How to Create a VPN

Someone told you about the possibility of connecting to your computer via the Internet precisely as you would via a local network: by informing you around, you came across my tutorial on how VPNs work, and now you plan to set up your VPN to connect to your PC using the “tunnel” mechanism.

I must admit that you have made a great choice, also given the convenience of this system: of course, understanding how to create a VPN is not immediate, but I can assure you that following all the tips and tips that I will provide you in this guide, it will seem so simple that you can master everything in a heartbeat and pull up a brand new VPN on both Windows and Linux!

Before continuing, however, I must make a necessary premise: “home” operating systems, such as Windows 10, Windows 8.1, or Windows 7, allow the creation of VPNs using only the PPTP protocol, currently considered obsolete due to some vulnerabilities (however difficult to exploit) found in the past. As a result, I recommend connecting to your VPN only safely to avoid unwelcome surprises.


Get started

The operation of creating a VPN, in itself, is effortless: all you have to do is make a couple of clicks or give some command from Terminal. However, what may take some time is preparing your computer and network to host a VPN.

First, you need to sign up for a dynamic  DNS service, after which you need to set up a  static IP address on the computer that needs to host the VPN. Finally, it would help if you opened the NAT of the router ports to allow access from outside. Are you already fearing that you’ve “lost” yourself among all these technicalities? Do not worry. In the paragraphs below, I will give you all the necessary instructions to succeed in the enterprise.


Configure dynamic DNS

Before getting to the heart of the matter and setting up your operating system to “host” a VPN, I recommend that you sign up for a dynamic  DNS service. Have you never heard of it? Don’t worry; I will explain shortly what it is: as I have already explained to you in my tutorial on how to find out and view what your IP address is, each connected device can be reached on the Internet via a numerical (or numerical and literal) sequence called, precisely,  IP address.

In most cases, Internet service providers assign their customers a dynamic  IP address,  which is an IP that changes every time the modem disconnects and reconnects to the Internet: this could be a “problem” since it is not possible to know a priori the next assigned dynamic IP. As a result, in case you want to connect to your homemade VPN, you need to get your router’s IP address a priori, which, however, could change at any time.

This problem can be solved with dynamic DNS services,  that is, platforms that offer the possibility to associate with your IP address a string of characters (e.g.,, easily memorized, and that can be automatically “updated” over time: in this way, to reach your VPN, you will have to store its literal address, without worrying instead of numeric IP.

One of the best dynamic DNS services is no-IP.  Com,  which, in addition to being completely free, offers Windows, macOS, and Linux platforms that can re-associate the computer’s IP address with the “literal” address in a completely automatic way. To register for, connect to this internet page and enter your email address,  password, and hostname name in the fields in charge: the latter,  in particular, is the one you need to store to connect to your VPN (e.g., If you want to change the “final” part of the hostname, you can intervene on the drop-down menu located immediately next to the insertion box.

Fill in all the required fields, remove the checkmark from the  Send me newsletters & special offers box,  press the  Free Sign Up button, and click the Confirm  Address button in the confirmation email that is automatically sent to your inbox.

Una volta registrato al servizio, devi scaricare il programma che ti permette di “associare” il tuo indirizzo IP all’hostname scelto: per farlo, collegati a questa pagina Web , pigia sul pulsante  Download Ora e attendi che il file venga scaricato sul tuo computer.

Se ti trovi su  Windows , avvia il succitato file, dopodiché pigia sui pulsanti  I Agree ,  Install e Finish , inserisci nella schermata del programma il tuo  nome utente  e la tua  password e clicca sul pulsante  Sign In . Se necessario, apponi il segno di spunta nella casella relativa all’hostname appena creato, collocata all’interno del nuovo pannello, clicca sul pulsante  Save e attendi la comparsa dei tre segni di spunta verdi all’interno della finestra principale del programma. Se vuoi, puoi ridurre a icona il programma pigiando sulla  X  collocata in alto a destra.

Se invece intendi configurare la tua VPN su Linux, dovrai agire quasi completamente da linea di comando. Apri il  Terminale richiamandolo dal  menu principale della tua distribuzione o dalla  Visuale Attività , digita il comando  cd ~/Scaricati  e premi  Invio , ripeti l’operazione per i comandi  tar -xfvz noip-duc-linux.tar.gz e, successivamente, digita  cd noip-2.1.9-1/ , dopodiché digita il comando  sudo apt install make gcc , seguito da  Invio .

Fatto ciò, avvia la procedura di compilazione e configurazione impartendo il comando  make &&  sudo make install : quando richiesto, digita la  password amministrativa di Linux e pigia  Invio , digita successivamente l’ email di accesso a no-ip seguita sempre da  Invio , digita poi la relativa  password e pigia  cinque volte Invio , fino alla comparsa del testo  mv /tmp/no-ip2.conf /usr/local/etc/no-ip2.conf .

