Virtual private networks (VPNs) use data encryption and tunnelling to help keep you safe online.
Having your own VPN can be invaluable if you regularly use unsecured public networks such as Wi-Fi hotspots, as you can use the unsecured network to create a secure connection to your VPN. VPNs can also be handy for connecting to your home computer from anywhere in the world, providing you with remote access to all of your computer’s files and folders.
While you could sign up for a ready-made VPN service, trusting a third party with your online safety can be daunting, plus VPN providers typically operate on a subscription model, which means VPNs are often an ongoing expense.
So, why not setup your own VPN server?
In this article, I’m going to show how to turn a second hand Mac into a VPN server that you can access from anywhere in the world.
What you’ll need
In order to create your VPN server, you’ll need the following:
- A second Mac. For the best results, the Mac that you’re using as your server should be permanently connected to the network via an ethernet cable.
- A router. Connecting to your VPN requires a router that supports port forwarding and DDNS services. An Apple AirPort router tends to work best, as your Mac will be able to complete much of the AirPort setup automatically.
- macOS Server (£19.99). Download the macOS Server app to the Mac that you want to use as your server. Once you’ve installed macOS Server, launch the app and let it guide you through the initial configuration.
Setup Port Forwarding
The first step, is configuring your router to allow incoming connections on certain ports.
If you’re using an Apple AirPort router, then this process is largely automated:
- Launch the macOS Server app.
- Select your AirPort base station from the left-hand menu.
- Select ‘Enter password…’ and enter your AirPort’s configuration password.
- macOS Server will now automatically configure your AirPort to forward any external VPN traffic to your VPN server.
If you’re using anything other than an AirPort, then you’ll need to setup port forwarding manually. Every router is different, so although I’m outlining the steps you’ll typically take, this process will vary between routers. If in doubt, consult the documentation for your specific router.
- Find your router’s IP address by selecting the ‘Apple’ logo from your Mac’s menu bar, and navigating to ‘System preferences > Network.’
- Give the ‘Advanced’ button a click.
- Select the ‘TCP/IP’ tab; you’ll find your router’s address next to ‘Router.’
- Enter this address into your web browser’s address bar. This will take you to the router’s settings.
- Find your router’s port forwarding settings. If there isn’t an obvious ‘Port Forwarding’ section, then look for a Firewall, NAT or Virtual Server section, as these might contain the port forwarding settings.
- These settings should include a place where you can create additional ports, typically labelled as Port From, Protocol, IP Address, or Port to.
macOS Server requires four open ports, so create the following:
- Save your settings.
Replace your IP with a static host name
Next, you’ll need to generate a host name so that you can access your server remotely. While you could use your IP address, this address changes over time, so for the best results you should create a host name, which never changes.
You can use any name you want, but to make your life easier you should choose something that’s easy to remember!
- Sign up for a DDNS host. There are plenty of DNS providers, but some of the most popular include No-IP, FreeDNS, Dynu, Dyn, and Zonomi. Once you’ve created an account, follow the provider’s instructions to generate your host name.
- Configure your router to use this host name. Again, instructions vary between routers, so consult your router’s documentation for more information.
Enable the VPN
Now you’re ready to setup your VPN:
- In macOS Server, select ‘VPN’ from the left-hand menu.
- In the ‘VPN Host Name’ field, enter the host name that you created in the previous step.
- Enter a ‘Shared Secret,’ which is how VPN clients and servers will confirm one another’s identities. For security purposes, this should be as long and complex as possible, especially since we’re going to use a Configuration Profile, which means you won’t have to manually enter the Shared Secret into any of your client devices.
- In the upper-right corner, push the slider into the ‘On’ position.
- Click the ‘Configuration Profile: Save Profile’ button. This creates a file containing all the information a device needs to connect to this VPN, including the Shared Secret. Give this file a unique name, and then send or copy it to each client device.
Using your Virtual Private Network
It’s time to put your VPN to the test, by connecting to it from another Mac:
- On the client Mac, install the Configuration Profile by double-clicking it, and then selecting ‘Continue.’
- Create a user ID, and then click ‘Install.’
- Enter an admin password and then click ‘OK.’
- Open your Mac’s ‘System preferences’ and select ‘Network.’ You should see that a new VPN network interface has been added to the left-hand menu; select it.
- Select the ‘Show VPN status in menu bar’ checkbox.
- Select the new VPN icon in your Mac’s menu bar, and enter your login details when prompted. You’re now connected to your VPN!
Before you go
After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.
CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.