no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | en:vpn [2023/09/26 08:03] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ~~NOSIDEBAR~~ | ||
+ | ====== Ocserv Installation ====== | ||
+ | Install ocserv: | ||
+ | |||
+ | apt install ocserv gnutls-bin -y | ||
+ | |||
+ | Run a performance benchmark for gnuTLS and find the best one: | ||
+ | |||
+ | gnutls-cli --benchmark-tls-ciphers | ||
+ | |||
+ | Generate Diffie-Hellman parameters: | ||
+ | |||
+ | certtool --generate-dh-params --outfile / | ||
+ | |||
+ | Find the line: | ||
+ | |||
+ | rekey-method = ssl | ||
+ | |||
+ | Replace it with the following: | ||
+ | |||
+ | rekey-method = new-tunnel | ||
+ | |||
+ | Uncomment the following line: | ||
+ | |||
+ | dh-params = / | ||
+ | |||
+ | Find this line: | ||
+ | |||
+ | tls-priorities = " | ||
+ | |||
+ | Change it to something like this: | ||
+ | |||
+ | tls-priorities = " | ||
+ | |||
+ | Circumventing Path MTU Discovery issues with MSS Clamping: | ||
+ | |||
+ | iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS | ||
+ | |||
+ | ==== PAM Issue ==== | ||
+ | |||
+ | Sometimes after the first user connects and disconnects, | ||
+ | |||
+ | apt remove libpam-cap -y | ||
+ | |||
+ | ====== Algo Installation ====== | ||
+ | |||
+ | Download and install dependencies: | ||
+ | |||
+ | apt -y install unzip python3-virtualenv | ||
+ | wget -c https:// | ||
+ | cd /opt/ | ||
+ | unzip algo.zip | ||
+ | cd algo-master/ | ||
+ | python3 -m virtualenv --python=" | ||
+ | source .env/ | ||
+ | python3 -m pip install -U pip virtualenv && | ||
+ | python3 -m pip install -r requirements.txt | ||
+ | |||
+ | Open configuration file: | ||
+ | |||
+ | nano config.cfg | ||
+ | |||
+ | Specify the users you wish to create in the users list: | ||
+ | |||
+ | users: | ||
+ | - masoud | ||
+ | |||
+ | ===== Run the Ansible Setup Wizard ===== | ||
+ | |||
+ | Start the deployment: | ||
+ | |||
+ | ./algo | ||
+ | |||
+ | Choose below options: | ||
+ | |||
+ | What provider would you like to use? | ||
+ | 1. DigitalOcean | ||
+ | 2. Amazon Lightsail | ||
+ | 3. Amazon EC2 | ||
+ | 4. Microsoft Azure | ||
+ | 5. Google Compute Engine | ||
+ | 6. Hetzner Cloud | ||
+ | 7. Vultr | ||
+ | 8. Scaleway | ||
+ | 9. OpenStack (DreamCompute optimised) | ||
+ | 10. CloudStack (Exoscale optimised) | ||
+ | 11. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users) | ||
+ | 11 | ||
+ | |||
+ | Do you want macOS/iOS IPsec clients to enable " | ||
+ | N | ||
+ | |||
+ | |||
+ | Do you want macOS/iOS IPsec clients to enable " | ||
+ | N | ||
+ | |||
+ | Do you want to retain the keys (PKI)? (required to add users in the future, but less secure) | ||
+ | [y/N] | ||
+ | Y | ||
+ | |||
+ | Do you want to enable DNS ad blocking on this VPN server? [y/N] | ||
+ | N | ||
+ | |||
+ | Do you want each user to have their own account for SSH tunneling? [y/N] | ||
+ | N | ||
+ | |||
+ | Enter the IP address of your server: (or use localhost for local installation): | ||
+ | localhost | ||
