How to Create Your Own Free VPN Server Using Oracle Cloud (2025 Guide)

Let’s face it - VPN subscriptions aren’t cheap, and who really knows what these companies do with our data? After getting fed up with monthly fees and privacy concerns, I decided to build my own VPN server. The best part? It’s completely free using Oracle Cloud’s Always Free tier. I’ll show you exactly how I did it, and trust me, it’s easier than you might think.

VPN Concept

Why You Should Set Up Your Own VPN Server

Before we dive into the technical details, let’s understand why running your own VPN server is a game-changer:

  1. Complete Privacy Control: Unlike commercial VPN services, you’re the only one with access to your server logs. No more wondering if your VPN provider is really “no-logs” as they claim. If you prefer an even simpler VPN solution, check out our guide on using sshuttle as a VPN alternative.

  2. Better Performance: Direct connection to your server means lower latency and faster speeds. No more sharing bandwidth with thousands of other users on overloaded VPN servers.

  3. Zero Monthly Costs: Oracle Cloud’s Always Free tier is genuinely free forever, offering generous resources that are more than enough for a personal VPN:

    • AMD-based VM with 1 CPU core and 1GB RAM
    • Arm-based VM with up to 4 cores and 24GB RAM
    • 10 TB monthly data transfer
    • 200 GB block storage

  4. Full Control: You decide the server location, protocols, and security settings. No artificial restrictions or blocked ports.

If you’re interested in learning more about network security while setting up your VPN, I recommend checking out this comprehensive guide on Amazon that includes hands-on labs.

Getting Started with Oracle Cloud Free Tier

VPN Components

Setting Up Your Oracle Cloud Account

Note: If you’re already familiar with Oracle Cloud from setting up other services (like our Minecraft PE server guide), you can skip this section.

  1. Visit the Oracle Cloud website and sign up for a free account
  2. You’ll need:
    • Valid email address
    • Credit/debit card (for verification only - you won’t be charged)
    • Phone number for verification
    • Home address

Choosing the Right Region

Select a region that’s:

  • Geographically close to your physical location to minimize latency and ensure optimal connection speeds
  • Has consistent availability of free tier resources (some popular regions like US East can be frequently full)
  • Matches your privacy requirements (different regions have different data protection laws)
  • Offers the specific VM shape you want to use (not all shapes are available in every region)
  • Has good internet connectivity to your target services and websites

Pro tip: If you get an “out of capacity” error while creating your VM (which is common in popular regions), use this helpful script that automatically retries VM creation until successful. You can also try creating your VM during off-peak hours or try different availability domains within your chosen region.

Step-by-Step VPN Server Setup

1. Creating Your Virtual Machine

# First, create a VM with these specifications:
- Shape: VM.Standard.E2.1.Micro (AMD) or VM.Standard.A1.Flex (ARM)
- OS: Ubuntu 22.04 LTS
- VCN: Create new with public subnet
- SSH key: Generate new or use existing

2. Setting Up WireGuard VPN

WireGuard is the recommended choice for its:

  • Modern cryptography
  • Better performance than OpenVPN
  • Simpler setup and maintenance
  • Lower resource usage
# Install WireGuard
sudo apt update
sudo apt install wireguard

# Generate private and public keys
wg genkey | sudo tee /etc/wireguard/private.key
sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

3. Configuring the Server

Create the WireGuard configuration file:

sudo nano /etc/wireguard/wg0.conf

# Add this basic configuration
[Interface]
PrivateKey = <your-private-key>
Address = 10.0.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32

4. Security Configuration

VPN Monitoring

Security is crucial for your VPN server. Here’s what you need to do:

  1. Configure Oracle Cloud Security Lists:

    • Allow UDP port 51820 (WireGuard)
    • Allow ICMP for ping (optional)
    • Restrict SSH access to your IP

  2. Set up fail2ban:

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
  1. Enable automatic updates:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

For advanced network monitoring, consider using a tool like the Domotz Box to keep track of your VPN server’s performance and security.

Connecting Your Devices

Windows Setup

  1. Download the WireGuard client
  2. Create a new tunnel with your configuration
  3. Generate client keys and add them to server config

Mobile Devices

  1. Install WireGuard from App Store/Play Store
  2. Scan QR code or import configuration
  3. Enable “On Demand” for automatic connection

For Windows users who prefer a more traditional VPN client, the SonicWall Global VPN Client is a reliable alternative.

Maintaining Your VPN Server

Regular Maintenance Tasks

Regular maintenance is crucial for keeping your VPN server secure, performant, and reliable. Without consistent upkeep, your server could become vulnerable to security threats, experience degraded performance, or even fail completely. By following a structured maintenance schedule, you can identify and address potential issues before they impact your VPN service, ensure your security measures remain effective, and maintain optimal performance for all connected devices.

  1. Weekly:

    • Review system logs for any suspicious activities or errors
    • Monitor CPU, memory, and network resource usage patterns
    • Verify backup integrity and test restoration procedures
    • Check WireGuard service status and connection logs
    • Monitor failed login attempts and security alerts

  2. Monthly:

    • Update all system packages and security patches
    • Review and adjust firewall rules and security lists
    • Check for unusual network traffic patterns or connections
    • Clean up old logs and temporary files
    • Test VPN connectivity from all client devices
    • Verify DNS resolution and performance

  3. Quarterly:

    • Generate and rotate all encryption keys for enhanced security
    • Update and redistribute client configurations as needed
    • Perform thorough performance optimization and benchmarking
    • Review and update access control lists
    • Test disaster recovery procedures
    • Update documentation and configuration backups

Monitoring and Optimization

Effective monitoring is your first line of defense against performance issues and security threats. Each monitoring metric serves a specific purpose in maintaining your VPN server’s health:

Keep an eye on:

  • Server load average and CPU utilization trends: Helps identify resource bottlenecks and capacity issues
  • Network throughput, latency, and packet loss statistics: Critical for maintaining good connection quality
  • Number of active connections and concurrent users: Ensures server isn’t overloaded
  • System error logs and WireGuard-specific logs: Early warning system for potential problems
  • Disk usage and I/O performance: Prevents storage-related issues and slowdowns
  • Memory usage and swap utilization: Indicates if server needs resource adjustment
  • Failed authentication attempts: Potential security breach indicator
  • Bandwidth usage per user/device: Helps identify abnormal usage patterns
  • DNS resolution performance: Affects browsing speed and reliability
  • TLS/SSL certificate expiration dates: Prevents unexpected service interruptions

Advanced Tips and Tricks

  1. Split Tunneling: Configure certain apps or websites to bypass the VPN
  2. Kill Switch: Prevent data leaks if VPN connection drops
  3. Multi-user Setup: Create separate configurations for family members
  4. Backup Configuration: Always keep secure copies of your configs

Troubleshooting Common Issues

  1. Connection Problems:

    • Verify Oracle Cloud security lists
    • Check client configuration
    • Confirm server is running

  2. Performance Issues:

    • Test different MTU settings
    • Try alternate DNS servers
    • Monitor server resources

Conclusion

Setting up your own VPN server on Oracle Cloud’s Free Tier is a powerful way to take control of your online privacy while saving money. The initial setup might seem daunting, but the long-term benefits of having your own secure, private, and free VPN server are well worth the effort.

Remember to regularly maintain your server, keep security in mind, and enjoy the freedom of having your own personal VPN service without monthly fees or privacy concerns.

Have you set up your own VPN server before? What challenges did you face? Share your experiences in the comments below!

Last updated: February 2025