Hello comrades, I recently started to selfhost my own VPN. I thought of using a regular VPN provider but I don’t trust the cheap ones and the good ones are too costly for my needs. So I started to rent a cheap one core VPS (DMCA ignored of course) for 2,5€/month. Before that I tried some seedboxes from some cheap providers, but the amount of control you have there was absolutely terrible. If they have SSH access, you have no sudo permission.

One of those providers I tried just deploys docker containers and then using some fancy marketing they make a good amount of cash from something that one can do oneself with a little bit of technical knowledge. And then when something doesn’t work; good luck my friend.

So that’s why I choose a VPS where you have maximum control. Setting it all up including security measures and a custom OS is very fun. My distro of choice is Devuan. I’m running a Debian based distro myself and having no systemd not only boosts the startup time, but saves some system resources, which is especially important on a server with 1 GB RAM.

Installing Devuan was quite an adventure. Navigating their website to find the right download is like cruising a wild jungle. After choosing a mirror to downloaded from, one has to check the name of the latest release. After that I selected “installer-iso”. In there I grabed the netinstall. From there the real adventure began. Among the “standard stuff” I had to specify the DNS and netmask, nothing wild. I didn’t installed a desktop environment of course, just the ssh-server components.

I then followed Wolgangs guide to setup SSH. Managing a computer without a desktop environment is something I never had done before and while on a desktop PC this can be a horrifying experience, it’s really fun to operate a remote system via command line. For enhanced security I activated and configured ufw. Many distros comes preinstalled with gufw, so setting up ufw wasn’t a big deal.

Without systemd many Wireguard install script doesn’t work, so I installed Wireguard via docker-compose with the help of Christian Lempas wonderful guide. Amazing guy. I had to enter the DNS servers manually so that the actual DNS addresses of the server are used.

I tried to route IPv6 traffic through the VPN by entering the IPv6 address in brackets into the docker-compose.yaml, adding ::/0 in the AllowedIPs, but it all didn’t worked. So I had to deactivate IPv6 on my system and in the network manager. This stopped all IPv6 leaks.

As killswitch I found this easy method. I tested it and it works. No IP-leaks anymore.

To prevent DNS leaks I found these commands: sudo iptables -A OUTPUT -p udp --dport 53 -j DROP, sudo iptables -A OUTPUT -p tcp --dport 53 -j DROP. I tried the ufw equivalent sudo ufw deny out 53/udp, sudo ufw deny out 53/tcp, but it blocks internet access. I make the iptables persistent with iptables-save since iptables-persistent conflicts with gufw and ufw.

With this setup I started my torrent client and saw that I’m barely seeding. That’s not cool. I tried to set up port forwarding with a lot of iptables and routing tables like this one but when checking the port it’s always closed.

So what now? My goal is to torrent over the I2P. I see a lot of potential in the I2P. It is basically what people envisioned the internet to be in the 90s. Since the internet is a military technology, freedom was never implicated, so even with a lot of obfuscation and circumvention, there is always some trouble when using clearnet. My intention with the VPN is to port over clearnet torrents to I2P. Thus the reliance on VPNs can be decreased.