Setup Streisand VPN on Hetzner Cloud

Ömer Demircan — Fri, 23 Oct 2020 09:34:23 +0000

Streisand is a open source VPN setup builder. We can use this every time we want and access to all sites and services. We setup this service to own cloud virtual machine which we get from Hetzner. You only pay 2.49 € / mon. This is very cheap.

Some Streisand services include add-ons for VPN

OpenSSH
OpenConnect / Cisco AnyConnect
OpenVPN
Shadowsocks
A private Tor bridge relay
WireGuard, a modern high-performance protocol.

Today We will setup OpenConnect . Then We use iOS application and terminal access on desktop(If you want you can download GUI to desktop from App Store).

Normally Streisand setup is very easy but If you only setup on providers on below.

Amazon Web Services (AWS)
Microsoft Azure
Digital Ocean
Google Compute Engine (GCE)
Linode
Rackspace

But We will setup on the hetzner and We must follow the advanced installation instructions.

Streisand need a second server for using builder and setup VPN to second server which is your primary VPN server but today we will build directly local VPN to on our primary machine We won't use a second builder server.

Requirements

Verified the hetzner account
Knowledge of terminal level of beginner.

I hope you have requirements because this article does not contain above things. Now If you are ready to start virtual machine on cloud let's start. 💻

Up Hetzner Virtual Machine.

Go to cloud console then If you have not any project create new project and type project name (ex: VPN Project).
Enter to this and click Add Server
1. Select location what you want (I selected Helsinki because of it is sitting in Europe.)
2. Select Linux Ubuntu 16.04
3. Select Type is Standart and Machine CX11 (You can select dedicated machine but it is expensive). This combination is the best choice. If too many people don't be use this VPN.
4. You can skip Volume, Network, Additional features.
5. You should a ssh key to access to your virtual machine with on terminal.
  1. Basically you can run this command ssh-keygen -t ecdsa -b 521
6. You paste content of <your ssh key>.pem file and enter name.
7. Last step click Create & Buy Now button.

Setup Streisand On Your Virtual Machine.

Connect your machine with ssh using root user. Then first things we update and upgrade linux packages.

$ apt update

$ apt upgrade -y

Now create id_rsa to be used by streisand. Run below command and press enter to all questions.

$ ssh-keygen -t rsa -b 4096

Now We gonna clone source code from github.

$ git clone https://github.com/StreisandEffect/streisand.git
$ cd streisand

Install required additional packages. There is a util script in the streisand source code it checks all dependencies for ubuntu.

$ ./util/ubuntu-dependencies.sh

Now We will create python environment and activate that. Be sure you are in streisand directory.

$ ./util/venv-dependencies.sh ./venv

$ source ./venv/bin/activate

! If you get error such this Failing command: ['/root/streisand/venv/bin/python3', '-Im', 'ensurepip', '--upgrade', '--default-pip']

You should copy and paste below three lines to server terminal and press enter.

export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
sudo dpkg-reconfigure locales

This is last step. We create a site.yml file for builder to get standart configs. Create a file in parent directory of your streisand folder. Create hidden folder named .streisand and then create file names site.yml

$ mkdir .streisand
$ vim site.yml

Paste below block to site.yml

---
# Site specific Streisand configuration.
#
# This file is mutated by the playbooks/customize.yml tasks when a user chooses
# to customize which Streisand services are installed.

# The SSH private key that Ansible will use to connect to the Streisand node.
# The associated public key will be used if required when provisioning cloud
# nodes for the authorized_keys file.
streisand_ssh_private_key: "~/.ssh/id_rsa"

vpn_clients: 10

streisand_ad_blocking_enabled: no
streisand_openconnect_enabled: yes
streisand_openvpn_enabled: no
streisand_shadowsocks_enabled: yes
streisand_shadowsocks_v2ray_enabled: no
streisand_ssh_forward_enabled: yes
# By default sshuttle is disabled because it creates a `sshuttle` user that has
# full shell privileges on the Streisand host
streisand_sshuttle_enabled: no
streisand_stunnel_enabled: no
streisand_tinyproxy_enabled: no
streisand_tor_enabled: no
streisand_wireguard_enabled: no
streisand_cloudflared_enabled: no

This configuration allows only openconnect to be configured. Now run builder.

$ ./streisand

This builder ask some questions to you. You should answer no to below question.

Press enter to customize your installation:

When Installation is ended builder generate to generated-docs folder in directory. You should install this folder to your computer(you could use secure copy...).

You drag and drop html file to chrome browser You can see all instructions client configs for all devices (macos, ios, android,...)

Congratulations now you own a VPN 🎉🎉

DEV Community: Ömer Demircan

Setup Streisand VPN on Hetzner Cloud

Requirements

Up Hetzner Virtual Machine.

Setup Streisand On Your Virtual Machine.