Build your own private VPN and ad blocker

Running a personal VPN used to mean spending a weekend fighting with OpenVPN configuration files. You don't have to do that anymore. You can build a private network, route your traffic through a cloud server, and block trackers at the DNS level in about fifteen minutes.

You need a cheap cloud server and a few free accounts to make this work. We are using Vultr for the server, Tailscale for the VPN tunnel, and ControlD for the ad blocking.

The accounts

Create these three accounts before doing anything else.

1. Vultr: This is where your server lives. Add a payment method. We are going to use the cheapest plan they have.

2. Tailscale: This creates the private network between your devices. The free tier handles exactly what we need.

3. ControlD: This is the DNS resolver that will block ads.

Setting up the server

Log into Vultr and click Deploy New Server.

Select Cloud Compute. For the location, pick the city you wish to use. For the fastes connection select a city closest to you. For the operating system, choose Ubuntu 24.04 LTS.

Pick the cheapest plan available. You really don't need much if it's just a few systems. It usually costs around five or six dollars a month. Ignore all the extra features and add-ons, they are not necessary. Make sure to give your server a name at the bottom, it will be the name used in Tailscale and then click Deploy Now. It takes a couple of minutes to boot up depending on the location.

Connecting to the server

You need an SSH client to access your server. Termius is a good option if you want a clean interface. Download and install it on your computer.

Go to your Vultr dashboard. Click on your new server. You will see an IP address, a username (usually "root"), and a password.

Open Termius. Click New Host. Paste that IP address, username, and password into the form. Double click the host to connect and accept the security prompt. You are in!

Installing Tailscale

Next we install Tailscale and configure the server as an exit node. An exit node is the physical point where your internet traffic actually hits the public web.

In Termius, paste this command and hit enter:

curl -fsSL https://tailscale.com/install.sh | sh

Linux servers ignore network traffic that is not explicitly meant for them. So, you have to tell Ubuntu to forward the traffic along. Paste these lines one by one and hit enter after each:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf

echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf

sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Tell Tailscale to start and advertise itself as an exit node:

sudo tailscale set --advertise-exit-node

sudo tailscale up

The terminal will print a web address. Copy that link, open it in your browser, and log in to attach the server to your Tailscale network.

Approving the exit node

Now that you have your Ubuntu instance configured you need to allow it to be an exit node. Open the Tailscale admin dashboard in your browser and click the Machines tab.

You should see your Vultr server, with the name you used at the beginning. Click the three dots next to it, select Edit route settings, and toggle "Use as exit node" to the on position.

Setting up ControlD (Optional)

ControlD handles your DNS requests. Instead of letting your internet provider translate website names into IP addresses, ControlD does it and drops the requests associated with known ad networks. This step is optional however it is the ultimate privacy trick.

Tailscale supports Controld out of the box. First, log into ControlD and create a new Profile. Turn on the filters you want, like blocking ads and trackers. Go to your endpoints, add a new device (like a "Router"), and copy the Resolver ID they give you.

Go back to the Tailscale admin dashboard. Click the DNS tab. Scroll down to Global Nameservers, click Add nameserver, and select Control D from the dropdown. Paste your Resolver ID into the box and hit save. Finally, click the toggle to "Override local DNS". Every device running Tailscale will now use your ControlD profile automatically!

Connecting your devices

Download the Tailscale app on your phone, laptop, or tablet. Log in.

Open the app settings and look for the Exit Node option. Select your Vultr server. Your device will now route its traffic securely through Vultr and block ads via ControlD, no matter what Wi-Fi or cellular network you join.

Build your own private VPN and ad blocker

You need a cheap cloud server and a few free accounts to make this work. We are using Vultr for the server, Tailscale for the VPN tunnel, and ControlD for the ad blocking.

The accounts

Create these three accounts before doing anything else.

1. Vultr: This is where your server lives. Add a payment method. We are going to use the cheapest plan they have.

2. Tailscale: This creates the private network between your devices. The free tier handles exactly what we need.

3. ControlD: This is the DNS resolver that will block ads.

Setting up the server

Log into Vultr and click Deploy New Server.

Select Cloud Compute. For the location, pick the city you wish to use. For the fastes connection select a city closest to you. For the operating system, choose Ubuntu 24.04 LTS.

