Creating a do-it-yourself VPN that you manage and access on your own terms is not as difficult as you might think.
According to a 2019 report from Amerisleep, some 43% of workers in the United States work from home or other remote location at some point during the course of a year. Telecommuting, working from the road, and the overall gig economy are all trappings of the modern collaborative, mobile, and always connected enterprise workforce.
However, while there are measurable benefits to a remotely connected workforce, there are also significant security risks to mitigate. For example, protecting and securing the transmission of sensitive data across the internet between your home office network and the larger enterprise network requires, at minimum, a virtual private network (VPN). In many situations, the VPN is provided by the enterprise, but an independent contractor operating in the gig economy may have to provide VPN services for themselves.
With the help of cloud computing services like Microsoft Azure, creating a do-it-yourself VPN that you manage and access on your own terms is not as difficult as you might think. All it takes is a virtual machine running the right software. This tutorial shows you how to set up your own DIY VPN using an Azure VM operating as a SoftEther VPN server.
SEE: Comparison chart: VPN service providers (Tech Pro Research)
Azure virtual machine
This example assumes you already have a valid Microsoft Azure subscription. Open the virtual network section in the Azure Portal and create a standard VM using default settings except for one specific detail. You want to use the SoftEther VPN image for your virtual machine, which will be installed on the Windows Server 2016 Datacenter operating system. For a complete step-by-step run through of how to create this virtual machine in Azure, check out How to create and deploy a virtual machine in Microsoft Azure.
As an alternative, you can elect to create a basic Windows 10 VM and then download theSoftEther VPN application to that VM from the website. Either method will work, but the first method should save you some time in the short term while the second method could save you some money in the long term.
Once your VM is deployed, you will have to log in to configure the SoftEther VPN. Navigate to the virtual machine section of Azure and find the correct VM, click it and press the Connect link. You’ll download a remote connection file, double-click that file to log in to your VM. Say “Yes” or “OK” to the prompts and enter your administrative username and password.
When you reach the desktop, double click the SoftEther VPN application icon and connect to the server. You should see something like Figure A. The first time you start the application, you will enter a quick start up sequence where you will configure your VPN.
The next page ( Figure B) presents you with several checkboxes that will activate your VPN security protocols. You should click both the Remote access VPN server and the site-to-site VPN Server or VPN Bridge boxes to activate those services. For your home office, you are not likely to need the advanced configuration.
Next, you will move on to the Dynamic DNS setting screen shown in Figure C. You should change the name of your Dynamic DNS to something more memorable than the assigned DNS.
The next configuration screen will ask if you want to enable Azure Cloud VPN Services, as shown in Figure D. This is a free service and is a good first choice for your VPN server, however, you may want to use another server application like OpenVPN. For our example, we will enable the Azure VPN.
The next screen in the quick setup procedure will ask you to create a new user account ( Figure E). Click the Create user button and provide a name and password for a user. You can use this configuration screen to establish credentials for anyone else who may want to access your home office VPN server.
At the bottom of the create user quick setup screen (Figure E), you will also want to change the default local bridge to Microsoft Ethernet adapter.
When the quick setup is complete, you will arrive at the VPN Management console screen shown in Figure F. This where you can handle all of the potential management duties you will have for your home office VPN server.
At this point, there is only one more configuration screen to check and confirm. Click the IPsec/L2TP button and confirm that the two upper boxes are checked off and enabled on the configuration screen, as shown in Figure G. These settings will allow your smartphones to connect to your home office VPN.
Home office VPN
Your new home office VPN is now ready to serve. You should be able to connect to it using the appropriate IP address listed on the management screen. You can also add and subtract users to your VPN through the VPN Management console.
Note, your Azure virtual machine is not free, and you will be charged for it when it is active. The cost will vary slightly depending on the specifics of your VM, but in our example, costs ran about $1 per day. To save some money, you should stop the server when you do not need it and reactivate it when you do.