五分钟搭建隧道云服务

在公有云厂商的新加坡或香港地区免费申请一台免费云主机(可选)

利用terraform创建一台云主机

git clone [email protected]:wubigo/iaas.git
cd iaas\aws\ec2
.\apply

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
instance_id = i-069i247af71871dd9
public_ip = 13.113.195.66


ssh [email protected]

ubuntu@ip-10-12-0-247:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04 LTS
Release:        20.04
Codename:       focal

也可以直接在web控制台根据向导创建

设置安全组

https://wubigo.com/post/vpn-with-wireguard/

stop ubuntu pop-up “Daemons using outdated libraries” when using apt

/etc/needrestart/needrestart.conf

$nrconf{restart} = 'a'

搭建隧道服务器(定制的端口)


git clone https://github.com/wubigo/algo.git 
git clone https://github.com/trailofbits/algo.git 

sudo apt install -y python3-virtualenv

cd algo
sed -i 's/51820/8080/' config.cfg

python3 -m virtualenv --python="$(command -v python3)" .env &&
  source .env/bin/activate &&
  python3 -m pip install -U pip virtualenv &&
  python3 -m pip install -r requirements.txt

ansible-playbook main.yml -e "provider=local
                                server_name=algo
                                ondemand_cellular=false
                                ondemand_wifi=false
                                dns_adblocking=true
                                ssh_tunneling=true
                                store_pki=true
                                region=ams3
                                do_token=token"



    "#                          Congratulations!                            #"
    "#                     Your Algo server is running.                     #"
    "#    Config files and certificates are in the ./configs/ directory.    #"
    "#              Go to https://whoer.net/ after connecting               #"
    "#        and ensure that all your traffic passes through the VPN.      #"
    "#                     Local DNS resolver 172.16.0.1                    #"
    "#        The p12 and SSH keys password for new users is XXXXXXXX       #"
    "#        The CA key password is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX       #"
    "#      Shell access: ssh -F configs/<server_ip>/ssh_config <hostname>  #"

在ansible运行过程中会提示让你输入云主机的公网IP或DNS主机名

配置WINDOWS客户端

Certificates and configuration files that users will need are placed in the configs directory. Make sure to secure these files since many contain private keys. All files are saved under a subdirectory named with the IP address of your new Algo VPN server.

  • 下载wireguard on windows

wireguard-amd64-0.1.1.msi

  • import the conf file from /configs/algo/configs/localhost/wireguard/laptop.conf generated by ansible

  • update dns to ‘1.1.1.1’ if the local dns doesn’t work

停止隧道服务

systemctl stop wg-quick@wg0

更新配置

sudo rm -rf /etc/wireguard/*
rm -rf configs/*

请确保etc/wireguard/*下的配置文件被成功删除

Related