+ | |||
+ | Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [YOUR_PUBLIC_IP] | ||
+ | YOUR_PUBLIC_IP | ||
+ | |||
+ | ==== Android ==== | ||
+ | |||
+ | Install WireGuard Client: | ||
+ | |||
+ | https:// | ||
+ | |||
+ | For Android Device Download and Scan QR Code: | ||
+ | |||
+ | scp root@YOUR_PUBLIC_IP:/ | ||
+ | |||
+ | ==== Linux ==== | ||
+ | |||
+ | add-apt-repository ppa: | ||
+ | apt update -y | ||
+ | apt install wireguard -y | ||
+ | |||
+ | Copy Client Configs: | ||
+ | |||
+ | sudo install -o root -g root -m 600 masoud.conf / | ||
+ | |||
+ | systemctl enable wg-quick@wg0 | ||
+ | |||
+ | systemctl start wg-quick@wg0 | ||
+ | |||
+ | Another Method: | ||
+ | |||
+ | add-apt-repository ppa: | ||
+ | apt update -y | ||
+ | apt install network-manager-l2tp-gnome -y | ||
+ | |||
+ | Add VPN Connection. | ||
+ | |||
+ | Another Method Using IPSec: | ||
+ | |||
+ | apt install strongswan -y | ||
+ | scp root@YOUR_PUBLIC_IP:/ | ||
+ | scp root@YOUR_PUBLIC_IP:/ | ||
+ | scp root@YOUR_PUBLIC_IP:/ | ||
+ | |||
+ | Copy Files | ||
+ | |||
+ | cp masoud.key / | ||
+ | cp masoud.crt / | ||
+ | cp masoud.conf / | ||
+ | cp masoud.secrets / | ||
+ | cp cacert.pem / | ||
+ | |||
+ | Copy Files | ||
+ | |||
+ | cp masoud.crt / | ||
+ | cp masoud.key / | ||
+ | cp cacert.pem / | ||
+ | cp masoud.secrets / | ||
+ | cp masoud.conf / | ||
+ | |||
+ | ipsec restart | ||
+ | ipsec up algovpn-116.202.102.246 | ||
+ | |||
+ | Visit https:// | ||
+ | |||
+ | Add user: | ||
+ | |||
+ | After the installation, | ||
+ | |||
+ | users: | ||
+ | test | ||
+ | pech | ||
+ | | ||
+ | user2 | ||
+ | |||
+ | Once the list is updated, activate the virtual environment and run the users update script. | ||
+ | |||
+ | source env/ | ||
+ | ./algo update-users | ||
+ | |||
+ | After this process completes, the Algo VPN server will contain only the users listed in the config.cfg file. | ||
+ | |||
+ | < | ||
+ | # id test | ||
+ | uid=1002(test) gid=1003(test) groups=1003(test), | ||
+ | </ | ||
+ | |||
+ | The configuration files for each VPN profile are located under the ./ | ||
+ | |||
+ | See the conncection status: | ||
+ | |||
+ | wg show | ||
+ | |||
+ | Check if the following UDP ports are open: | ||
+ | |||
+ | nc -vz -u YOUR_PUBLIC_IP 500 | ||
+ | nc -vz -u YOUR_PUBLIC_IP 51820 | ||
+ | nc -vz -u YOUR_PUBLIC_IP 4500 | ||
+ | |||
+ | ====== Add a new floating IP ====== | ||
+ | |||
+ | Open the project in [[https:// | ||
+ | |||
+ | Add few new lines to configuration file: | ||
+ | |||
+ | nano / | ||
+ | |||
+ | Paste the following configuration into the editor and replace YOUR_NEW_IP with your Floating IP: | ||
+ | |||
+ | network: | ||
+ | version: 2 | ||
+ | ethernets: | ||
+ | eth0: | ||
+ | addresses: | ||
+ | - 2a01: | ||
+ | dhcp4: true | ||
+ | gateway6: fe80::1 | ||
+ | match: | ||
+ | macaddress: 96: | ||
+ | set-name: eth0 | ||
+ | lo: | ||
+ | addresses: | ||
+ | - YOUR_NEW_IP/ | ||
+ | |||
+ | restart your network: | ||
+ | |||
+ | netplan apply |