Algo VPN adalah bundel perangkat lunak sumber terbuka atau set skrip Ansible yang digunakan untuk menyiapkan WireGuard dan VPN IPsec. Itu dirancang oleh Trail of Bits untuk membuat proses instalasi VPN sederhana namun aman. Algo VPN memungkinkan Anda terhubung dari perangkat apa pun termasuk, Windows, Linux, OSX, Android, dan iOS. Algo VPN mendukung banyak penyedia cloud termasuk, Amazon, Google cloud, Vultr, DigitalOcean, Scalway, Linode, dan OpenStack.
Dalam tutorial ini, kami akan menunjukkan kepada Anda cara mengatur server VPN dengan Algo VPN di server Ubuntu 20.04.
Prasyarat
- Server yang menjalankan Ubuntu 20.04.
- Sandi root dikonfigurasi untuk server.
Memulai
Pertama, perbarui paket sistem Anda ke versi terbaru menggunakan perintah berikut:
apt-get update -y
Setelah semua paket diperbarui, instal dependensi lain dengan perintah berikut:
apt-get install git apparmor build-essential python3-dev python3-pip python3-setuptools python3-virtualenv libffi-dev libssl-dev -y
Selanjutnya, Anda perlu menonaktifkan layanan resolusi nama agar dnsmasq berfungsi. Anda dapat menonaktifkannya dengan perintah berikut:
systemctl disable systemd-resolved
systemctl stop systemd-resolved
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf
Setelah selesai, Anda dapat melanjutkan ke langkah berikutnya.
Instal dan Konfigurasikan Algo VPN
Pertama, unduh Algo VPN versi terbaru dari repositori Git menggunakan perintah berikut:
git clone https://github.com/trailofbits/algo.git
Selanjutnya, ubah direktori ke direktori yang diunduh dan buat lingkungan virtual Python dengan perintah berikut:
cd algo
python3 -m virtualenv --python=/usr/bin/python3 .env
Selanjutnya, aktifkan Virtual environment dengan perintah berikut:
source .env/bin/activate
Selanjutnya, instal dependensi yang diperlukan dengan perintah berikut:
python3 -m pip install -U pip virtualenv
python3 -m pip install -r requirements.txt
Setelah semua dependensi terinstal, instal Algo VPN dengan menjalankan perintah berikut:
./algo
Anda akan diminta untuk memilih penyedia Cloud seperti yang ditunjukkan di bawah ini:
TASK [Set required ansible version as a fact] *************************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)
TASK [Verify Python meets Algo VPN requirements] **********************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] *********************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] *****************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Linode
12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
Enter the number of your desired provider
:
12
Type 12 and hit Enter to setup Algo VPN on Ubuntu 20.04 server. You will be asked for several questions as shown below:
TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:y
TASK [Cellular On Demand prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:y
TASK [Wi-Fi On Demand prompt] *********************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:HomeNet
TASK [Trusted Wi-Fi networks prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:y
TASK [Compatible ciphers prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:y
TASK [Retain the CA key prompt] *******************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:y
TASK [DNS adblocking prompt] **********************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:N
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
localhost
TASK [local : pause] **************************************************************************************************************************
ok: [localhost]
TASK [local : Set the facts] ******************************************************************************************************************
ok: [localhost]
[local : pause]
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]
:
root
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[45.58.38.120]
Setelah instalasi berhasil diselesaikan, Anda akan mendapatkan output berikut:
TASK [debug] **********************************************************************************************************************************
ok: [localhost] => {
"msg": [
[
"\"# Congratulations! #\"",
"\"# Your Algo server is running. #\"",
"\"# Config files and certificates are in the ./configs/ directory. #\"",
"\"# Go to https://whoer.net/ after connecting #\"",
"\"# and ensure that all your traffic passes through the VPN. #\"",
"\"# Local DNS resolver 172.18.7.104 #\"",
""
],
" \"# The p12 and SSH keys password for new users is 7OEfSUZt0 #\"\n",
" \"# The CA key password is [email protected] #\"\n",
" "
]
}
PLAY RECAP ************************************************************************************************************************************
localhost : ok=125 changed=39 unreachable=0 failed=0 skipped=53 rescued=0 ignored=0
Setelah instalasi, Anda akan melihat file konfigurasi untuk setiap profil VPN menggunakan perintah berikut:
ls configs/your-server-ip/wireguard/
Anda akan melihat semua profil di output berikut:
apple desktop.conf desktop.png laptop.conf laptop.png phone.conf phone.png user1.conf user1.png
Anda dapat menggunakan salah satu file di atas pada perangkat klien Anda untuk terhubung ke server VPN Algo.
Kesimpulan
Selamat! Anda telah berhasil menginstal dan mengkonfigurasi Algo VPN di server Ubuntu 20.04. Sekarang Anda dapat mengonfigurasi perangkat Windows, Linux, atau Android Anda untuk terhubung ke server Algo VPN.