How to Set Up a Streisand Gateway
Updated by Linode Written by Jared Kobos
Why Use a VPN
Setting up a personal Virtual Private Network (VPN) server is a great way to avoid internet censorship, surveillance, or geolocation. Using your own server allows you to choose any protocol you want, and to have full control over the security and privacy of your connection.
However, the configuration process is time-consuming, especially for those with little experience working with remote servers. For example, Linode’s guide on setting up a hardened OpenVPN server and client is a three part series.
Streisand attempts to simplify this process and offer painless, high-quality security. The Streisand script creates a Linode and automatically configures OpenVPN, Shadowsocks, OpenConnect, L2TP/IPSec, Wireguard, a Tor bridge, and SSH. Once the server is set up, users can connect to a gateway containing detailed, personalized instructions for connecting to each of these services.
Before You Begin
Streisand uses open-source platform Ansible to automate much of the process that creates and configures a Linode. This means, unlike normal VPN setup, you should not create a Linode before beginning this guide, or go through the usual steps of connecting to and securing your server. All of the commands will be run from your local machine. You will, however, need the API key from your Linode account.
Create an API Token
Log in to the Cloud Manager.
Click on your username at the top of the screen and select My Profile.
Select the API Tokens tab:
Click on Add a Personal Access Token and choose the access rights you want users authenticated with the new token to have.
NoteSelect Read/Write access when setting up a Streisand gateway because you will be creating a new Streisand Linode server.
When you have finished, click Submit to generate an API token string. Copy the token and save it in a secure location. You will not be able to view the token through the Cloud Manager after closing the popup.
Install Ansible and its Dependencies
NoteAs of this writing, it is not possible to run Streisand on a Windows computer. If you do not have access to a Mac or Linux machine, you can connect to an existing Linode and complete the steps in this guide from your remote server. This will create an additional Linode.
Open a terminal window on your local machine. Check to see if you have any ssh keys:
If no key is present, create one with
ssh-keygen -t rsa -b 4096
Make sure Python 2.7 is installed on your machine:
If Python is not installed, or is Version 3, you will need to install 2.7.
git. If you are using Linux, use the default package manager for your distro. For example, on Ubuntu:
sudo apt-get install git
On macOS, simply typing
gitat the command line will prompt XCode to install
gitif it is not already present.
pip, a package manager for Python.
On Debian or Ubuntu:
sudo apt-get install python-pip
sudo yum install python-pip
sudo python2.7 -m ensurepip
Install and Run Streisand
You are now ready to run Streisand.
Clone the repository from Github:
git clone https://github.com/StreisandEffect/streisand.git && cd streisand
Run the installer for Ansible and its dependencies. The installer will detect missing packages, and print the commands needed to install them. (Ignore the Python 2.7 DEPRECATION warning; ignore the warning from python-novaclient that pbr 5.1.3 is incompatible.)
Activate the Ansible packages that were installed.
When prompted, choose Linode as your hosting provider. Choose a location for your gateway, then enter the API key you created earlier.
NoteChoosing a server location near your home will help to reduce latency. However, if you intend to use your VPN to evade geolocation or avoid local internet restrictions, consider choosing a location in an appropriate country.
Streisand will now execute a series of Ansible rules to create and configure a new Linode. This process can take a long time. (The Streisand docs say about ten minutes, but in some cases it can be longer). You may be prompted for confirmation or to provide additional information during the process.
CautionStreisand will create a new Linode under your account early in the configuration process. If the script fails for any reason, or if you cancel it, check the Linode Manager and remove the new Linode if necessary.
NoteYou should not receive any errors during the install. If you receive an error related to
Alert_cpu_threshold must be between 0 and 2000, visit this link to address the issue.
Connect to Your Streisand Gateway
You now have a Linode with multiple VPNs and protocols fully configured for use; the next step is to connect to it. Streisand should automatically open the
streisand.html file that was generated during the configuration process. If not, you can find the file in
streisand/generated-docs/streisand.html and open it in any browser.
Click on “Download Certificate” to download an SSL certificate so that you can verify the secure connection to your new gateway. The
streisand.htmlfile includes instructions on how to mark the certificate as trusted on different systems and devices.
There are two possible ways to connect to your gateway, but for most users the easiest way will be through SSL. Scroll down to “Connecting to your Streisand Gateway” in
streisand.htmland copy the
https://address into your web browser. Enter the provided username and password when prompted.
You are now connected to your gateway. From here, you can choose from any of the eight pre-configured connection options, then use the provided links to download an appropriate client. Each connection option has detailed instructions on how to connect your client devices.
These instructions are personalized to your gateway, and so contain the exact IP addresses, passwords, and other information you will need. Where possible, links are provided to download pre-made configuration files to make the setup process even easier. This also makes it simple to share connection information, so that you can easily share your new VPN with family and friends.
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
Join our Community
This guide is published under a CC BY-ND 4.0 license.