Stop Broadcasting Your Passwords: The Case for a Personal VPN

Let’s be honest. If you are sitting at a café in Grünerløkka or connecting to the airport WiFi at Gardermoen, you might as well be shouting your passwords through a megaphone. Packet sniffers are trivial to use, and unencrypted HTTP traffic—which is still the vast majority of the web—is wide open. I’ve seen tcpdump sessions capture corporate login credentials in plain text simply because a developer thought WEP encryption was "good enough." It isn't.

The solution isn't to stop working remotely; it's to tunnel your traffic through a trusted endpoint. This guide walks you through setting up a robust OpenVPN server on a Linux VPS.

Prerequisites: It Starts with the Kernel

Most budget hosting providers oversell their nodes using OpenVZ and leave the crucial TUN/TAP kernel modules disabled to save overhead. If you can't create a virtual network interface, OpenVPN won't work. Period.

For this setup, you need a VPS that acts like a dedicated server. This is why we use Xen HVM virtualization at CoolVDS. You get your own kernel, dedicated RAM, and full control over /dev/net/tun. Do not attempt this on a cheap shared container; you will hit a wall when trying to modify routing tables.

Pro Tip: Before buying a VPS, SSH in and run cat /dev/net/tun. If it returns File descriptor in bad state, you're good. If it says No such device, cancel your subscription. CoolVDS instances are pre-configured with this enabled.

Step 1: Installation on Debian 5.0 (Lenny)

We’ll stick to Debian Lenny for its stability. CentOS 5 is fine, but Debian's package management is faster for this.

Copy the easy-rsa generation scripts to a safe directory so we don't mess up future updates:

Step 2: The PKI Infrastructure

Security is only as good as your keys. We need to generate a Certificate Authority (CA), a server certificate, and client keys. Edit the vars file first to set your defaults (KEY_COUNTRY, KEY_ORG, etc.) to match your organization.

This generates the Diffie-Hellman parameters. On a slow VPS, this takes forever. On CoolVDS instances backed by high-speed 15k RPM SAS RAID-10 arrays, the entropy generation completes significantly faster.

Step 3: Server Configuration

Create /etc/openvpn/server.conf. We are going to use UDP for performance. TCP over TCP leads to "meltdown" when packet loss occurs.

Note the use of OpenDNS servers. Relying on your ISP's DNS in a tunnel often results in leaks or resolution failures.

Step 4: IP Forwarding and NAT

Your server needs to route traffic from the VPN subnet to the internet. First, enable packet forwarding:

Now, configure iptables. This is where most people break their connectivity. We need to masquerade the VPN traffic so it looks like it's coming from your VPS IP.

Make sure to save this rule so it persists after a reboot.

Latency Matters

Encryption adds overhead. If your VPS has high latency to the backbone, your browsing experience will be sluggish. Hosting in Norway, specifically connected to the NIX (Norwegian Internet Exchange), ensures that your data stays within low-latency hops if you are working from Oslo or Bergen. Furthermore, adhering to the Personal Data Act (Personopplysningsloven) is simpler when your data doesn't unnecessarily traverse borders.

We engineered CoolVDS specifically for low-latency operations. We don't overload our host nodes, meaning your CPU interrupts are processed immediately—vital for encryption/decryption tasks in OpenVPN.

Conclusion

Once your client connects, verify your IP address. You should see the IP of your CoolVDS instance, not your local ISP. You now have a secure, encrypted tunnel through the hostile environment of public internet access.

Don't risk your credentials on an open network. Spin up a Debian instance on CoolVDS today—our provisioning takes less than 2 minutes—and lock down your connection.