Although the previous operation only needs to be done once, you need to manually start the no-IP client whenever you intend to use your VPN: you can do it very quickly, always from the Terminal, by typing the sudo noip2 command followed by entering.


Assign a static local IP

Once you associate the hostname with the IP address, you need to assign a static local IP address to the computer on which you intend to create your VPN. The easiest way to do this is through the router: in general, What you need to do is first connect your computer to the network, after which you enter the router, go to the LAN settings or  Devices section, select the option for Booking addresses or adding DHCP binding (alternatively, you can check the entry for assigning a fixed IP), type the address to transfer to the computer (e.g., ), and save the changes.

Unfortunately, I can’t be more precise about assigning static IP addresses, as each router has slightly different options. In principle, though, you should be able to achieve this by using the instructions I’ve already given you: in the unfortunate event that you fail, I recommend that you refer to my guide on how to assign static IPs to get more information about it.


Open the NAT on your router.

The last step before moving on to the actual configuration of the VPN on your computer is to open the NAT in the router,  that is, to make the listening ports associated with the VPN service accessible from the outside.

To do this, log on to your router (you can follow my dedicated guide to find out how to proceed), go to the Port Forwarding or Virtual Server section,  enter have prompted the servers local IP address (the static local IP address of the computer you set up in the previous section), the port to open, and the protocol. As for the VPN, you need to open ports  47  and  1723 with  TCP and  UDP protocols.

If the instructions I gave you were not enough and you could not find the section that allows you to open the doors on your router, I invite you to consult my guide on unlocking the NAT to get the exact sequence of steps to apply achieve the goal.


How to create a VPN on Windows

Now that you’ve finally set up everything you need, it’s time to get into action and create a VPN on Windows. As I have already mentioned,  the PPTP protocol will be used. Although it is not easy to exploit its vulnerabilities, I remind you that it is a reasonably outdated protocol,  so I recommend using the VPN to create awareness of any risks. Also, keep in mind that such a designed VPN server can accept at most one client at a time.

It’s time to take action:

Start the Control Panel by searching for it in the Start menu (accessible via the flag button located in the lower-left corner of the screen).

  • Click on the Network and  Internet item,  then on the Network and Sharing  Connection  Center entry.
  • From the left side of the window, select the Edit Tab Settings item again.

After that, press the  Alt button on the keyboard to display the menu bar, select the File menu > New Incoming  Connection…, select the computer users authorized to access it by checking the corresponding boxes, and press on the  Next button. If necessary, you can create new ones by pressing the Add  User button… and filling out the proposed form.

In the next panel, place the checkmark in the  Over the Internet box,  click the  Next button, check the Internet Protocol version 4,  File and Printer Sharing for  Microsoft Networks, and  QoS Package Scheduler boxes, then select the Internet Protocol version 4 entry and press on the Properties button.

At this point, put the checkmark on the  Specify IP addresses box and enter in the appropriate fields the starting IP address and the last IP address to assign to the devices that will connect to the VPN. For example, if you intend to reserve more than 50 IP addresses (well aware that, as I explained to you before, you can only use two simultaneously), you can use 192,168.1.150  as the starting address and as the last IP address.

Now, click the OK button and, once back in the main window, click the Allow  Access button. Then wait for the VPN creation message and click the Close button.

You can control the number of devices connected to your VPN using the Inbound Connections iconlocated in > network and internet control panel > network sharing center and > edit tab settings. Instead, delete the VPN, right-click the Inbound  Connections icon, select the Delete item from the proposed menu, and press the Yes button.


How to create a VPN on Linux

Also, about  Linux,  the procedure I am going to illustrate to you concerns creating a VPN based on the PPTP protocol: I want to remind you, once again, that it is a reasonably old protocol. Although not very simple to violate.

Aware of this detail, the time has come to get in on the action: first, start the Terminal,  after which type the sudo apt install pptpd command followed by entering and when prompted, enter your administrative password followed once again by Enter; If necessary, press the Enter key again to start the installation.

After the process is complete, you need to declare the computer’s IP address (the one you will connect to) and the IP address space to assign to the “guest” devices. To proceed, type the sudo edit /etc/pptpd.conf command from the Terminal, scroll to the end of the text, go head-to-head with entering, and insert the following into the file. You need to replace the IP address at the  local IP that you assigned to the VPN server computer and the set of lessons at  remote IP that your computer needs to give to VPN “guests.”

Complete the changes, press the Save button at the top right, and close Gedit. local IP

remote IP

At this point, you need to tell the VPN server which addresses to use to “convert” literal addresses to IP (usually the router takes care of this task): to proceed, always from the Terminal, type the sudo edit /etc/PPP/pptpd-options command followed by entering, enter if requested the administrative password, go to the bottom of the file, go head-to-head by pressing the Enter button and type the following. Replace your router’s IP at the IP address at ms-DNS: if you don’t know it, you can retrieve it using the instructions I provided you in this guide.

