如何在Ubuntu 20.04上安装和配置Algo VPN服务器

如何在Ubuntu 20.04上安装和配置Algo VPN服务器

Algo VPN是一个开源软件包或Ansible脚本集，用于设置WireGuard和IPsec VPN。 它是由Trail of Bits设计的，目的是使VPN安装过程既简单又安全。 Algo VPN允许你从任何设备进行连接，包括Windows，Linux，OSX，Android和iOS。 Algo VPN支持许多云服务，包括亚马逊，谷歌云，Vultr，DigitalOcean，Scalway，Linode和OpenStack。

在本教程中，我们将向你展示如何在Ubuntu 20.04服务器上使用Algo VPN设置VPN服务器。

• 运行Ubuntu 20.04的服务器。
• 为服务器配置了root加密货币。

入门

首先，使用以下命令将系统软件包更新为最新版本：

apt-get update -y

更新所有软件包后，请使用以下命令安装其他依赖项：

apt-get install git apparmor build-essential python3-dev python3-pip python3-setuptools python3-virtualenv libffi-dev libssl-dev -y

接下来，你将需要禁用名称解析服务以使dnsmasq正常工作。 你可以使用以下命令禁用它：

systemctl disable systemd-resolved
systemctl stop systemd-resolved
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.conf

完成后，你可以继续下一步。

安装和配置Algo VPN

首先，使用以下命令从Git存储库下载最新版本的Algo VPN：

git clone https://github.com/trailofbits/algo.git

接下来，将目录更改为下载的目录，并使用以下命令创建Python虚拟环境：

cd algo
python3 -m virtualenv --python=/usr/bin/python3 .env

接下来，使用以下命令激活虚拟环境：

source .env/bin/activate

接下来，使用以下命令安装所需的依赖项：

python3 -m pip install -U pip virtualenv
python3 -m pip install -r requirements.txt

安装所有依赖项后，通过运行以下命令来安装Algo VPN：

./algo

系统将要求你选择云提供商，如下所示：

TASK [Set required ansible version as a fact] *************************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)

TASK [Verify Python meets Algo VPN requirements] **********************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verify Ansible meets Algo VPN requirements] *********************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log

PLAY [Ask user for the input] *****************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
    1. DigitalOcean
    2. Amazon Lightsail
    3. Amazon EC2
    4. Microsoft Azure
    5. Google Compute Engine
    6. Hetzner Cloud
    7. Vultr
    8. Scaleway
    9. OpenStack (DreamCompute optimised)
    10. CloudStack (Exoscale optimised)
    11. Linode
    12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
  
Enter the number of your desired provider
:
12

Type 12 and hit Enter to setup Algo VPN on Ubuntu 20.04 server. You will be asked for several questions as shown below:

TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?

[y/N]

:y TASK [Cellular On Demand prompt] ****************************************************************************************************************************************************************************************** ok: [localhost] [Wi-Fi On Demand prompt] Do you want macOS/iOS IPsec clients to enable “Connect On Demand” when connected to Wi-Fi?

[y/N]

:y TASK [Wi-Fi On Demand prompt] ********************************************************************************************************************************************************************************************* ok: [localhost] [Trusted Wi-Fi networks prompt] List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use “Connect On Demand” (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi) :HomeNet TASK [Trusted Wi-Fi networks prompt] ************************************************************************************************************************************************************************************** ok: [localhost] [Compatible ciphers prompt] Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)

[y/N]

:y TASK [Compatible ciphers prompt] ****************************************************************************************************************************************************************************************** ok: [localhost] [Retain the CA key prompt] Do you want to retain the CA key? (required to add users in the future, but less secure)

[y/N]

:y TASK [Retain the CA key prompt] ******************************************************************************************************************************************************************************************* ok: [localhost] [DNS adblocking prompt] Do you want to install an ad blocking DNS resolver on this VPN server?

[y/N]

:y TASK [DNS adblocking prompt] ********************************************************************************************************************************************************************************************** ok: [localhost] [SSH tunneling prompt] Do you want each user to have their own account for SSH tunneling?

[y/N]

:N Enter the IP address of your server: (or use localhost for local installation):

[localhost]

: localhost TASK [local : pause] ************************************************************************************************************************** ok: [localhost] TASK [local : Set the facts] ****************************************************************************************************************** ok: [localhost]

[local : pause]

What user should we use to login on the server? (note: passwordless login required, or ignore if you’re deploying to localhost)

[root]

: root Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate) [45.58.38.120]

成功完成安装后，你将获得以下输出：

TASK [debug] **********************************************************************************************************************************
ok: [localhost] => {
    "msg": [
        [
            ""#                          Congratulations!                            #"",
            ""#                     Your Algo server is running.                     #"",
            ""#    Config files and certificates are in the ./configs/ directory.    #"",
            ""#              Go to https://whoer.net/ after connecting               #"",
            ""#        and ensure that all your traffic passes through the VPN.      #"",
            ""#                     Local DNS resolver 172.18.7.104                   #"",
            ""
        ],
        "    "#        The p12 and SSH keys password for new users is 7OEfSUZt0       #"n",
        "    "#        The CA key password is [email protected]       #"n",
        "    "
    ]
}

PLAY RECAP ************************************************************************************************************************************
localhost                  : ok=125  changed=39   unreachable=0    failed=0    skipped=53   rescued=0    ignored=0   

安装后，你应该使用以下命令查看每个VPN配置文件的配置文件：

ls configs/your-server-ip/wireguard/

你应该在以下输出中看到所有概要文件：

apple  desktop.conf  desktop.png  laptop.conf  laptop.png  phone.conf  phone.png  user1.conf  user1.png

你可以在客户端设备上使用上述任何文件来连接到Algo VPN服务器。

结论

恭喜你 你已在Ubuntu 20.04服务器上成功安装并配置了Algo VPN。 现在，你可以配置Windows，Linux或Android设备以连接到Algo VPN服务器。