balki/diyvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
10ba3fb6647adfe24e3e23f17f544926a52dcfd4
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Simple DIY VPN

Tool to setup SOCKS proxy using ssh dynamic forward to your own server. Technically this is it not a VPN but practically achives the same thing for the most common use-case - browse websites without revealing your ip address

Features

  • Starts automatically on demand and shuts down automatically when not used (Using systemd socket activation)
  • Works on any VPS or home server with just ssh suppport. Distro/architecture/size does not matter. Only working ssh support required. No other software setup required on the server
  • Easy to setup multiple different VPNs to different servers. No need to change whole system network settings.
  • Simple interactive cli utility to setup. No need to create/edit config files
  • Simple bash script with no dependencies - (ssh and systemd are usually preinstalled)
  • Once setup with browser extension, easy to use for non-technical users - Just right-click and choose a container

Requirements

  • Linux system with Systemd and ssh client
  • Server with ssh support. ssh keys setup for passwordless login
  • Browser or any app with SOCKS proxy support. Librewolf with Container Proxy extension allows to setup different VPN for each container

Installation

  • Archlinux AUR
  • Manual install: (run as root)
make install

Usage

 diyvpnctl add
Server name [e.g. vps1] [required] : homets
Listen address [e.g. 127.0.0.1:9090] [required] : 127.0.0.1:8071
Idle Timeout [e.g. 5min] [5min] :
Remote server Ip [e.g. 1.2.3.4] [required] : 100.64.0.2
Remote server ssh port [e.g. 2222] [22] :
Remote server username [e.g. dave] [required] : balki
SSH private key [e.g. ~/.ssh/id_ed25519] [required] : ~/.ssh/id_ed25519
Diyvpn config for homets added. Edit below configs for further changes
==> /home/balki/.config/diyvpn/servers/homets/config.rc <==
LISTEN_ADDRESS=127.0.0.1:8071
IDLE_TIMEOUT=5min

==> /home/balki/.config/diyvpn/servers/homets/ssh_config <==
Hostname 100.64.0.2
Port 22
User balki
IdentityFile ~/.ssh/id_ed25519

# vim: set filetype=sshconfig:

 diyvpnctl list
config path: /home/balki/.config/diyvpn/servers

Server               ListenAddress
can1                 127.0.0.1:8072
homets               127.0.0.1:8071
us1                  127.0.0.1:8070

Internals

This sets up a systemd user-generator. The generator creates three units

  1. A systemd-socket that listens on the configured listen address.
  2. A socket activator unit that is triggered when someone connects to the socket. This uses systemd-socket-proxyd to forward the request to the ssh service and also setup idle timeout.
  3. The ssh service unit creates the ssh connection and setups dynamic forward.

Future Ideas

  • Automatically fire up a VPS instance in a cloud provider on demand. Since most VPS are charged pre hour, for those using rarely, don't have to pay for entire month. A new VPS every time improves privacy.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MPL-2.0 49 KiB
Languages
Shell 86%
Makefile 14%