no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.

@@ Line 1: / Line 1: @@
+~~NOSIDEBAR~~
+====== Ocserv Installation ======
+Install ocserv:
+  apt install ocserv gnutls-bin -y
+Run a performance benchmark for gnuTLS and find the best one:
+  gnutls-cli --benchmark-tls-ciphers
+Generate Diffie-Hellman parameters:
+  certtool --generate-dh-params --outfile /etc/ocserv/dh.pem
+Find the line:
+  rekey-method = ssl
+Replace it with the following:
+  rekey-method = new-tunnel
+Uncomment the following line:
+  dh-params = /etc/ocserv/dh.pem
+Find this line:
+  tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128"
+Change it to something like this:
+  tls-priorities = "NORMAL:%SERVER_PRECEDENCE:+AES-128-GCM"
+Circumventing Path MTU Discovery issues with MSS Clamping:
+  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu
+==== PAM Issue ====
+Sometimes after the first user connects and disconnects, try to connect again, it gets the following error (Basically looks like ocserv crashes on every second try) when using PAM as authentication method ''libpam-cap'', we can remove it and try again. we can remove it and try again:
+  apt remove libpam-cap -y
+====== Algo Installation ======
+Download and install dependencies:
+  apt -y install unzip python3-virtualenv
+  wget -c https://github.com/trailofbits/algo/archive/master.zip -O /opt/algo.zip
+  cd /opt/
+  unzip algo.zip
+  cd algo-master/
+  python3 -m virtualenv --python="$(command -v python3)" .env &&
+    source .env/bin/activate &&
+    python3 -m pip install -U pip virtualenv &&
+    python3 -m pip install -r requirements.txt
+Open configuration file:
+  nano config.cfg
+Specify the users you wish to create in the users list:
+  users:
+   - masoud
+===== Run the Ansible Setup Wizard =====
+Start the deployment:
+  ./algo
+Choose below options:
+  What provider would you like to use?
+. DigitalOcean
+. Amazon Lightsail
+. Amazon EC2
+. Microsoft Azure
+. Google Compute Engine
+. Hetzner Cloud
+. Vultr
+. Scaleway
+. OpenStack (DreamCompute optimised)
+. CloudStack (Exoscale optimised)
+. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
+  Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks? [y/N]
+  N
+  Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi? [y/N]
+  N
+  Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
+  [y/N]
+  Y
+  Do you want to enable DNS ad blocking on this VPN server? [y/N]
+  N
+  Do you want each user to have their own account for SSH tunneling? [y/N]
+  N
+  Enter the IP address of your server: (or use localhost for local installation): [localhost]
+  localhost
+  Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [YOUR_PUBLIC_IP]
+  YOUR_PUBLIC_IP
+==== Android ====
+Install WireGuard Client:
+https://www.wireguard.com/install/
+For Android Device Download and Scan QR Code:
+  scp root@YOUR_PUBLIC_IP:/opt/algo-master/configs/YOUR_PUBLIC_IP/wireguard/masoud{.png,.conf} .
+==== Linux ====
+  add-apt-repository ppa:wireguard/wireguard
+  apt update -y
+  apt install wireguard -y
+Copy Client Configs:
+  sudo install -o root -g root -m 600 masoud.conf /etc/wireguard/wg0.conf
+  systemctl enable wg-quick@wg0
+  systemctl start wg-quick@wg0
+Another Method:
+  add-apt-repository ppa:nm-l2tp/network-manager-l2tp
+  apt update -y
+  apt install network-manager-l2tp-gnome -y
+Add VPN Connection.
+Another Method Using IPSec:
+  apt install strongswan -y
+  scp root@YOUR_PUBLIC_IP:/opt/algo/configs/YOUR_PUBLIC_IP/ipsec/.pki/private/masoud.key .
+  scp root@YOUR_PUBLIC_IP:/opt/algo/configs/YOUR_PUBLIC_IP/ipsec/.pki/certs/masoud.crt .
+  scp root@YOUR_PUBLIC_IP:/opt/algo/configs/YOUR_PUBLIC_IP/ipsec/manual/* .
+Copy Files
+  cp masoud.key /etc/ipsec.d/private/
+  cp masoud.crt /etc/ipsec.d/private/
+  cp masoud.conf /etc/ipsec.conf
+  cp masoud.secrets /etc/ipsec.secrets
+  cp cacert.pem /etc/ipsec.d/cacerts/cacert.pem
+Copy Files
+  cp masoud.crt /etc/ipsec.d/certs/
+  cp masoud.key /etc/ipsec.d/private/
+  cp cacert.pem /etc/ipsec.d/cacerts/
+  cp masoud.secrets /etc/ipsec.secrets
+  cp masoud.conf /etc/ipsec.conf
+  ipsec restart
+  ipsec up algovpn-116.202.102.246
+Visit https://whoer.net/
+Add user:
+After the installation, you can add other users to list in your config.cfg
+  users:
+   test
+   pech
+   admin
+   user2
+Once the list is updated, activate the virtual environment and run the users update script.
+  source env/bin/activate
+  ./algo update-users
+After this process completes, the Algo VPN server will contain only the users listed in the config.cfg file.
+<code>
+  # id test
+  uid=1002(test) gid=1003(test) groups=1003(test),1000(algo)
+</code>
+The configuration files for each VPN profile are located under the ./algo/configs/ServerIP directory.
+See the conncection status:
+  wg show
+Check if the following UDP ports are open:
+  nc -vz -u YOUR_PUBLIC_IP 500
+  nc -vz -u YOUR_PUBLIC_IP 51820
+  nc -vz -u YOUR_PUBLIC_IP 4500
+====== Add a new floating IP ======
+Open the project in [[https://console.hetzner.cloud/projects/|hetzner console]]. Open the Floating IPs section and add a new one.
+Add few new lines to configuration file:
+  nano /etc/netplan/50-cloud-init.yaml
+Paste the following configuration into the editor and replace YOUR_NEW_IP with your Floating IP:
+  network:
+      version: 2
+      ethernets:
+          eth0:
+              addresses:
+              - 2a01:4f9:c010:18be::1/64
+              dhcp4: true
+              gateway6: fe80::1
+              match:
+                  macaddress: 96:00:00:a6:82:87
+              set-name: eth0
+          lo:
+              addresses:
+              - YOUR_NEW_IP/32
+restart your network:
+  netplan apply