Skip to main content
Building a DIY VPN in 2 minutes

Building a DIY VPN in 2 minutes

August 30, 2025
6 min read
Adam Pantanowitz
#technical #agency

I was recently in India to give the closing keynote talk for the first day of the India Summit. On the way home via Ethiopia, I found out that Anthropic does not operate in Ethiopia. Since I’m a subscriber, this simply wouldn’t do - I couldn’t waste an hour or two not having access to the tools that not only do I subscribe to, but that I needed.

I also realised I was on a public WiFi network, and I would be needing to do a couple of things that required some level of privacy. The public WiFi felt exposed, vulnerable. Commercial VPNs are either expensive monthly subscriptions that track your activity, or free services that sell your data. I needed something different: a VPN I could trust because I built it myself.

First, we should be able to freely enjoy using coffee shop WiFi without concerns for privacy, and we should be able to do whatever we need to: banking, logging in to systems, and so on. Second, region restrictions shouldn't prevent us from access key tools, especially those to which we subscribe. Third, sometimes we need to, for various reasons, appear to be somewhere we are physically not.

What if you could spin up your own private VPN server in any country in under 2 minutes, for less than the cost of that coffee you're drinking?

That's exactly what I built.

The Problem with Modern Privacy Solutions

We live in an era where privacy has become a luxury subscription service. Most VPN providers charge $10-15 per month, route your traffic through servers you can't verify, and often log more data than they admit. The "free" ones are worse - if you're not paying for the product, you are the product. You also don't always need a VPN. It's something you want to be transient.

Meanwhile, we're increasingly working from coffee shops, airports, and co-working spaces. Every public network is a potential surveillance point. Every untrusted network puts our digital lives at risk.

The fundamental issue isn't technical - it's philosophical. We've outsourced our digital sovereignty to companies whose incentives don't align with our privacy needs.

A Different Approach: Your Own Disposable VPN

What if instead of subscribing to someone else's infrastructure, you could create your own on-demand? What if you could spin up a server in any country, route your traffic through it, and tear it down when you're done - all for pennies?

This isn't theoretical. I built it while sitting in transit in Ethiopia.

The solution combines two powerful technologies: AWS spot instances (spare computing capacity sold at massive discounts) and sshuttle (a transparent proxy that routes your traffic through SSH tunnels).

Here's how it works:


# Launch a VPN server in Europe

vpn-tunnel start --region EU

  

# Or be specific about the location

vpn-tunnel start --region us-west-2

  

# Check status

vpn-tunnel status

  

# When you're done, tear it down

vpn-tunnel stop

That's it. In under 2 minutes, you have your own VPN server running in any AWS region worldwide.

The Technical Journey

The core insight was recognising that a VPN is just encrypted traffic routing - something SSH has done brilliantly for decades. SSH tunnels are battle-tested, widely understood, and incredibly secure. sshuttle is a brilliant piece of software which enables this quickly and I've used it for years.

The challenge was making it effortless from the console:

Infrastructure Management: AWS spot instances cost 60-90% less than on-demand pricing. A typical t3.nano spot instance costs about $0.005 per hour. For a 30-minute browsing session, that's roughly one cent.

Automation: The script handles everything - finding the latest Ubuntu AMI, creating security groups, generating SSH keys, launching instances, waiting for them to become available, and establishing the tunnel.

Safety: Multiple failsafe mechanisms prevent runaway costs. The instance auto-terminates after 30 minutes of idle time, has a hard maximum lifetime limit, and all resources are tagged for easy cleanup.

Geographic Flexibility: Simple region aliases (EU, US, ASIA) map to optimal AWS regions, but you can specify exact locations when needed.

The entire solution is about 700 lines of bash script. No complex dependencies, no background services, no persistent infrastructure.

Digital Sovereignty in Practice

This tool represents something larger than just another VPN solution. It's about reclaiming agency over our digital infrastructure.

When you run vpn-tunnel start --region EU, you're not connecting to someone else's server - you're creating your own. You control the operating system, the network routing, the encryption keys. When you're done, everything disappears, leaving no persistent attack surface.

The economics are transformative too. Instead of $120/year for a VPN subscription, you pay only for what you use. A typical coffee shop session costs about a penny. A full day of heavy usage might cost five cents.

Since it's built on the shoulders of a giant (sshuttle), I'm open sourcing this.

The Broader Implications

Privacy shouldn't require a subscription. Security shouldn't mean trusting opaque third parties. Geographic restrictions shouldn't be permanent barriers.

This tool makes several philosophical statements:

  • Infrastructure should be ephemeral: Persistent servers are persistent targets. Disposable infrastructure has no accumulated attack surface.

  • Privacy tools should be transparent: You can read every line of code, understand exactly what it does.

  • Digital sovereignty should be accessible: Complex problems can have simple solutions.

Usage Patterns

I've been using this for several months now. Some patterns emerged:

Coffee Shop Privacy: Quick sessions for secure browsing on untrusted networks. The auto-termination feature means I never forget to clean up resources.

Geographic Flexibility: Accessing region-locked content by spinning up servers in appropriate locations. Much faster than commercial VPNs because you're not sharing bandwidth.

Development Work: Testing applications from different geographic locations. Having your own server in each region provides consistent, controllable network conditions.

Travel Security: Hotel WiFi becomes much less concerning when all your traffic routes through your own infrastructure.

The Code

The entire solution is open source on GitHub. The core philosophy is transparency - you should be able to understand and verify every aspect of your privacy tools.

Key features:

  • One-command VPN deployment

  • Auto-cleanup prevents resource leaks

  • Regional flexibility with simple aliases

  • Cost monitoring and idle detection

  • Comprehensive error handling

The installation is straightforward:


git clone https://github.com/apophenist/vpn-tunnel

cd vpn-tunnel

./install.sh

Looking Forward

Privacy is not about having something to hide - it's about preserving the right to be human in digital spaces. It's about maintaining agency over our digital persistence, too.

Commercial VPN services emerged because setting up your own infrastructure was complex. But cloud computing has evolved. What once required deep networking knowledge can now be automated into a single command.

This tool won't replace commercial VPNs for everyone. But it provides an alternative for those who want control, transparency, and the satisfaction of digital self-reliance.

In a world where our digital lives are increasingly monitored, tracked, and commoditised, building your own infrastructure isn't just possible - it's a form of exercising fun agency. Got to love command-line tools.

Your privacy shouldn't be someone else's business model.


The vpn-tunnel tool is available on GitHub under the MIT license. Contributions, improvements, and feedback are welcome.

👨‍💼

About Adam Pantanowitz

Dr Adam Pantanowitz is a leading innovation expert, AI pioneer, and keynote speaker. He specializes in technology leadership, human-AI collaboration, and breakthrough innovation strategies.