Algo VPN Server installeren en configureren op Ubuntu 20.04

Algo VPN is een open-source software bundel of set Ansible scripts die gebruikt wordt om een WireGuard en IPsec VPN op te zetten. Het werd ontworpen door Trail of Bits om het VPN installatieproces eenvoudig maar veilig te maken. Met Algo VPN kun je vanaf elk apparaat verbinding maken, waaronder, Windows, Linux, OSX, Android, en iOS. Algo VPN ondersteunt vele cloud verschaffers waaronder, Amazon, Google cloud, Vultr, DigitalOcean, Scalway, Linode en OpenStack.

In deze zelfstudie laten we je zien hoe je een VPN server met Algo VPN op Ubuntu 20.04 server kunt opzetten.

Vereisten

  • Een server met Ubuntu 20.04.
  • Een root wachtwoord is de server geconfigureerd.

Aan de slag

Werk eerst je systeempakketten bij naar de nieuwste versie met het volgende commando:

apt-get update -y

Als alle pakketten bijgewerkt zijn, installeer je andere afhankelijkheden met het volgende commando:

apt-get install git apparmor build-essential python3-dev python3-pip python3-setuptools python3-virtualenv libffi-dev libssl-dev -y

Vervolgens moet je de naamresolutieservice uitschakelen om dnsmasq te laten werken. Je kunt het uitschakelen met het volgende commando:

systemctl disable systemd-resolved
systemctl stop systemd-resolved
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf

Als je klaar bent, kun je verder gaan met de volgende stap.

Installeer en configureer Algo VPN

Download eerst de nieuwste versie van Algo VPN uit de Git repository met het volgende commando:

git clone https://github.com/trailofbits/algo.git

Verander vervolgens de directory in de gedownloade directory en maak een Python virtuele omgeving met het volgende commando:

cd algo
python3 -m virtualenv --python=/usr/bin/python3 .env

Activeer vervolgens de virtuele omgeving met het volgende commando:

source .env/bin/activate

Installeer vervolgens de vereiste afhankelijkheden met het volgende commando:

python3 -m pip install -U pip virtualenv
python3 -m pip install -r requirements.txt

Als alle afhankelijkheden geïnstalleerd zijn, installeer je de Algo VPN door het volgende commando uit te voeren:

./algo

Je wordt gevraagd om de Cloud provider te kiezen zoals hieronder:

TASK [Set required ansible version as a fact] *************************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)

TASK [Verify Python meets Algo VPN requirements] **********************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] *********************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] *****************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Microsoft Azure
    5. Google Compute Engine
    6. Hetzner Cloud
    7. Vultr
    8. Scaleway
    9. OpenStack (DreamCompute optimised)
    10. CloudStack (Exoscale optimised)
    11. Linode
    12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
  
Enter the number of your desired provider
:
12

Type 12 and hit Enter to setup Algo VPN on Ubuntu 20.04 server. You will be asked for several questions as shown below:

TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:y

TASK [Cellular On Demand prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:y

TASK [Wi-Fi On Demand prompt] *********************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:HomeNet

TASK [Trusted Wi-Fi networks prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:y

TASK [Compatible ciphers prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:y

TASK [Retain the CA key prompt] *******************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:y

TASK [DNS adblocking prompt] **********************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:N
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
localhost
TASK [local : pause] **************************************************************************************************************************
ok: [localhost]

TASK [local : Set the facts] ******************************************************************************************************************
ok: [localhost]
[local : pause]
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]
:
root

Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[45.58.38.120]

Als de installatie met succes voltooid is, zou je de volgende uitvoer moeten krijgen:

TASK [debug] **********************************************************************************************************************************
ok: [localhost] => {
    "msg": [
        [
            "\"#                          Congratulations!                            #\"",
            "\"#                     Your Algo server is running.                     #\"",
            "\"#    Config files and certificates are in the ./configs/ directory.    #\"",
            "\"#              Go to https://whoer.net/ after connecting               #\"",
            "\"#        and ensure that all your traffic passes through the VPN.      #\"",
            "\"#                     Local DNS resolver 172.18.7.104                   #\"",
            ""
        ],
        "    \"#        The p12 and SSH keys password for new users is 7OEfSUZt0       #\"\n",
        "    \"#        The CA key password is [email protected]       #\"\n",
        "    "
    ]
}

PLAY RECAP ************************************************************************************************************************************
localhost                  : ok=125  changed=39   unreachable=0    failed=0    skipped=53   rescued=0    ignored=0   

Na de installatie zou je het configuratiebestand voor elk VPN profiel moeten zien met het volgende commando:

ls configs/your-server-ip/wireguard/

Je zou alle profielen moeten zien in de volgende uitvoer:

apple  desktop.conf  desktop.png  laptop.conf  laptop.png  phone.conf  phone.png  user1.conf  user1.png

Je kunt elk van de bovenstaande bestanden op je client toestel gebruiken om verbinding te maken met de Algo VPN server.

Conclusie

Gefeliciteerd! Je hebt met succes Algo VPN geïnstalleerd en ingesteld op de Ubuntu 20.04 server. Je kunt nu je Windows, Linux of Android toestel configureren om verbinding te maken met de Algo VPN server.