Complete the necessary changes, press on the Save button to confirm them, after which close


no px

MTU 1490

MRU 1490

The last necessary step is to configure the user who can access the VPN, “declaring” the username and passwords to be dedicated to it: to proceed, type from the Terminal the sudo edit /etc/PPP/chap-secrets command followed by entering and kind, if necessary, your administrative password.

Make sure you are alone (since the passwords are shown in plain text). After this type, the username to access the VPN, press the tab key of the keyboard (the one usually placed on the Shift button), enter a  * (asterisk), press the TAB  button again,  type the password,  press the  TAB button again and enter another  *. After this procedure, press the  Save button, close gedit, type from Terminal the sudo system ctl pptpd restart command, and finally, the sudo sysctl -p command: your VPN is finally ready! You can disable it at any time by typing the sudo system ctl pptpd stop command.


How to connect to a VPN

It’s time to enjoy the result of so much effort and connect to the VPN you just created! Don’t worry. The procedure is straightforward: all you need to have at hand to make the connection is your server’s hostname (the one created through the no-IP service),  the username,  and the password to access the VPN. Once you’ve annotated the information, you can connect to your computer using one of the procedures I’ll point out below.

  •  Windows 10 – access the notification area by clicking on the balloon-shaped button at the bottom right, pressing on the  VPN switch, and then the  Add VPN connection entry placed in the new panel that appears on the screen. Select the Windows item from the VPN Provider drop-down menu, type the connection name in the VPN Type drop-down menu,  enter your server’s hostname in the Name or Server Address field,  select point to point tunneling protocol (PPTP) from the  VPN Type drop-down menu, choose the User Name and  Password option from the Login  Info Type menu, and then type your VPN login credentials in the appropriate fields and press on the  Save button. Once back in the Settings panel,  click the newly created VPN icon and then click the  Connect button.
  •  Windows 7, 8.1 – Open  Control Panel from the Start menu, click the  Network and Internet, Network and Sharing  Center, and  Set up a new connection or network. From the panel that opens, select the Link to a corporate network entry, click later on the use existing Internet connection  (VPN) entry, enter in the  Internet Address field the hostname of your server, press on the  Next button,  type the username, and password where required, and then press the  Connect button.
  •  For security reasons, macOS – the system preference manager, does not support connectivity through the PPTP protocol. If you wish to do so anyway, you can make use of a third-party program,  such as Shimo: connect to its main internet page to download it, start the setup file, drag the Shimo icon to the Applications folder of your macOS and open the program from the folder above, right-clicking its icon, selecting the  Open from proposed panel entry and clicking again on the  Open button. At this point, click on the new icon that appears in the system panel, select the Preferences item from the proposed menu, then click the  Accounts button located at the top, then on the button  (+) placed at the bottom, set the checkmark in the PPTP/L2TP box, click the Create button,  enter were prompted the hostname, the username, and password of your VPN server and still press on the  Create button. You can connect and sign out of the VPN using the icon in the system panel.
  •  Android – click the Settings icon located in your device’s app list, then on the  More entry in the Wireless and  Networks pane, and finally, on the  VPN option. Now touch the  (+) button at the top right, type a  name for your connection, select the  PPTP item from the Type drop-down menu, and type your VPN hostname in the Server Address field. If necessary, you may be required to set a PIN, password, fingerprint, or unlock sequence to store credentials. You can connect by simply touching the name of your VPN and typing, when requested, your login credentials; you can stop linking to the VPN using the system notification area.
  •  iOS – unfortunately, as already seen for macOS, operating systems for iPhone and iPad no longer support configuring PPTP-protocol VPNs due to the latter’s obsolescence: thus, it is not possible to connect to such a VPN.


Best VPNs 

If you’ve come this far, I’m sure you’ve learned everything about creating a VPN to perfection. Wait, are you telling me that you find the whole thing all too complex and that, alternatively, you thought you’d rely on an “external” VPN service? Then I suggest you try the following ones.



The first service I want to talk to you about is  NordVPN. Thanks to its advanced encryption system, which hides online browsing activities from that outside (be it the Internet provider, a potential attacker, or the nordVPN operators themselves, who record nothing that users have done) and its ease of use, NordVPN is one of the most used VPN services in the world.

It has a wide range of servers located in various corners of the globe and is available on all popular hardware and software platforms. The many servers available, some of which are dedicated to the exchange of files on P2P networks (e.g., BitTorrent)  and navigation on the Tor network (Onion protocol), allow to overcome the regional restrictions of all countries and access the foreign catalogs of streaming services. Some can provide a static IP.

