3 minutes reading time (560 words)

Privacy Cookbook - Chapter 4.5 - VPN multiple big solutions

photo by Eugene Zhang
Lets be honest, Algo, which we covered in the last chapter of the Privacy Cookbook, is probably the best and easiest solution to get your own VPN installed, up and running. However that doesn't mean there aren't other solutions that are only a click or a few lines of script away!

Some are provided directly by cloud servers and another by Andrei Andreev at Medium.

This gives you a 5-10 client setup and takes less than 5 minutes to install and this setup even comes with an Unbound DNS solution. 

Right now, we are going back to the DNS chapter to explain how to do this at home or on a server but in today's writeup we just have the solution in a simple one-two so lets do it on WireGuard!

As usual you need a cloud server, we have already done this with hetzner and digitalocean and in both cases it runs as smooth as silk.

ssh root@your_server_ip

wget https://raw.githubusercontent.com/drew2a/wireguard/master/wg-ububtu-server-up.sh

chmod +x ./wg-ububtu-server-up.sh

./wg-ububtu-server-up.sh 10 
Once the commands are sent, the WireGuard server will take over and do the rest.

The end of the successfully launched script will look like this:
interface: wg0

public key: +xxxEjj1qmxxxotq4OxxxfHPaxxxtre5xxxxOfxxw=
private key: (hidden)
listening port: 51820

peer: d1exxxLdCZcYxxxIQ0xxxxK/Wpx8G1N8xxvnUrxxxx=

allowed ips: 10.0.0.2/32

peer: fWExxxazRxxxUOxxxx4JKgUTxxo9LaxxxxOGWtxxK0w=

allowed ips: 10.0.0.3/32

peer: RbmxxxDxOoXMxxxcyate6xxxinIClxxDgRDxxxx0j0=

allowed ips: 10.0.0.4/32 

This will create 10 separate client configs [client1.conf…client10.conf] that are located in the droplet folder [$HOME/wireguard/], you can can use one config for each device.

Also the easiest way is to SFTP to the server and download the clients.

Another super easy solution is offered by cloud provider linode which has a WireGuard replay with just one click!

https://www.linode.com/docs/platform/one-click/deploy-wireguard-with-one-click-apps/

Another great solution is called streisand

This is another super interesting solution, as it can create a few incredible options!


https://github.com/StreisandEffect/streisand

So! How to?

Start by opening a terminal window on your device, check for existing ssh keys at:

ls ~/.ssh/id_rsa.pub 

If none there, create one using ssh-keygen:

ssh-keygen -t rsa -b 4096 

Now connect via ssh to your server:

ssh root@your_server_ip 

Next install python:

sudo apt-get install git python-pip 

Clone the Streisand repository from GitHub

git clone https://github.com/StreisandEffect/streisand.git && cd streisand 

Run the installer for Ansible and dependencies. This will identify any missing packages and provide the commands required to  retrieve them. (Ignore warnings from Python 2.7 re: depreciation and from python-novaclient re: 5.1.3 incompatibility)
--------

./util/venv-dependencies.sh ./venv 

Activate the Ansible packages:

source ./venv/bin/activate 

Run the Streisand script.

 ./streisand 

Following the prompted instructs, select your provider, the location for the server and name. 

You will also be required to  enter API information.

Once login information and API keys are entered, Streisand will begin setting up a new remote server.

Once setup to complete, look for the corresponding files in the generated-docs folder in the Streisand repository directory.

The HTML file will explain connecting to the Gateway over SSL or via the Tor hidden service. 

All instructions, files, mirrored clients and keys can be found on the Gateway. 

You are good to go! Have fun, stay safe (secure!).

 

Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location