Algo VPN è un pacchetto software open source o un set di script Ansible utilizzato per configurare una VPN WireGuard e IPsec. È stato progettato da Trail of Bits per rendere il processo di installazione della VPN semplice ma sicuro. Algo VPN ti consente di connetterti da qualsiasi dispositivo inclusi Windows, Linux, OSX, Android e iOS. Algo VPN supporta molti servizi cloud tra cui Amazon, Google cloud, Vultr, DigitalOcean, Scalway, Linode e OpenStack.
In questo tutorial, ti mostreremo come configurare un server VPN con Algo VPN sul server Ubuntu 20.04.
Prerequisiti
- Un server che esegue Ubuntu 20.04.
- Una password di root è configurata sul server.
Per iniziare
Innanzitutto, aggiorna i pacchetti di sistema all'ultima versione utilizzando il comando seguente:
apt-get update -y
Una volta aggiornati tutti i pacchetti, installa le altre dipendenze con il seguente comando:
apt-get install git apparmor build-essential python3-dev python3-pip python3-setuptools python3-virtualenv libffi-dev libssl-dev -y
Successivamente, dovrai disabilitare il servizio di risoluzione dei nomi affinché dnsmasq funzioni. Puoi disabilitarlo con il seguente comando:
systemctl disable systemd-resolved
systemctl stop systemd-resolved
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
Una volta terminato, puoi procedere al passaggio successivo.
Installa e configura Algo VPN
Innanzitutto, scarica l'ultima versione di Algo VPN dal repository Git utilizzando il seguente comando:
git clone https://github.com/trailofbits/algo.git
Quindi, cambia la directory nella directory scaricata e crea un ambiente virtuale Python con il seguente comando:
cd algo
python3 -m virtualenv --python=/usr/bin/python3 .env
Successivamente, attiva l'ambiente virtuale con il seguente comando:
source .env/bin/activate
Quindi, installa le dipendenze richieste con il seguente comando:
python3 -m pip install -U pip virtualenv
python3 -m pip install -r requirements.txt
Una volta installate tutte le dipendenze, installa Algo VPN eseguendo il comando seguente:
./algo
Ti verrà chiesto di scegliere il provider Cloud come mostrato di seguito:
TASK [Set required ansible version as a fact] *************************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)
TASK [Verify Python meets Algo VPN requirements] **********************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] *********************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] *****************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Linode
12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
Enter the number of your desired provider
:
12
Type 12 and hit Enter to setup Algo VPN on Ubuntu 20.04 server. You will be asked for several questions as shown below:
TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:y
TASK [Cellular On Demand prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:y
TASK [Wi-Fi On Demand prompt] *********************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:HomeNet
TASK [Trusted Wi-Fi networks prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:y
TASK [Compatible ciphers prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:y
TASK [Retain the CA key prompt] *******************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:y
TASK [DNS adblocking prompt] **********************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:N
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
localhost
TASK [local : pause] **************************************************************************************************************************
ok: [localhost]
TASK [local : Set the facts] ******************************************************************************************************************
ok: [localhost]
[local : pause]
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]
:
root
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[45.58.38.120]
Una volta completata l'installazione, dovresti ottenere il seguente output:
TASK [debug] **********************************************************************************************************************************
ok: [localhost] => {
"msg": [
[
"\"# Congratulations! #\"",
"\"# Your Algo server is running. #\"",
"\"# Config files and certificates are in the ./configs/ directory. #\"",
"\"# Go to https://whoer.net/ after connecting #\"",
"\"# and ensure that all your traffic passes through the VPN. #\"",
"\"# Local DNS resolver 172.18.7.104 #\"",
""
],
" \"# The p12 and SSH keys password for new users is 7OEfSUZt0 #\"\n",
" \"# The CA key password is [email protected] #\"\n",
" "
]
}
PLAY RECAP ************************************************************************************************************************************
localhost : ok=125 changed=39 unreachable=0 failed=0 skipped=53 rescued=0 ignored=0
Dopo l'installazione, dovresti vedere il file di configurazione per ogni profilo VPN usando il seguente comando:
ls configs/your-server-ip/wireguard/
Dovresti vedere tutto il profilo nel seguente output:
apple desktop.conf desktop.png laptop.conf laptop.png phone.conf phone.png user1.conf user1.png
Puoi utilizzare uno qualsiasi dei file di cui sopra sul tuo dispositivo client per connetterti al server Algo VPN.
Conclusione
Congratulazioni! hai installato e configurato correttamente Algo VPN sul server Ubuntu 20.04. Ora puoi configurare il tuo dispositivo Windows, Linux o Android per la connessione al server Algo VPN.