search

StreisandEffect / discussions

30 stars 3 forks source link

Customizing Streisand help: Wireguard on existing server #59

Closed cpu closed 7 years ago

cpu commented 7 years ago

Asked by @CMobley7:

@cpu,

Thank you for all your hard work in incorporating modularity into Streisand. It's a great feature. I was actually hoping to set up the base system, as well as a WireGuard VPN on a computer that I've installed Ubuntu Server 16.04 on. If possible, would you mind providing the basic steps to do accomplish this?

Thank again, CMobley7

cpu commented 7 years ago

Hi @CMobley7,

I was actually hoping to set up the base system, as well as a WireGuard VPN on a computer that I've installed Ubuntu Server 16.04.

Sounds good. That's certainly doable :-) One note: Using an existing 16.04 server is possible but "advanced" - You might run into problems if the existing server is LXC virtualized, or has a strange kernel, or lots of other reasons. For folks new to Streisand I always recommend using one of the built-in cloud providers so Streisand can create a new server for you that will meet the requirements we have without extra work on your part.

Assuming you want to use an existing server anyway there are three steps:

  1. Making sure you can SSH to the existing server correctly (We'll call this server the "streisand server")
  2. Setting up Streisand on your local computer/laptop (We call this the "builder machine")
  3. Running Streisand and customizing the running services

SSH Setup

First, you'll want to make sure you can access your Ubuntu 16.04 streisand server with SSH key authentication. E.g, you need to be able to run ssh root@xx.xx.xx.xx (replace xx's with the streisand server IP) and not be prompted for a password.

If you aren't comfortable setting this up I recommend that you let Streisand set up your server for you with one of the supported cloud providers (GCE, AWS, Digital Ocean, Linode, Azure, Rackspace) instead of using an existing server. Alternatively if you want to learn to do it yourself this Ubuntu Server guide may also help (remember to do it for the root user).

Once you can run ssh root@xx.xx.xx.xx successfully and not be prompted for a password you're ready to move on.

Setup Streisand

This is largely just a matter of following the setup instructions from the README on your builder machine. Perhaps you've already done this setup, if so - great!

If you need more help with this part I'll need to know more about what your builder machine OS is.

Running Streisand

When you run ./streisand on your builder machine you'll see a screen like this:

  S T R E I S A N D  

Which provider are you using?
  1. Amazon
  2. Azure
  3. DigitalOcean
  4. Google
  5. Linode
  6. Rackspace
  7. Localhost (Advanced)
  8. Existing Server (Advanced)
:

You will want to choose option 8 for an existing server.

Next it will ask:

What is the IP of the existing server:

And you need to enter the IP address of your Streisand server (The one you tested SSHing to).

You'll next be asked to confirm that you know the server will have its configuration overwritten and new software installed:

THIS WILL OVERWRITE CONFIGURATION ON THE EXISTING SERVER.
STREISAND ASSUMES 8.8.8.8 IS A BRAND NEW UBUNTU INSTANCE AND WILL
NOT PRESERVE EXISTING CONFIGURATION OR DATA.

ARE YOU 100% SURE THAT YOU WISH TO CONTINUE?

Please **enter the word 'streisand'** to continue:

Once you enter "streisand" to continue the next question will be about customizing Streisand:

Do you wish to customize which services Streisand will install?
By default Streisand will use the settings configured in /home/daniel/.streisand/site.yml

Please enter the word 'yes' to customize or hit enter to continue:

You want to enter 'yes' so that you can turn off everything but WireGuard.

After entering "yes" you'll be given a series of questions. You can leave the first two default by just hitting enter:

Confirmed. Customizing Streisand services.

 [WARNING]: Found both group and host with same name: localhost

Enter the path to your SSH private key, or press enter for default  [~/.ssh/id_rsa]: 
How many VPN client profiles should be generated per-service? Press enter for default  [5]:

The next series of questions you'll want to answer no for everything except the very last WireGuard question:

Enter the path to your SSH private key, or press enter for default  [~/.ssh/id_rsa]: 
How many VPN client profiles should be generated per-service? Press enter for default  [5]: 
Enable L2TP/IPSec? Press enter for default  [yes]: no
Enable OpenConnect? Press enter for default  [yes]: no
Enable OpenVPN? Press enter for default  [yes]: no
Enable Shadowsocks? Press enter for default  [yes]: no
Enable SSH Forward User? (Note: A SOCKS proxy only user will be added, no shell). Press enter for default  [yes]: no
Enable sshuttle? (Note: A full shell access user will be added) Press enter for default  [no]: no
Enable stunnel? Press enter for default  [yes]: no
Enable tinyproxy? Press enter for default  [yes]: no
Enable Tor? Press enter for default  [yes]: no
Enable WireGuard? Press enter for default  [yes]: yes

That's it! The Streisand provisioning process will now start. If you run into any errors please share them here and I can help debug further.

Good luck! Happy WireGuarding :-)

cpu commented 7 years ago

Closing since the question is answered and there hasn't been any follow-up.