Connecting to the server

You need an SSH client to access your server. Termius is a good option if you want a clean interface. Download and install it on your computer.

Go to your Vultr dashboard. Click on your new server. You will see an IP address, a username (usually "root"), and a password.

Open Termius. Click New Host. Paste that IP address, username, and password into the form. Double click the host to connect and accept the security prompt. You are in!

Installing Tailscale

Next we install Tailscale and configure the server as an exit node. An exit node is the physical point where your internet traffic actually hits the public web.

In Termius, paste this command and hit enter:

curl -fsSL https://tailscale.com/install.sh | sh

Linux servers ignore network traffic that is not explicitly meant for them. So, you have to tell Ubuntu to forward the traffic along. Paste these lines one by one and hit enter after each:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf

echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf

sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Tell Tailscale to start and advertise itself as an exit node:

sudo tailscale set --advertise-exit-node

sudo tailscale up

The terminal will print a web address. Copy that link, open it in your browser, and log in to attach the server to your Tailscale network.

Approving the exit node

Now that you have your Ubuntu instance configured you need to allow it to be an exit node. Open the Tailscale admin dashboard in your browser and click the Machines tab.

You should see your Vultr server, with the name you used at the beginning. Click the three dots next to it, select Edit route settings, and toggle "Use as exit node" to the on position.

Setting up ControlD (Optional)

Connecting your devices

Download the Tailscale app on your phone, laptop, or tablet. Log in.

Build your own private VPN and ad blocker

You need a cheap cloud server and a few free accounts to make this work. We are using Vultr for the server, Tailscale for the VPN tunnel, and ControlD for the ad blocking.

The accounts

Create these three accounts before doing anything else.

1. Vultr: This is where your server lives. Add a payment method. We are going to use the cheapest plan they have.

2. Tailscale: This creates the private network between your devices. The free tier handles exactly what we need.

3. ControlD: This is the DNS resolver that will block ads.

Setting up the server

Log into Vultr and click Deploy New Server.

Select Cloud Compute. For the location, pick the city you wish to use. For the fastes connection select a city closest to you. For the operating system, choose Ubuntu 24.04 LTS.

Connecting to the server

You need an SSH client to access your server. Termius is a good option if you want a clean interface. Download and install it on your computer.

Go to your Vultr dashboard. Click on your new server. You will see an IP address, a username (usually "root"), and a password.

Open Termius. Click New Host. Paste that IP address, username, and password into the form. Double click the host to connect and accept the security prompt. You are in!

Installing Tailscale

Next we install Tailscale and configure the server as an exit node. An exit node is the physical point where your internet traffic actually hits the public web.

In Termius, paste this command and hit enter:

curl -fsSL https://tailscale.com/install.sh | sh

Linux servers ignore network traffic that is not explicitly meant for them. So, you have to tell Ubuntu to forward the traffic along. Paste these lines one by one and hit enter after each:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf

echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf

sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Tell Tailscale to start and advertise itself as an exit node:

sudo tailscale set --advertise-exit-node

sudo tailscale up

The terminal will print a web address. Copy that link, open it in your browser, and log in to attach the server to your Tailscale network.

Approving the exit node

Now that you have your Ubuntu instance configured you need to allow it to be an exit node. Open the Tailscale admin dashboard in your browser and click the Machines tab.

You should see your Vultr server, with the name you used at the beginning. Click the three dots next to it, select Edit route settings, and toggle "Use as exit node" to the on position.

Setting up ControlD (Optional)

Connecting your devices

Download the Tailscale app on your phone, laptop, or tablet. Log in.

Custom VPN using Vultr and Tailscale with ControlD

Build your own private VPN and ad blocker

The accounts

Setting up the server

Connecting to the server

Installing Tailscale

Approving the exit node

Setting up ControlD (Optional)

Connecting your devices

Custom VPN using Vultr and Tailscale with ControlD

Build your own private VPN and ad blocker

The accounts

Setting up the server

Connecting to the server

Installing Tailscale

Approving the exit node

Setting up ControlD (Optional)

Connecting your devices

Custom VPN using Vultr and Tailscale with ControlD

Build your own private VPN and ad blocker

The accounts

Setting up the server

Connecting to the server

Installing Tailscale

Approving the exit node

Setting up ControlD (Optional)

Connecting your devices