balki/diyvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
10ba3fb6647adfe24e3e23f17f544926a52dcfd4
diyvpn/README.md

94 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Simple DIY VPN
Tool to setup SOCKS proxy using ssh dynamic forward to your own server.
Technically this is it not a VPN but practically achives the same thing for the
most common use-case - browse websites without revealing your ip address
## Features
* Starts automatically on demand and shuts down automatically when not used
(Using systemd socket activation)
* Works on any VPS or home server with just ssh suppport.
Distro/architecture/size does not matter. Only working ssh support required.
No other software setup required on the server
* Easy to setup multiple different VPNs to different servers. No need to change
whole system network settings.
* Simple interactive cli utility to setup. No need to create/edit config files
* Simple bash script with no dependencies - (ssh and systemd are usually
preinstalled)
* Once setup with browser extension, easy to use for non-technical users - Just
right-click and choose a container
## Requirements
* Linux system with Systemd and ssh client
* Server with ssh support. [ssh keys][3] setup for passwordless login
* Browser or any app with SOCKS proxy support. [Librewolf][2] with [Container
Proxy][1] extension allows to setup different VPN for each container
## Installation
* Archlinux [AUR][0]
* Manual install: (run as root)
```
make install
```
## Usage
```
diyvpnctl add
Server name [e.g. vps1] [required] : homets
Listen address [e.g. 127.0.0.1:9090] [required] : 127.0.0.1:8071
Idle Timeout [e.g. 5min] [5min] :
Remote server Ip [e.g. 1.2.3.4] [required] : 100.64.0.2
Remote server ssh port [e.g. 2222] [22] :
Remote server username [e.g. dave] [required] : balki
SSH private key [e.g. ~/.ssh/id_ed25519] [required] : ~/.ssh/id_ed25519
Diyvpn config for homets added. Edit below configs for further changes
==> /home/balki/.config/diyvpn/servers/homets/config.rc <==
LISTEN_ADDRESS=127.0.0.1:8071
IDLE_TIMEOUT=5min
==> /home/balki/.config/diyvpn/servers/homets/ssh_config <==
Hostname 100.64.0.2
Port 22
User balki
IdentityFile ~/.ssh/id_ed25519
# vim: set filetype=sshconfig:
diyvpnctl list
config path: /home/balki/.config/diyvpn/servers
Server ListenAddress
can1 127.0.0.1:8072
homets 127.0.0.1:8071
us1 127.0.0.1:8070
```
## Internals
This sets up a systemd [user-generator][4]. The generator creates three units
1. A [systemd-socket][5] that listens on the configured listen address.
2. A socket activator unit that is triggered when someone connects to the
socket. This uses [systemd-socket-proxyd][6] to forward the request to the
ssh service and also setup idle timeout.
3. The ssh service unit creates the ssh connection and setups dynamic forward.
## Future Ideas
* Automatically fire up a VPS instance in a cloud provider on demand. Since
most VPS are charged pre hour, for those using rarely, don't have to pay for
entire month. A new VPS every time improves privacy.
[0]: https://aur.archlinux.org/packages/diyvpn-git
[1]: https://github.com/bekh6ex/firefox-container-proxy
[2]: https://librewolf.net/
[3]: https://wiki.archlinux.org/index.php?title=SSH_keys#Copying_the_public_key_to_the_remote_server
[4]: https://man.archlinux.org/man/systemd.generator.7
[5]: https://man.archlinux.org/man/systemd.socket.5.en
[6]: https://man.archlinux.org/man/core/systemd/systemd-socket-proxyd.8.en
Reference in New Issue View Git Blame Copy Permalink