This tutorial should help You to
a) protect your internet communication by encryption
b) use different IP so you hide your real IP

You will need
a) Linux server (starts at less than $2/month) and you can use it for many other tasks like website hosting server
b) to install OpenVPN software on that server and on your own home computer and/or on the Android device

ALTERNATIVES: You may also skip this whole tutorial and try
A) but it is much more complicated, complex system.
B) free VPN like from (TunSafe is alternative client to OpenVPN and is claimed to be much faster, though do not have GUI Linux client)
C) one can also setup own alternative VPN server like WireGuard - it does NOT work on OpenVZ VPS (use KVM or XEN). Here i found tutorials for Wireguard server + Windows client:
Following commands may come handy opening port on WG server:
iptables -t nat -A PREROUTING -p tcp -d $inst --dport $port -j DNAT --to $ip:$port
iptables -t nat -A PREROUTING -p udp -d $inst --dport $port -j DNAT --to $ip:$port
where $inst is that VPN server instance's public IP (the one the internet sees you as having), and $ip is your internal 10.x.x.x IP, and $port is the port to forward.

Server side setup

Login to Your Linux server that you want to act as a VPN server / proxy server. If you do not have one, try Linux VPS 256MB RAM from there: (when selecting a VPS, consider its data transfer/bandwidth limits usually mentioned by the VPS seller and your current computer internet data transfer so the VPS fits) After order you will receive login details which will allow you to access your linux server command line. Following are Linux commands to run.

cat /dev/net/tun
(checking that tun/tap is available)

A) It is OK if it says "cat: /dev/net/tun: File descriptor in bad state"

B) It is bad, tun device is not available currently, it says "cat: /dev/net/tun: Operation not permitted". In case of a dedicated server, do command "modprobe tun" and then add tun into /etc/modules.conf or on RHEL into /etc/sysconfig/modules/my.modules add line "/sbin/modprobe tun". If you are on a VPS (not dedicated server), then ask your VPS provider to enable tun/tap. On OpenVZ provider will issue command: "vzctl set CTID --devnodes net/tun:rw --capability net_admin:on --save"

Then download installation bash script for the Linux Debian, Ubuntu, CentOS (no centos 5.x). The webpage of this script is:
NOTE!! if you are on older OS (CentOS6, Debian 8), original installer above may fail. Use following command instead:

wget && bash
Maybe worth using 443 port as it will be rarely restricted.

If the installation ends inerror: "Job for [email protected]e failed because the control process exited with error code."
Try command: sed -i 's/LimitNPROC/#LimitNPROC/g' /lib/systemd/system/[email protected];systemctl daemon-reload;systemctl restart [email protected]e
The VPN server then should appear as active (running) which is correct.

Disable OpenVPN server logging (after openvpn server is installed):
sed -i '/openvpn-status.log/d' /etc/openvpn/server.conf;sed -i '/verb /d' /etc/openvpn/server.conf;echo -e "log /dev/null\nstatus /dev/null\nverb 0" >> /etc/openvpn/server.conf
service openvpn restart || systemctl restart [email protected];systemctl restart [email protected]e
chkconfig openvpn on || sudo update-rc.d service enable

See the error "Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/server.service.conf"?
Maybe you wrongly defined service. Not ""[email protected]", but "[email protected]"

Installation should have printed out the path to the openvpn configuration file ~/client.ovpn (/root/client.ovpn)
Download this file to your device from which you want to be connecting to the OpenVPN server

Client side setup

Windows client

Place your .ovpn configuration file into the proper directory, C:\Program Files\OpenVPN\config, and click Connect in the GUI.

Linux client

openvpn --config ~/path/to/client.ovpn

Android client

I installed this software. And then downloaded my .ovpn file to the phone. Then open that file in phone and select VPN client you just installed to open it. It will import the file.

After connection is established, the OS connections should be routed thru the OpenVPN. If not, or internet fails, verify your proxy settings in InternetExplorer or in the app that fails to connect internet.

If apps still can't connect internet, try to switch to the server and discover your network interface name (usually eth0 or venet0):
route|grep default|awk '{print $8}'

Then execute command on the server:
iptables -t nat -A POSTROUTING -s -o venet0 -j MASQUERADE
(i used venet0 as im on the OpenVZ VPS, to discover yours interface name, run command mentioned few lines above)

How to prevent your OS leaking real IP when OpenVPN is down?

When OpenVPN app crash or not started, computer can connect internet directly revealing your true identity and transfer data unencrypted. To prevent this, you need to configure your computer Firewall. Click here for windows and or here for Linux.

How to setup torrent client to work with OpenVPN?