Another point in NordVPN’s favor is its compatibility with all major hardware and software platforms: NordVPN is, in fact, available on computers  (Windows,  macOS, and  Linux),  mobile devices (Android and iPhone/iPad),  Smart TV, Android TV,  NAS,  Raspberry Pi,  routers and more.

As far as prices are concerned, the service offers several plans: the most convenient one allows you to use NordVPN for 2 or 3 years according to the current promo at less than 3 euros/month (billed annually); alternatively, it is possible to use the service for two years at 2.97 euros/month (billed annually),  for one year at 3.93 euros/month (billed annually) or for one month at 9.56 euros. In promotional periods, extras (e.g.,  the WordPress password manager, worth $194.61) can also be included in the price. It should be emphasized that all plans allow the use of NordVPN on a maximum number of 6 devices simultaneously and provide the guarantee satisfied or refunded by 30 days.

Let us take action. To start using NordVPN, linked to the service’s official website, choose the plan to subscribe to and create your account following the on-screen directions (the accepted payment methods are the most diverse: card, PayPal, Apple Pay, Google Pay, Cryptocurrencies, Alipay, etc.).

When you register and log in, you want to use NordVPN on your PC, download the official service client and install it on your PC. On  Windows,  then open the .exe file you got, click the Yes button,  wait for all the files necessary for the program to work from the Internet, and click  Next,  Install and  Finish. On  Mac,  instead, contact the Mac App Store directly.

To install NordVPN on smartphones or tablets, the procedure is even more straightforward: open the store of your device (e.g., Play Store on Android or App Store on iPhone/iPad), search nordvpn within the latter, and tap first on the application icon (in search results) and then on the  Install/Get button. On your iPhone/iPad, you may be required to verify your identity using your Face ID, Touch ID, or Apple ID password.

Now all you have to do is start NordVPN on your favorite device,  log in with your account data, and select the VPN server you want to connect to. You can choose a nationality, a  Speciality server (i.e., one of the servers optimized for  P2P,  navigation via Onion protocol or with dedicated IP navigation),  or you can take advantage of the search function to find a VPN server quickly.

Once you’ve established your connection, you can generally use your favorite programs to browse online, taking advantage of NordVPN’s protection. At the end of the session, disconnect from the VPN, open  NordVPN, and click the  Disconnect button. For more information, read my NordVPN review – I’m sure it will come in handy.


Surfshark, 19

 Surfshark is another VPN service that combines security, ease of use, and flexibility at meager prices. Thanks to its advanced 256-bit encryption and the many servers it offers (scattered in every corner of the world), Surfshark allows you to browse without limits protecting your identity and protecting your privacy to the maximum.

This means that neither attackers nor ISPs, nor surfshark’s managers, will be able to control your online activities. You can also effectively protect yourself against hacking public Wi-Fi networks, phishing activities (with the CleanWeb feature, which allows you to protect yourself from malware, phishing, and other harmful/annoying content on the Internet), and you can both bypass censorship and regional restrictions, for example by accessing the foreign catalogs of streaming services. You can even create a list of programs and sites that don’t have to use VPN  (Whitelister function) and set up a  Kill Switch to automatically turn off your Internet connection if you sign out of the VPN.

Surfshark is very easy to use and is available on the vast majority of devices and operating systems: Windows PCs, Macs, and Linux computers (there is also an extension of Surfshark for Chrome and Firefox), Android devices, iPhone/iPad), and  Fire TV Stick (via surfshark’s official app). In addition, thanks to its smart DNS, Surfshark is also available on those devices that would not usually allow the use of a VPN, such as Smart TV,  Apple TV,  PlayStation, and  Xbox.

The prices are meager: the most convenient plan is the 36-month plan that costs 1.69 euros/month (with billing every 36 months); in the alternative, there is the  12-month plan that costs 3.49 euros/month (with annual billing) and the 1-month plan that costs 9.89 euros.

To start using Surfshark on your PC, all you have to do is visit the service’s official website and click on the Buy Now button. Then choose the plan of your choice and provide a valid payment method between credit card,  PayPal,  Google Pay,  Amazon Pay,  Cryptocurrency, etc., then completing the transaction through on-screen indications.

Once you’ve activated the service, all you have to do is install the Surfshark client for Windows or macOS and Surfshark apps for Android or iOS/iPadOS and press the button to start the free trial or enter login data to sign in with your account.

That’s it! To protect your connection, all you have to do is start Surfshark on the device you’re interested in and press the Connect button to connect to the fastest and nearest VPN server. Alternatively, go to the  Locations section and choose one of the many available servers (based on geographic location or features, e.g.,  static IP).

Within seconds, your connection will be secure, and you can browse safely and anonymously online. More info here.