How to set up a private L2TP VPN server for your iOS or MacOS devices on DigitalOcean

Leave a reply

Step 1. Sign up for DigitalOcean

You can get free $10 in credits if you sign up through this link: https://m.do.co/c/ecbd53848776

Step 2. Create a new droplet

Choose the newest Ubuntu distribution. (currently 18.04)
You can choose the smallest standard droplet which costs $5/mo. It is perfectly enough for your private VPN server. You don’t need to change anything else, although you can choose which region you would like to use.

Step 3. Log in to the droplet

You can use your favourite ssh client or you can open the console directly through the web interface.

Step 4. Install Docker on Ubuntu

If you succesfully logged in to your droplet you need to run the following commands to install docker and the vpn container on your system.

# install neccessary packages and docker's gpg key
apt-get update
apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
# add docker repository
add-apt-repository \
   "deb https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
apt-get update
# install docker community edition
apt-get install docker-ce

Step 5. Install the vpn server Docker container

docker pull hwdsl2/ipsec-vpn-server

Step 6. Set up your password in an env file

Replace the words between brackets with your desired passwords. You can check your passwords later if your run “docker logs vpn-server”

cat << EOF >.env
VPN_IPSEC_PSK=[your_ipsec_pre_shared_key]
VPN_USER=[your_vpn_username]
VPN_PASSWORD=[your_vpn_password]
EOF

Step 7. Load the af_key kernel module

modprobe af_key

Step 8. Start the Docker container

docker run \
    --name vpn-server \
    --env-file .env \
    --restart=always \
    -p 500:500/udp \
    -p 4500:4500/udp \
    -v /lib/modules:/lib/modules:ro \
    -d --privileged \
    hwdsl2/ipsec-vpn-server

Step 9. Set up your device

You need to set up a new L2TP type VPN connection on iOS or MacOS.

Your server will be your DigitalOcean droplet’s public IP which is visible on DigitalOcean’s dashboard.
The account will be what you set as VPN_USER
The secret will be the VPN_IPSEC_PSK’s value
The password is what is in the VPN_PASSWORD variable

Leave a Reply

Your email address will not be published. Required fields are marked *