How to create my own Outline VPN server on Microsoft Azure - emohandesi/vpn GitHub Wiki

This wiki shows how you can create an Outline VPN server using a Microsoft Azure account. Some companies give their employees a $150 monthly credit through Microsoft Azure so that their employees get familiar with the new technologies introduced by Azure and enhance their knowledge. Microsoft Azure is among the highest quality cloud technologies including the VPN servers built on its servers. They hardly get detected by the Iranian authorities and your friends and family will thank you big time if you make VPN servers on Azure for them.

Please be patient as there are many steps involved and if you are doing it for the first time, it might take 20 minutes or more to do all the steps.

  1. Go to portal.azure.com and log in using your personal email account if you are a Microsoft employee. If you work for other companies, you might need to use your work email account. Click on the bell icon in the top ribbon on the webpage to make sure you have $150/mo credit. image

  2. Create a resource. image

  3. Type Ubuntu in the search box and press enter. image

  4. Pick one of the latest Ubuntu Minimal releases. Non-minimal servers might need some changes before you can install Outline on them. image

  5. Pick the appropriate subscription. You can view your subscription by clicking on the bell button on the upper ribbon of the webpage. image

  6. Create a resource group. image

  7. Type in a machine name and select a region. image

  8. Select see all sizes.

image

  1. Sort them by Cost/Month. image

  2. Select B1s. You do not need a fancy machine to run a VPN server. A VPN server uses virtually no CPU or RAM resources. CPU and RAM usage are usually minimal in a VPN machine. I recommend at least 1 GB of RAM in Azure. Pretty much every where else you can set up a server in a 0.5 GB RAM server, but not in Azure! :( image

  3. Select Password for authentication type and type a username/password. Alternatively, you can select SSH public key if you have a public key or you want to create one. It is way more convenient, by the way. image

  4. Click on the Management tab.

  5. Disable Auto-shutdown. image

  6. Go to the Review + create tab and click on Create button. image

  7. Wait a few minutes for the instance to be deployed. While it is being deployed, follow these steps.

  8. Go to https://getoutline.org/get-started/#step-1 and download Outline Manager for the platform you use.

  9. Install Outline on your machine.

  10. Return to the Azure Portal tab and Click on Go to Resource. image

  11. Copy the public IP of your machine. image

  12. Open cmd and SSH to your machine. Please note that the IP address of your server is different. Here we have used the IP address shown in the image above.

ssh [email protected]
The authenticity of host '20.174.160.112 (20.174.160.112)' can't be established.
ECDSA key fingerprint is SHA256:tPu+U/hrV/b0h64O9cxosgVE857M11fde4XNiHO4eFU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '20.174.160.112' (ECDSA) to the list of known hosts.
[[email protected]](mailto:[email protected])'s password:
Welcome to Ubuntu 23.10 (GNU/Linux 6.5.0-1016-azure x86_64)
 
 * Documentation:  [https://help.ubuntu.com](https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fhelp.ubuntu.com__%3B!!JmPEgBY0HMszNaDT!sg_vbksbptMosNFFpkFbZ_R2euQEJlobHpWIPrtQEqhSmZ__fFSTOnMzO8C_jaR5aPohKQkBZbDDE2sHB6ja1MjrKbaKgQ%24&data=05%7C02%7Cehsan.mohandesi%40wsu.edu%7Ca99fbc1c12ed4936185108dc413d122e%7Cb52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638456977816970370%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gyxltQnLu4nxcAIqEIfp0pSivW6n28W%2F0HF%2Fk2Mrdi8%3D&reserved=0)
 * Management:     [https://landscape.canonical.com](https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flandscape.canonical.com__%3B!!JmPEgBY0HMszNaDT!sg_vbksbptMosNFFpkFbZ_R2euQEJlobHpWIPrtQEqhSmZ__fFSTOnMzO8C_jaR5aPohKQkBZbDDE2sHB6ja1Mi_Ow1Fdw%24&data=05%7C02%7Cehsan.mohandesi%40wsu.edu%7Ca99fbc1c12ed4936185108dc413d122e%7Cb52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638456977816976005%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=8r12%2BhByRIFl90yRasABgrwIp3JmPPnR16bqSnK15pY%3D&reserved=0)
 * Support:        [https://ubuntu.com/pro](https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fubuntu.com%2Fpro__%3B!!JmPEgBY0HMszNaDT!sg_vbksbptMosNFFpkFbZ_R2euQEJlobHpWIPrtQEqhSmZ__fFSTOnMzO8C_jaR5aPohKQkBZbDDE2sHB6ja1MgKMgLpSA%24&data=05%7C02%7Cehsan.mohandesi%40wsu.edu%7Ca99fbc1c12ed4936185108dc413d122e%7Cb52be471f7f147b4a8790c799bb53db5%7C0%7C0%7C638456977816980755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=TXmXmnNNGYj5pq%2FUjpKq9601dYndK1E33dc%2FDpprcoE%3D&reserved=0)
 
