A while ago I had OpenVPN setup, but it was quite a bit of work. Then I upgraded something and it broke, and I never got around to fixing it. So setting up VPN access to my home network has been on my to do list for a while. Then I noticed the release of Jigsaw's (Alphabet/Google) Outline VPN, and figured I'd give it a try.
Setting up Outline VPN took a lot longer than it should have because I didn't find a really good resource for installing it at home. Everything I found left out some of the key details I was interested in. Specifically, I wanted to know a bit about what's going on, and wanted to minimize the number of ports I have open and/or forwarded on my home router.
First, I have Ubuntu 16.04, so the steps will be best described for that OS. However, it shouldn't be that difficult to translate them to a different OS.
- Verify you have an externally accessible IP address.
- Log into the router or cable modem your ISP provided
- Check the setup or status page
- There will be a WAN IP address. If it's not within one of the following sets, private IP addresses, then you're good to go (10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, 192.168.0.0 - 192.168.255.255)
- Install Docker - Follow the link for the complete steps, or try the following:
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- sudo apt-get update
- sudo apt-get install -y docker-ce
- The following steps generally following Outline VPN standard installation steps
- Download the install script and save it locally
- sudo wget https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh > install_server.sh
- Set the port used by Outline Manager, by editing install_server.sh. Then either update get_random_port to return a number between 1024 and 65535, or update the script at around line 99 to use the specific port number instead of calling get_random_port (which returns a random port)
- ex. Replace 'echo $num;' with 'echo 65333;'
- Update your router and/or firewall to forward the specific port to the computer that you're installing Outline on.
- Install Outline VPN, execute (-x is optional, and is for debugging purposes). Take note of the apiUrl and certSha256 output at the end of the command assuming it's successful.
- cat install_server.sh | sudo bash -x
- Assuming the manager port is not blocked, the install will complete.
- Download Outline Manager from the following site
- Run Outline Manager and select the bottom option
- Enter the apiUrl and certSha256 from step 7 in the Outline Manager and click OK
- So that you can track usage, in the connected Outline Manager, add a key and give it a useful name.
- Click SHARE and copy the generated URL using the device you want to connect to your VPN
- The URL will look something like the following. Again go to your firewall and/or router and forward the <PORT NUMBER> to the computer that you're installing Outline on.
- https://s3.amazonaws.com/outline-vpn/index.html#/invite/ss%3A%2F%2abcdefg...%3D%40<IP ADDRESS>%3A<PORT NUMBER>%2F%3Foutline%3D1
- Go to the URL from step 13. You will be directed to install the Outline application, and add the server.
- You're done. To test, click CONNECT and try to access something from your home network.
I use mine for my nightly backups of pictures and videos I've taken on my phone to my NextCloud installation that I don't want publicly accessible.
If you run into problems during the install, stopping and removing all the related docker images will be useful:
- sudo docker stop shadowbox;sudo docker rm shadowbox;sudo docker stop watchtower;sudo docker rm watchtower