How to Setup Outline VPN at Home and Save the Cloud Hosting Costs

A while ago I had OpenVPN setup, but it was quite a bit of work.  Then I upgraded something and it broke, and I never got around to fixing it.  So setting up VPN access to my home network has been on my to do list for a while.  Then I noticed the release of Jigsaw's (Alphabet/Google) Outline VPN, and figured I'd give it a try.

Setting up Outline VPN took a lot longer than it should have because I didn't find a really good resource for installing it at home.  Everything I found left out some of the key details I was interested in.  Specifically, I wanted to know a bit about what's going on, and wanted to minimize the number of ports I have open and/or forwarded on my home router.  

First, I have Ubuntu 16.04, so the steps will be best described for that OS.  However, it shouldn't be that difficult to translate them to a different OS.
  1. Verify you have an externally accessible IP address.  
    1. Log into the router or cable modem your ISP provided
    2. Check the setup or status page
    3. There will be a WAN IP address.  If it's not within one of the following sets, private IP addresses, then you're good to go ( -, -, -
  2. Install Docker - Follow the link for the complete steps, or try the following:
    1. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
    2. sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
    3. sudo apt-get update
    4. sudo apt-get install -y docker-ce
  3. The following steps generally following Outline VPN standard installation steps
  4. Download the install script and save it locally
    1. sudo wget https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh > install_server.sh
  5. Set the port used by Outline Manager, by editing install_server.sh.  Then either update get_random_port to return a number between 1024 and 65535, or update the script at around line 99 to use the specific port number instead of calling get_random_port (which returns a random port)
    1. ex. Replace 'echo $num;' with 'echo 65333;'
  6. Update your router and/or firewall to forward the specific port to the computer that you're installing Outline on.
  7. Install Outline VPN, execute (-x is optional, and is for debugging purposes).  Take note of the apiUrl and certSha256 output at the end of the command assuming it's successful.
    1. cat install_server.sh | sudo bash -x
  8. Assuming the manager port is not blocked, the install will complete.
  9. Download Outline Manager from the following site
    1. https://getoutline.org/en/home
  10. Run Outline Manager and select the bottom option
  11. Enter the apiUrl and certSha256 from step 7 in the Outline Manager and click OK
  12. So that you can track usage, in the connected Outline Manager, add a key and give it a useful name.
  13. Click SHARE and copy the generated URL using the device you want to connect to your VPN
  14. The URL will look something like the following.  Again go to your firewall and/or router and forward the <PORT NUMBER> to the computer that you're installing Outline on.
    1. https://s3.amazonaws.com/outline-vpn/index.html#/invite/ss%3A%2F%2abcdefg...%3D%40<IP ADDRESS>%3A<PORT NUMBER>%2F%3Foutline%3D1
  15. Go to the URL from step 13.  You will be directed to install the Outline application, and add the server.
  16. You're done.  To test, click CONNECT and try to access something from your home network.

I use mine for my nightly backups of pictures and videos I've taken on my phone to my NextCloud installation that I don't want publicly accessible.

If you run into problems during the install, stopping and removing all the related docker images will be useful:

  • sudo docker stop shadowbox;sudo docker rm shadowbox;sudo docker stop watchtower;sudo docker rm watchtower

Useful links:

No comments: