want full visibility into access logs, bandwidth consumption, and total usage so I can spot odd connections. I’m willing to work with second-hand equipment. Let me know how it goes as I progress.
Your intention with the VPN is clear. If you install it on your own device, you can link from outside your home to your local network—the real purpose of using a VPN. It won’t conceal your internet activity from your ISP; they simply redirect the traffic through the VPN service. Verify your ISP’s router settings—some include VPN by default, so enabling it is straightforward. If not, it’s a simple setup. You might find guides for Wireguard or OpenVPN on the web.
Hide my activity from the home ISP (A), the VPN will be setup in another country (B) and I don't care what the ISP sees there. I mean, I'm not doing anything illegal so I don't really care, just makes things easier to access my network accounts from that country that are mostly locked to the country without workarounds... and well netflix titles from that country and no requirement to identify yourself for reddit for various topics like you have to in UK (A - home ISP). So basically hide from A while not caring what B sees. There's no way of hiding what B sees without paying for another VPN which doesn't make sense then. I'm hoping to make a small PC to also be able to add the storage option. My only issue with OpenVPN is that I had it setup once but once I lost connection I couldn't do anything about reconnecting without flying to country B and then I haven't been there for 2 years so it's not really working out :c I need some safe remote access to it too to reboot or adjust things. Best Regards,
The optimal choice would be to lease a virtual server in country B to run your VPN. Their control panel should let you restart the system remotely if needed. For personal hardware, consider keeping an alternative (like SSH) ready for backup connections, but this won't assist if the main machine fails. Running your own equipment eliminates extra costs beyond electricity and internet, though it adds complexity if you must bring the device offline entirely. Hosting locally can be costly if you rely on power and connectivity, especially if a VPS isn't cheap compared to the combined cost of your setup and service. A possible drawback is that professional providers often block IP ranges used by streaming services like Netflix.
Are you sure you need VPN traffic at gigabit speeds? If it’s essential, you’ll need a device that performs well for consumer networks. For a budget of around 500–800, a Raspberry Pi 5 running WireGuard can handle it.
I think I could ask for a restart, but that’s likely the highest tech the other person could manage. I wouldn’t pay rent for the space and I’ve already covered my ISP costs, so it makes sense to use it myself. Regarding power, I’m unsure if it matters much—if it really does, I’ll invest in it. The 1Gbps connection costs about $11 a month, which isn’t a big deal. I might try a dual setup, but the second option would just be a Raspberry Pi for external reboot and setup. If they let me connect it to their laptop via Team Viewer, I could reconfigure it easily. That might work sometimes. Alternatively, I could build an older E5 12-core or a newer Ryzen 5800 8-core PC. Adding storage would be simpler than using a Raspberry Pi with encryption.
You’d prefer a Ryzen or similar modern processor. Networking typically works best with a single-threaded design, making a powerful core preferable over many cores unless circumstances differ. For WireGuard security, you also need a chip that offers hardware acceleration.
Besides a RasPi, you might also consider mini PCs, though they usually come with a higher cost. You could also assemble a compact ITX system. Avoid consuming excessive power if you want decent performance without overloading the setup. If someone nearby can restart the device, that should suffice. I recommend enabling both VPN and SSH for backup connectivity options. In emergencies, you can route traffic via SSH. Create a lightweight machine using Debian, install VPN and SSH, enable them to boot automatically, and you’ll be ready.