  System information as of Sat Mar  9 21:42:57 UTC 2024
 
  System load:  0.02              Processes:             106
  Usage of /:   5.1% of 28.02GB   Users logged in:       0
  Memory usage: 77%               IPv4 address for eth0: 10.0.0.4
  Swap usage:   0%
 
0 updates can be applied immediately.
 
 
 
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
 
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
 
azureuser@machine1:~$
  1. Run the following.
sudo apt update
Sudo apt install tmux
  1. Run tmux on the machine so that the output is kept there when you log off.
azureuser@machine1:~$ tmux

  1. Open Outline-Manger by typing outline in the Windows search box. Then, accept the terms of service.

  2. Click on Set up Outline anywhere. image

  3. Copy the installation script, paste it into the Linux terminal you already have open, and press enter to run it.

sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh)"
  1. Type y when it asks to install docker. The installation takes a few minutes. Please be patient.
  2. The following shows a sample output of an installed server.
azureuser@machine5:~$ sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh)"
> Verifying that Docker is installed .......... NOT INSTALLED
> Would you like to install Docker? This will run 'curl https://get.docker.com/ | sh'. [Y/n] y
> Installing Docker ........................... OK
> Verifying Docker installation ............... OK
> Verifying that Docker daemon is running ..... OK
> Setting PUBLIC_HOSTNAME to external IP ...... OK
> Creating persistent state dir ............... OK
> Generating secret key ....................... OK
> Generating TLS certificate .................. OK
> Generating SHA-256 certificate fingerprint .. OK
> Writing config .............................. OK
> Starting Shadowbox .......................... OK
> Starting Watchtower ......................... OK
> Waiting for Outline server to be healthy .... OK
> Creating first user ......................... OK
> Adding API URL to config .................... OK
> Checking host firewall ...................... BLOCKED
OK
 
CONGRATULATIONS! Your Outline server is up and running.
 
To manage your Outline server, please copy the following line (including curly
brackets) into Step 2 of the Outline Manager interface:
 
{"apiUrl":"https://20.83.146.130:39994/qcBVb0R5vHvZclq-MqHV2A","certSha256":"50B23D8B1522AB3FECCC7D1856167EA428B77FD49F255D88A7F23838425E479D"}
 
You won’t be able to access it externally, despite your server being correctly
set up, because there's a firewall (in this machine, your router or cloud
provider) that is preventing incoming connections to ports 39994 and 17867.
 
Make sure to open the following ports on your firewall, router or cloud provider:
- Management port 39994, for TCP
- Access key port 17867, for TCP and UDP
 
azureuser@machine5:~$

  1. The management port (39994 in the above example) and the HTTPS port 443, both need to be opened in your Azure resource group. Click on Network settings. image

  2. Click on Create port rule and then click on Inbound port rule. image

  3. Enter the management port number and 443 in the Destination port ranges box, type a name in the Name box as shown below, and click on the Add button. image

  4. Copy the management API URL and paste it in Outline as shown below and click the Done button. image

  5. Your server is now added to the Outline Manager. Click on the share button to get the outline access key. image

  6. Copy the access key and share it with your friends and relatives in Iran. They need to have the Outline Client app installed on their devices and import the key you give them to use your VPN server. image

⚠️ **GitHub.com Fallback** ⚠️