How to setup IPSec VPN server on Alibaba Cloud?
VPN become so popular nowadays because of the growing restrictions by governments, increased Security awareness (no public Wi-Fi’s). There are several VPN services out there, but they are pretty costly, even if you are a technology person you can deploy a VPN easily on to Alibaba Cloud. Don’t also worry if you are not a technology person, this guide is intended for everyone who wishes to do this.
There are three simple steps to do this
-
Create an ECS Instance
-
Setup VPN Server
-
Connect to VPN Server
Create an ECS Instance:
You can log in into Alibaba Cloud Account, Navigate to Console. Search through products for Elastic Compute Service. Click on Instances
Having your choice of the region selected, Click on the “Create Instance” button
There are five steps to create a new Instance
-
Basic Configurations
-
Networking
-
System Configurations
-
Grouping
-
Preview
Every option in that would be obvious, but here are some pitfalls/suggestions
-
If you are prototyping, select Pay-As-You-Go mode. You can always change it to Subscription mode but not vice versa.
-
You can choose 1vCPU and 1 GB RAM. If you are not planning to have massive users.
-
Select Ubuntu as the OS Image with the latest version of 16.04
-
Setup the ssh key or the password-based authentication.
-
Keep the bandwidth minimum of 10 MBps for best performance of the VPN
-
You can reduce the disk size to 20 GB.
Setup VPN Sever
We are using Algo VPN which is an open source, well tested, IPSEC Server. Although it lacks some of the features, it is pretty good for personal use.
Log in to the server using the below command
ssh root@<public-ip-address>
Update the packages
apt-get update
Install git
apt-get install git
Add ansible repsitory
apt-add-repository -y ppa:ansible/ansible
apt-get update -y
apt-get upgrade -y
apt-get install -y build-essential \
libssl-dev \
libffi-dev \
python-dev \
python-pip \
python-setuptools \
python-virtualenv
Clone Algo Code repository
git clone https://github.com/trailofbits/algo
Change to the Algo root
cd algo
Install virtualenv for Algo
python -m virtualenv env
source env/bin/activate
python -m pip install -U pip
python -m pip install -r requirements.txt
If you find any errors during installation, probably you are missing these
- Setting the locale variables
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
- Installing let’s encrypt the package
apt-get install lets encrypt
Also, update the repo and host of the configuration file like below
vi /root/.pip/pip.conf
#index-url=http://mirrors.aliyun.com/pypi/simple/
index-url = https://pypi.python.org/simple/
[install]
#trusted-host=mirrors.aliyun.com
trusted-host=pypi.python.org
Then start creating users by editing the algo configuration file under the “users” node
vi config.cfg
Install algo with the following command
./algo
After a lot of question-related to configurations, mostly the answer for them is ‘y’. But make sure for one of the questions where it asks for the public IP address of the server you need to copy paste the server address from the console.
Once everything is complete, you will see the following info
"\"#----------------------------------------------------------------------#\"",
"\"# Congratulations! #\"",
"\"# Your Algo server is running. #\"",
"\"# Config files and certificates are in the ./configs/ directory. #\"",
"\"# Go to https://whoer.net/ after connecting #\"",
"\"# and ensure that all your traffic passes through the VPN. #\"",
"\"# Local DNS resolver 172.16.0.1 #\"",
"\"# The p12 and SSH keys password is XXXXXXXX #\"",
"\"#----------------------------------------------------------------------#\"",
For iOS and Android Devices the instructions are provided here
Apple Devices
Send users their Apple Profile. Find the corresponding mobileconfig (Apple Profile) for each user and send it to them over AirDrop or other secure means. Apple Configuration Profiles are all-in-one configuration files for iOS and macOS devices. On macOS, double-clicking a profile to install it will fully configure the VPN. On iOS, users are prompted to install the profile as soon as the AirDrop is accepted.
Turn on the VPN. On iOS, connect to the VPN by opening Settings and clicking the toggle next to “VPN” near the top of the list. On macOS, connect to the VPN by opening System Preferences -> Network, finding Algo VPN in the left column and clicking “Connect.” On macOS, check “Show VPN status in menu bar” to easily connect and disconnect from the menu bar.
Managing On-Demand VPNs. If you enabled “On Demand”, the VPN will connect automatically whenever it is able. On iOS, you can turn off “On Demand” by clicking the (i) next to the entry for Algo VPN and toggling off “Connect On Demand.” On macOS, you can turn off “On Demand” by opening the Network Preferences, finding Algo VPN in the left column, and unchecking the box for “Connect on demand.”
Android Devices
WireGuard is used to provide VPN services on Android. Install the [WireGuard VPN Client]. Import the corresponding wireguard/<name>.conf
File to your device then set up a new connection with it. See the [Android setup instructions] for the more detailed walkthrough.
For more details, you can head over to the below link where they have detail instructions of how you can do it
Thanks !! Let me know if you run into some issues. Good Luck