How to Create a Free VPN in 5 Minutes

Free VPN

The following was written by Malcolm Kapuza, CTO.

Visiting in Nairobi so far has been an incredible experience. AlliedCrowds works with lot organizations in Sub-Saharan Africa and to be able to experience different issues and pain points on the ground has allowed us to rework how the Capital Finder is structured (and we have some very big changes coming soon!).

Now, more to the point, we have a lot of subscribers in the expat community living in various developing countries across the world. I am sure that many of them have been forced to deal with a problem that I have had to deal with while in Nairobi: firewalls and IP address blocking.

There are a lot of cases where US and European websites will restrict access based on the IP address you are using. Yeah, this is a real problem.

Anytime you have ever been forced to pay for a VPN  from some sketchy company peddling proxy server access, you have faced this problem.

Now, I wouldn’t be writing this blog if it were about tricking Netflix into letting you watch House of Cards. I had a much bigger issue: accessing the Massachusetts Department of Revenue’s website. Yeah, the tax man. Normally, you can pay your taxes online, except that for fraud prevention purposes, Mass DOR blocks foreign IPs.

Saying I can’t pay my taxes because I am staying in Nairobi is akin to “the dog ate my homework” and probably not going to fly.

The solution

Introducing Amazon Web Services!

It is rare that I get to apply my tech knowledge outside of building tools and applications for the AlliedCrowds team and our clients. So I am especially excited to be able to give everyone a neat hack to solve a real problem in their everyday life by creating a free VPN.

What you will need

Well you don’t actually need anything. AWS provides everything for you. I have a Mac so my instructions will be based on the Mac Terminal, but there are equivalent commands for Linux and Windows.

Let’s get started!

The first step is to sign into the AWS console at, your regular amazon login will work just fine.

Oh by the way, your first year of using Amazon micro instances is free and we will take full advantage of this. But otherwise the servers typically cost $0.013 per hour. So this is not going to break the bank.

Once you log in, make sure that you are in an availability zone that matches the countries that you are trying to access. You will see a drop down in the upper right hand corner.

Although AWS does not have web servers in every country, they have the EU (which have common internet access laws), the US and Canada covered, as well as a bit of Asia and South America.

You can check the availability zone that you are in and select the one you would like in the upper right hand corner. I am going to choose Northern Virginia in the United States. What this is doing is telling Amazon to launch your new server in Northern Virginia.

AWS Availability Zones

Next, in the top left corner click on Services > EC2.

Next, on the left hand side, click “Instances” then click the blue “Launch Instance” button.

Launch Instance

What this is doing is going to build you your very own a Proxy Sever or VPN in Northern Virginia.

Launching your server

First, we have to configure it.

Select “Amazon Linux AMI 2017.03.1 (HVM), SSD Volume Type”. This is the first option available.

Amazon Linux

Next, choose the “free tier eligible option” or otherwise the smallest server instance.
Free Tier Instance

Next, hit “Review and Launch”

Review and Launch Instance

Next, click the “Launch” button in the bottom right hand corner.

Launch Instance

Note: we did not have to configure much because this is a very simple server.

Finally select “Create a new key pair” and name it “VPN”.

Create a New Key Pair

Then, click “Download Key Pair” and “Launch Instance.”

This will redirect you to your instances dashboard and will download a file called “VPN.pem”

Okay, this is where things seem to get a bit tricky, because we will be using the Mac terminal, but don’t be intimidated.

If you have a mac, you can copy the commands directly, otherwise, use the equivalent commands on your own computer. I’ll walk you through the whole thing.

The first thing to do is change the permissions on the newly generated pem file. Simply type chmod 400 into the terminal and then drag and drop your pem file onto the black terminal screen. For me, I got:

chmod 400 ~/Downloads/VPN.pem

but it may be different for you. Hit “enter”.

All this is doing is protecting the pem file so that only the owner can edit it.

Now back in the AWS console, we are going to generate a new elastic IP address. This is what connects your new server to the internet.

On the left-hand side of your EC2 dashboard, click on “Elastic IPs”, next click Allocate new address > Allocate > Close

Now your new address should be displayed.

Click the “Actions” dropdown and then click “Associate Address”. Select your instance and click “Associate”

Associate Elastic IP

Associate Elastic IP

Great, now your instance is hooked up to the internet! Make sure to save your public IP address, it should look something like.

Note: the private IP address should be ignored.


Okay, finally we’re going to connect to the new server.

Go to the terminal and type (or copy) the below. Replacing “my-ip-address” with your IP address. and “/path/to/pem/file” with the result from when you dragged your pem file onto the terminal screen:

ssh -i /path/to/pem/file -D 1337 -CN ec2-user@my-ip-address

This command routes your network traffic through the new server.

You may get the funny warning message below, but it will be safe to type “yes” and hit “enter” on your keyboard:

The authenticity of host ' (' can't be established.

ECDSA key fingerprint is SHA256:LRU3IZUz808HKL8JsdtjvwNttiDfAXiEQZYow/d4FOg.

Are you sure you want to continue connecting (yes/no)? yes

Once you get the message:

Warning: Permanently added '' (ECDSA) to the list of known hosts.

You are in the clear.

Now, there is only one more thing to do, and that is to route your browser traffic through your new server.

Go to Settings > Network > Advanced > Proxies

Tick SOCKS Proxy

Proxy Server Configuration

For the text box that says “SOCKS Proxy Server”. Type the word “localhost” before the colon and “1337” after the colon

Hit “Okay” and then “Apply”

Now restart your favorite browser and visit the site you would like access to!

Any website you visit will now think that you are in the US.

The only thing left to do is, once you are done using your new VPN, is to shut it down. Go to your EC2 console, select your instance, select Action > Instance State > Stop

And go back to Settings > Network > Advanced > Proxies

And untick SOCKS Proxy.

Then, finally, quit out of the terminal application.


It may seem like a somewhat complicated process, but if you follow the steps closely, you will see that it’s quite easy and it will allow you to be able to access the sites you need to visit. Enjoy!

If you have any questions, leave them in the comments below or email me directly at malcolm [at]

Oh and BTW, if you’re interested in the technology or research that we produce here at AlliedCrowds, we’re hiring!

Please make sure you’re following the terms and conditions of the sites you’re accessing when you’re using a VPN! 

Image: Flickr Creative Commons