Lets be honest, Algo, which we covered in the last chapter of the Privacy Cookbook, is probably the best and easiest solution to get your own VPN installed, up and running. However that doesn't mean there aren't other solutions that are only a click or a few lines of script away!
Some are provided directly by cloud servers and another by Andrei Andreev at Medium.
This gives you a 5-10 client setup and takes less than 5 minutes to install and this setup even comes with an Unbound DNS solution.
Right now, we are going back to the DNS chapter to explain how to do this at home or on a server but in today's writeup we just have the solution in a simple one-two so lets do it on WireGuard!
As usual you need a cloud server, we have already done this with hetzner and digitalocean and in both cases it runs as smooth as silk.
ssh root@xxx.xxx.x.xxwget https://raw.githubusercontent.com/drew2a/wireguard/master/wg-ububtu-server-up.shchmod +x ./wg-ububtu-server-up.sh./wg-ububtu-server-up.sh 10
Once the commands are sent, the WireGuard server will take over and do the rest.
The end of the successfully launched script will look like this:
interface: wg0public key: +xxxEjj1qmxxxotq4OxxxfHPaxxxtre5xxxxOfxxw=private key: (hidden)listening port: 51820
peer: d1exxxLdCZcYxxxIQ0xxxxK/Wpx8G1N8xxvnUrxxxx=allowed ips: 10.0.0.2/32
peer: fWExxxazRxxxUOxxxx4JKgUTxxo9LaxxxxOGWtxxK0w=allowed ips: 10.0.0.3/32
peer: RbmxxxDxOoXMxxxcyate6xxxinIClxxDgRDxxxx0j0=allowed ips: 10.0.0.4/32
This will create 10 separate client configs [client1.conf…client10.conf] that are located in the droplet folder [$HOME/wireguard/], you can can use one config for each device.
Also the easiest way is to SFTP to the server and download the clients.
Another super easy solution is offered by cloud provider linode which has a WireGuard replay with just one click!
https://www.linode.com/docs/platform/one-click/deploy-wireguard-with-one-click-apps/
Another great solution is called streisand
This is another super interesting solution, as it can create a few incredible options!
- OpenSSH
- Tinyproxy may be used as an HTTP proxy.
- OpenConnect / Cisco AnyConnect
- This protocol is widely used by multi-national corporations and might not be blocked.
- OpenVPN
- Stunnel add-on available.
- Shadowsocks,
- The V2ray-plugin is installed to provide robust traffic evasion on hostile networks (especially those implementing quality of service (QOS) throttling).
- A private Tor bridge relay
- Obfsproxy with obfs4 available as an add-on.
- WireGuard, a modern high-performance protocol.
https://github.com/StreisandEffect/streisand
So! How to?
Start by opening a terminal window on your device, check for existing ssh keys at:
~/.ssh/id_rsa.pub
If none there, create one using ssh-keygen:
ssh-keygen -t rsa -b 4096
Now connect to the server:
ssh root@your_server_ip
Next install python:
sudo apt-get install git python-pip
Clone the Streisand repository from GitHub
git clone https://github.com/StreisandEffect/streisand.git && cd streisandRun the installer for Ansible and dependencies. This will identify any missing packages and provide the commands required to retrieve them. (Ignore warnings from Python 2.7 re: depreciation and from python-novaclient re: 5.1.3 incompatibility)
./util/venv-dependencies.sh ./venvActivate the Ansible packages:
source ./venv/bin/activate
Run the Streisand script.
./streisand
Following the prompted instructs, select your provider, the location for the server and name.
You will also be required to enter API information.
Once login information and API keys are entered, Streisand will begin setting up a new remote server.
Once setup to complete, look for the corresponding files in the generated-docs folder in the Streisand repository directory.
The HTML file will explain connecting to the Gateway over SSL or via the Tor hidden service.
All instructions, files, mirrored clients and keys can be found on the Gateway.
You are good to go! Have fun, stay safe (secure!).