DDoS attacks are on the rise, and with that comes a higher risk for people like you to be targeted by one. If you are targeted by a DDoS attack, it is not the end of the world; you can simply reset your router, or wait out the attack. Although, why even go through trouble if you can prevent it in the first place?
How Does A DDoS-Protected VPN Work?A DDoS-protected VPN is just like any regular VPN, but with firewalls in place utilizing iptables to counter the attacks that may come in. It is unlikely that you will find a VPN provider that has the DDoS protection measures in place to defend against most attacks, and that is why we will be making our own VPN. It will be cheaper, more customizable, and faster than a majority of providers such as NordVPN.
Are You At Risk Of DDoS?DDoS has always been a problem, but more so for companies, data centers, and larger targets. Only recently has DDoS become a problem for the average person. This spike started in 2016, when people started developing easy-to-use DDoS tools that people can create themselves or purchase; large example of this is “stressthem.to”. A lot of these DDoS attacks are considered small, but powerful enough to shut down a home network or poorly protected server. So needless to say if you are regularly playing games, streaming, or browsing the web then there will always be a slight risk you will be targeted by an attack.
How To Make Your Own DDoS-Protected VPNCreating and connecting to your own DDoS-protected VPN is quite simple, and not very different from creating a VPN without DDoS protection. In a few sentences to explain the process; we will purchase a Virtual Private Server (VPS) to host the VPN on, after connecting to the VPS we can run our script and set up the VPN with firewalls in a few commands. Lastly, we will get our config, which we will import into the Wireguard software and connect.
Wireguard UsageWireguard is a VPN protocal that is generally taken for its speed, security and simplicity. In our tutorial of creating your own DDoS protected VPN, we will use Wireguard. Wireguard excels with proven encryption protocols, and UDP tunneling. Setting up We’ll make installing Wireguard easy, by providing a script to guide you through the entire process of creating your own DDoS protected VPN.
1. Download Prequisities - There are a few things we need to download that'll be used later in the setup.
1b. MobaXterm - MobaXterm will be used to SSH into our VPS server and run commands. (Windows users only)
1c. wireguard-install.sh - This script will be ran on our server to guide you through creating your own Wireguard VPN with firewalls.
2. VPS Server - For a 100gbps capacity, in addition to unmetered bandwith, we'll be using a Virtual Private Server (VPS) from black.host.
2a. Go to black.host and navigate to "VPS Hosting".
2b. Pick your plan, we'll be using a UNM Core.
2c. Create a hostname for your VPS (ex. ddos-protected-vpn).
2d. Choose a location nearest to you for best connectivity.
2e. Choose the operating system Ubuntu 22.04 or higher.
2f. For control panel choose "none".
3. Logging into VPS Server - We will use MobaXterm to SSH into our server, using the credentials sent to your email by black.host.
3a. Check your email to find the Virtual Private Server (VPS) credentials sent by black.host
3b. Open MobaXterm and choose "Session" then "SSH"
3c. In the hostname field, refer to the email containing your server credentials and input the "Main IP Address".
3d. Make sure the port is "22" and continue.
3e. It will prompt a login, in which you will login as: root and refer to the "Root Password" from your email to finish connecting.
3f. MobaXterm will prompt you to create a master password, this will be used to encrypt your server credentials.
4. Configuring the VPN - We will use the wireguard-install.sh script to configure our VPN and firewalls.
4a. Make sure your system is up-to-date and install wireguard
$ sudo apt update
$ sudo apt install wireguard
4b. Drag the wireguard-install.sh setup script to your servers directory in MobaXterm
4c. Grant wireguard-install.sh proper permissions
$ chmod +x wireguard-install.sh
4d. Run the wireguard-install.sh script
$ ./wireguard-install.sh
4e. Now the script will prompt us through the configuration process, first you need to choose a port. We will be using the default Wireguard port "51820". Press Enter.
4f. Next, we must create a client name, ours will be "John". Press Enter.
4g. Now we need to choose our DNS, we'll suggest Adguard DNS to limit ads and trackers. Type "6" and Press Enter.
4h. To begin Wireguard installation, Press Enter.
4i. The configuration process is finished, and your new configuration file for "John" has been created. To create more users, you can run the script again.
6. Connecting to the VPN - We will use the Wireguard client to connect to your newly created configuration file.
6a. Press the green refresh button in the directory of your servers MobaXterm SSH terminal. You should see your newly created configuration file with the clients name and .conf. To download, drag that file to your Desktop.
6b. Startup the Wireguard client and navigate to the "import tunnel(s) from file" button.
6c. Select the .conf file you downloaded from your server, and press open.
6d. Press activate in order to connect to your VPN.
Now you have a fully functional, fast, DDoS protected VPN. You can open the Wireguard client on startup, to auto connect to your config.
Note: After setting up your VPN, dont restart your server from the VPN dashboard. This will erase the firewalls put in place. For some reason if you need to, reinstall the VPS and setup the VPN server again.
