运维开发网

安装Algo VPN:在云中设置个人IPSEC VPN

运维开发网 https://www.qedev.com 2021-01-13 16:58 出处:云网牛站 作者:戴进
Algo VPN是一套Ansible脚本,可简化个人IPSEC和Wireguard VPN的设置,它使用最安全的默认设置,与常见的云提供商配合使用,并且在大多数设备上不需要客户端软件。安装Algo VPN,可实现在云

Algo VPN是一套Ansible脚本,可简化个人IPSEC和Wireguard VPN的设置,它使用最安全的默认设置,与常见的云提供商配合使用,并且在大多数设备上不需要客户端软件。安装Algo VPN,可实现在云中设置个人IPSEC VPN,为你提供了一种简单的方法来安装和配置安全VPN或云中供个人使用。请注意,你不需要掌握Linux或Ansible来设置它,这个过程并不繁琐。

安装Algo VPN:在云中设置个人IPSEC VPN

 

在Ubuntu/Debian上安装Algo VPN

对于基于Ubuntu和Debian的系统,请通过运行以下命令安装所需的依赖项:

sudo apt-get update

sudo apt-get install -y git build-essential python-dev python-pip python-setuptools python-Virtualenv libffi-dev libssl-dev

一旦安装了依赖项,就clone Algo VPN存储库:

git clone https://github.com/trailofbits/algo.git

 

安装Algo Python依赖项

切换到algo目录并安装Python依赖项,例如ansible(在Ubuntu 18.04系统中安装Ansible 2.7.5的方法)、jinja、PyYAML:

cd algo

python -m Virtualenv --python=$(which python2) env &&

source env/bin/activate &&

python -m pip install -U pip Virtualenv &&

python -m pip install -r requirements.txt

这将收集ansible、jinja、PyYAML。

 

列出要创建的用户

在文本编辑器中打开config.cfg,在用户列表中指定要创建的用户,当我在系统中添加具有用户名称的用户时遇到错误,用户可能正在运行给定进程,Algo脚本会返回错误,所以使用唯一的用户名:

vim config.cfg

添加如下用户:

users:

- test

- pench

- admin

 

禁用已解决的服务(使dnsmasq工作)

运行以下命令以禁用已解析的服务:

sudo systemctl disable systemd-resolved

sudo systemctl stop systemd-resolved

另外,删除符号链接到resolv.conf文件:

sudo unlink /etc/resolv.conf

然后创建新的resolv.conf文件:

echo "nameserver 8.8.8.8" > /etc/resolv.conf

 

开始部署

在仍然在algo目录中时,通过运行algo脚本开始部署,如下所示,我的设置如下:

# ./algo

选择你的云提供商或现有服务器:

PLAY [Ask user for the input] 

TASK [Gathering Facts] *

ok: [localhost]

[pause]

What provider would you like to use?

1. DigitalOcean

2. Amazon Lightsail

3. Amazon EC2

4. Vultr

5. Microsoft Azure

6. Google Compute Engine

7. Scaleway

8. OpenStack (DreamCompute optimised)

9. Install to existing Ubuntu 18.04 server (Advanced)

Enter the number of your desired provider

: 9

设置是否允许macOS/iOS客户端在连接到networks/Wi-Fi时启用“VPN On Demand”:

TASK [pause] ***

ok: [localhost]

TASK [Set facts based on the input] **

ok: [localhost]

[pause]

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?

[y/N]

:

y

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?

[y/N]

:

y

设置可信Wi-Fi网络列表:

List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN

(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)

:

Netpap

根据需要设置其他选项:

Do you want to install a DNS resolver on this VPN server, to block ads while surfing?

[y/N]

:

y

TASK [pause] ***

ok: [localhost]

[pause]

Do you want each user to have their own account for SSH tunneling?

[y/N]

:

y

TASK [pause] ***

ok: [localhost]

[pause]

Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)

[y/N]

:

y

TASK [pause] ***

ok: [localhost]

[pause]

Do you want to retain the CA key? (required to add users in the future, but less secure)

[y/N]

:

y

应该开始ansible部署:

TASK [pause] **

ok: [localhost]

TASK [Set facts based on the input] *

ok: [localhost]

PLAY [Provision the server] *

TASK [Gathering Facts] 

ok: [localhost]

--> Please include the following block of text when reporting issues:

Algo running on: Ubuntu 18.04.1 LTS (Virtualized: kvm)

Created from git clone. Last commit: 40b42c4 Get started with Azure more easily (#1323)

Python 2.7.15rc1

Runtime variables:

algo_provider "local"

algo_ondemand_cellular "True"

algo_ondemand_wifi "True"

algo_ondemand_wifi_exclude "X251bGw="

algo_local_dns "True"

algo_ssh_tunneling "True"

algo_windows "True"

wireguard_enabled "True"

dns_encryption "True"

TASK [Display the invocation environment] *

changed: [localhost -> localhost]

TASK [Install the requirements] ***

changed: [localhost -> localhost]

TASK [Generate the SSH private key] *

changed: [localhost]

TASK [Generate the SSH public key] 

changed: [localhost]

[local : pause]

Enter the IP address of your server: (or use localhost for local installation):

[localhost]

:

localhost

TASK [local : pause] 

ok: [localhost]

TASK [local : Set the facts] 

ok: [localhost]

TASK [local : Set the facts] 

ok: [localhost]

[local : pause]

Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate)

[localhost]

:

192.168.1.10 (Your Public IP Here)

成功完成后,会出现如下反馈信息:

安装Algo VPN:在云中设置个人IPSEC VPN

部署后,Algo VPN会将用户添加到系统并生成配置文件,以便与VPN客户端和ssh密钥一起使用。

 

添加用户

安装完成后,你可以在config.cfg中添加要列出的其他用户:

users:

test

pech

admin 

user2

更新列表后,激活虚拟环境并运行用户更新脚本:

source env/bin/activate

./algo update-users

此过程完成后,Algo VPN服务器将仅包含config.cfg文件中列出的用户:

# id test

uid=1002(test) gid=1003(test) groups=1003(test),1000(algo)

每个VPN配置文件的配置文件位于./algo/configs/ServerIP目录下:

# ls | grep test

ipsec_test.conf

ipsec_test.secrets

test.mobileconfig

test.p12

test.ssh_config

test.ssh.pem

windows_test.ps1

至此,添加用户设置完成。

 

0

精彩评论

暂无评论...
验证码 换一张
取 消