No restrictions/monitoring - VPN Server on Alibaba Cloud

Alibaba Cloud Services
1

How to setup IPSec VPN server on Alibaba Cloud?

VPN become so popular nowadays because of the growing restrictions by governments, increased Security awareness (no public Wi-Fi’s). There are several VPN services out there, but they are pretty costly, even if you are a technology person you can deploy a VPN easily on to Alibaba Cloud. Don’t also worry if you are not a technology person, this guide is intended for everyone who wishes to do this.

There are three simple steps to do this

  1. Create an ECS Instance

  2. Setup VPN Server

  3. Connect to VPN Server

Create an ECS Instance:

You can log in into Alibaba Cloud Account, Navigate to Console. Search through products for Elastic Compute Service. Click on Instances

Having your choice of the region selected, Click on the “Create Instance” button
image

There are five steps to create a new Instance

  1. Basic Configurations

  2. Networking

  3. System Configurations

  4. Grouping

  5. Preview

Every option in that would be obvious, but here are some pitfalls/suggestions

  • If you are prototyping, select Pay-As-You-Go mode. You can always change it to Subscription mode but not vice versa.

  • You can choose 1vCPU and 1 GB RAM. If you are not planning to have massive users.

  • Select Ubuntu as the OS Image with the latest version of 16.04

  • Setup the ssh key or the password-based authentication.

  • Keep the bandwidth minimum of 10 MBps for best performance of the VPN

  • You can reduce the disk size to 20 GB.

Setup VPN Sever

We are using Algo VPN which is an open source, well tested, IPSEC Server. Although it lacks some of the features, it is pretty good for personal use.

Log in to the server using the below command

ssh root@<public-ip-address>

Update the packages

apt-get update

Install git

apt-get install git

Add ansible repsitory

apt-add-repository -y ppa:ansible/ansible

apt-get update -y

apt-get upgrade -y

apt-get install -y build-essential \

  libssl-dev \

  libffi-dev \

  python-dev \

  python-pip \

  python-setuptools \

  python-virtualenv

Clone Algo Code repository

git clone https://github.com/trailofbits/algo

Change to the Algo root

cd algo

Install virtualenv for Algo

python -m virtualenv env

source env/bin/activate

python -m pip install -U pip

python -m pip install -r requirements.txt

If you find any errors during installation, probably you are missing these

  • Setting the locale variables

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
  • Installing let’s encrypt the package

apt-get install lets encrypt

Also, update the repo and host of the configuration file like below

vi /root/.pip/pip.conf

#index-url=http://mirrors.aliyun.com/pypi/simple/
index-url = https://pypi.python.org/simple/

[install]
#trusted-host=mirrors.aliyun.com
trusted-host=pypi.python.org

Then start creating users by editing the algo configuration file under the “users” node

vi config.cfg

Install algo with the following command

./algo

After a lot of question-related to configurations, mostly the answer for them is ‘y’. But make sure for one of the questions where it asks for the public IP address of the server you need to copy paste the server address from the console.

Once everything is complete, you will see the following info

 "\"#----------------------------------------------------------------------#\"",

 "\"#  Congratulations!  #\"",

 "\"#  Your Algo server is running. #\"",

 "\"#  Config files and certificates are in the ./configs/ directory.  #\"",

 "\"#  Go to https://whoer.net/ after connecting  #\"",

 "\"#  and ensure that all your traffic passes through the VPN.   #\"",

 "\"#  Local DNS resolver 172.16.0.1 #\"",

 "\"#  The p12 and SSH keys password is XXXXXXXX  #\"",

"\"#----------------------------------------------------------------------#\"",

For iOS and Android Devices the instructions are provided here

Apple Devices

Send users their Apple Profile. Find the corresponding mobileconfig (Apple Profile) for each user and send it to them over AirDrop or other secure means. Apple Configuration Profiles are all-in-one configuration files for iOS and macOS devices. On macOS, double-clicking a profile to install it will fully configure the VPN. On iOS, users are prompted to install the profile as soon as the AirDrop is accepted.

Turn on the VPN. On iOS, connect to the VPN by opening Settings and clicking the toggle next to “VPN” near the top of the list. On macOS, connect to the VPN by opening System Preferences -> Network, finding Algo VPN in the left column and clicking “Connect.” On macOS, check “Show VPN status in menu bar” to easily connect and disconnect from the menu bar.

Managing On-Demand VPNs. If you enabled “On Demand”, the VPN will connect automatically whenever it is able. On iOS, you can turn off “On Demand” by clicking the (i) next to the entry for Algo VPN and toggling off “Connect On Demand.” On macOS, you can turn off “On Demand” by opening the Network Preferences, finding Algo VPN in the left column, and unchecking the box for “Connect on demand.”

Android Devices

WireGuard is used to provide VPN services on Android. Install the [WireGuard VPN Client]. Import the corresponding wireguard/<name>.conf File to your device then set up a new connection with it. See the [Android setup instructions] for the more detailed walkthrough.

For more details, you can head over to the below link where they have detail instructions of how you can do it

Thanks !! Let me know if you run into some issues. Good Luck