Got tired of trusting VPN companies with my data. Decided to roll my own. Turns out it's easier than I thought, and you can pay for everything with Bitcoin through Tor. Full privacy from start to finish.

Why Bother?Why Bother?

Most VPN services log your data despite what they claim. Even the "no logs" ones can be compromised or forced to start logging. Plus they know who you are because you paid with a credit card tied to your identity.

Running your own VPN means you control everything. No third party to trust. No logs unless you make them. And if you're smart about it, nobody knows it's yours.

What You NeedWhat You Need

• Bitcoin (obviously)
• Tor browser
• Basic Linux knowledge (I'll walk you through it)
• About 30 minutes
• 5000 sats for hosting

Step 1: Get a VPS with BitcoinStep 1: Get a VPS with Bitcoin

I used 1984 hosting because they're based in Iceland, accept Bitcoin, and don't ask for ID. Access their site through Tor.

Through Tor browser:

1. Go to 1984hosting.com (they have an onion address too)
2. Pick a VPS plan - their smallest one works fine for personal use
3. At checkout, select Bitcoin payment
4. They'll give you a Bitcoin address
5. Send payment from your wallet (use a mixing service first if you're paranoid)
6. Wait for confirmation

Takes about an hour to get your VPS details via email. They'll send you IP address, root password, etc.

Step 2: Secure Your VPSStep 2: Secure Your VPS

First thing - change that root password and set up proper access.

SSH into your VPS:

ssh root@your-vps-ip

Update everything:

apt update && apt upgrade -y

Create a new user (don't use root for everything):

adduser yourusername
usermod -aG sudo yourusername

Set up SSH keys for secure access:

mkdir ~/.ssh
chmod 700 ~/.ssh

Copy your public key to the server, then disable password auth:

nano /etc/ssh/sshd_config

Change these lines:

PasswordAuthentication no
PermitRootLogin no

Restart SSH:

systemctl restart ssh

Step 3: Install WireGuardStep 3: Install WireGuard

WireGuard is fast, modern, and way simpler than OpenVPN.

apt install wireguard -y

Generate server keys:

cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Create server config:

nano /etc/wireguard/wg0.conf

Put this in the file:

[Interface]
PrivateKey = [your server private key]
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = [your client public key - we'll generate this next]
AllowedIPs = 10.0.0.2/32

Step 4: Set Up ClientStep 4: Set Up Client

On your local machine, install WireGuard and generate client keys:

wg genkey | tee client_privatekey | wg pubkey > client_publickey

Create client config:

nano client.conf

[Interface]
PrivateKey = [your client private key]
Address = 10.0.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = [your server public key]
Endpoint = your-vps-ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Step 5: Enable IP ForwardingStep 5: Enable IP Forwarding

Back on the server:

echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p

Add your client's public key to the server config, then start WireGuard:

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Step 6: Configure FirewallStep 6: Configure Firewall

Set up UFW to only allow what you need:

ufw allow ssh
ufw allow 51820/udp
ufw enable

Step 7: ConnectStep 7: Connect

Import the client config into your WireGuard app and connect. Check your IP at whatismyipaddress.com - should show your VPS location now.

Random TipsRandom Tips

• Change the default WireGuard port from 51820 to something random
• Use different VPS providers for different purposes
• Consider running your own DNS resolver too
• Don't use the VPS for anything else that could identify you
• Rotate servers periodically

TroubleshootingTroubleshooting

If it's not working:

• Check firewall rules on both ends
• Make sure IP forwarding is enabled
• Verify your keys are correct
• Check if your ISP blocks WireGuard ports

Other ProvidersOther Providers

1984 hosting works well but there are others:

• Njalla (accepts Bitcoin, privacy focused)
• BitLaunch (Bitcoin only, multiple providers)
• VirMach (cheap, accepts crypto)

The Paranoid VersionThe Paranoid Version

Want maximum privacy?

• Pay for VPS through multiple hops (exchange Bitcoin first)
• Use Tails OS for the setup process
• Route through multiple VPS servers
• Change servers monthly

Is It Worth It?Is It Worth It?

For €5/month you get your own private VPN that nobody else controls. No logging policies to trust, no jurisdiction issues, no bandwidth sharing with sketchy users.

Setup takes maybe an hour. Maintenance is basically zero. And you learn how VPNs actually work instead of just clicking "connect" on some app.

Current StatusCurrent Status

Been running mine for 6 months now. Zero issues. Fast speeds. Complete privacy as far as I can tell.

Cost about €30 total so far. Compare that to NordVPN or whatever charging €100/year for worse privacy.

Plus now I actually understand how this stuff works instead of just trusting some company's marketing.