五分钟搭建VPN云服务

在AWS免费申请一台免费云主机(可选)

利用terraform创建一台云主机

git clone [email protected]:wubigo/iaas.git
cd iaas\aws\ec2
.\apply

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Outputs:
instance_id = i-069i247af71871dd9
public_ip = 13.113.195.66


ssh [email protected]

[email protected]:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04 LTS
Release:        20.04
Codename:       focal

也可以直接在web控制台根据向导创建

搭建VPN服务器

git clone https://github.com/trailofbits/algo.git

sudo apt install -y python3-virtualenv

cd algo

python3 -m virtualenv --python="$(command -v python3)" .env &&
  source .env/bin/activate &&
  python3 -m pip install -U pip virtualenv &&
  python3 -m pip install -r requirements.txt

ansible-playbook main.yml -e "provider=local
                                server_name=algo
                                ondemand_cellular=false
                                ondemand_wifi=false
                                dns_adblocking=true
                                ssh_tunneling=true
                                store_pki=true
                                region=ams3
                                do_token=token"



    "#                          Congratulations!                            #"
    "#                     Your Algo server is running.                     #"
    "#    Config files and certificates are in the ./configs/ directory.    #"
    "#              Go to https://whoer.net/ after connecting               #"
    "#        and ensure that all your traffic passes through the VPN.      #"
    "#                     Local DNS resolver 172.16.0.1                    #"
    "#        The p12 and SSH keys password for new users is XXXXXXXX       #"
    "#        The CA key password is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX       #"
    "#      Shell access: ssh -F configs/<server_ip>/ssh_config <hostname>  #"

在ansible运行过程中会提示让你输入云主机的公网IP或DNS主机名

配置WINDOWS客户端

Certificates and configuration files that users will need are placed in the configs directory. Make sure to secure these files since many contain private keys. All files are saved under a subdirectory named with the IP address of your new Algo VPN server.

  • 下载wireguard on windows

wireguard-amd64-0.1.1.msi

  • import the conf file from /configs/algo/configs/localhost/wireguard/laptop.conf generated by ansible

  • update dns to ‘1.1.1.1’ if the local dns doesn’t work

停止VPN服务

systemctl stop [email protected]

更新配置

sudo rm -rf /etc/wireguard/*
rm -rf configs/*

请确保etc/wireguard/*下的配置文件被成功删除

Related