Outline VPN: Setup Guide
Today I will be looking at Outline VPN: one of the simplest VPN solutions yet, straight from the Google family!
Created by Jigsaw, a younger sibling of Google under parent company Alphabet, Outline VPN targets non-technical professionals that deal with sensitive information, such as Journalists and Politicians - users who have every reason to keep their web traffic as secured as possible! With Outline, Jigsaw has developed an incredibly streamlined and accessible free service that definitely does make it as straightforward as possible to secure your web traffic.
It is worth noting that Outline is not a traditional VPN solution, and you would be wise to have a good understanding of how it differs from a more common OpenVPN or IPSEC VPN. For a tried and true remote access VPN, I would not hesitate to defer to Kyle Manna's popular OpenVPN Docker build.
Outline is based on the open-source Shadowsocks socks5 proxy protocol in the backend, and does not in fact establish a secured tunnel for all device traffic. Web traffic should be proxied securely via the Shadowsocks server, however system processes will most likely not be. There certainly are security concerns with tunnelling all device traffic to a single host in any case, but just understand that Outline as a HTTP proxy service is not a true VPN.
Depending on your use case this may still fit your requirements, but I would highly recommend maintaining access to more secure VPN services when travelling abroad or using untrusted networks.
Install Docker
Now, because Outline relies on Docker containerisation for the backend Shadowbox and Watchtower services to build the proxy server, you will first need to ensure you have a working Docker installation. The below one-liner will pull the latest Docker build and install directly (not that I would generally recommend curling directly to Bash from unverified sources):
sudo curl -sS https://get.docker.com/ | bash
Install Outline VPN Server
Now Jigsaw have made the install of the Outline VPN server extremely straightforward. To install, simply run the below:
sudo wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh | bash
You should see an output similar to the following. The snippet of JSON we see will be needed to initialise and manage the server. Copy this and store somewhere secure:
Verifying that Docker is installed .......... OK
Verifying that Docker daemon is running ..... OK
Creating persistent state dir ............... OK
Generating secret key ....................... OK
Generating TLS certificate .................. OK
Generating SHA-256 certificate fingerprint .. OK
Starting Shadowbox .......................... OK
Starting Watchtower ......................... OK
Waiting for Outline server to be healthy .... OK
Creating first user ......................... OK
Adding API URL to config .................... OK
Checking host firewall ...................... OK
CONGRATULATIONS! Your Outline server is up and running.
To manage your Outline server, please copy the following line (including curlybrackets) into Step 2 of the Outline Manager interface:
{"apiUrl":"https://123.456.789.0:20534/abcdefghijklmnop","certSha256":"abcdefghijklmnopqrstuvwxyz"}
Install Outline VPN Manager
Now the server is installed, you will want to run the Outline Manager to set up some user keys. Amazingly, you are free to manage your VPN server from any host! Jigsaw are officially supporting their Outline Manager application on Windows, OSX and Linux!
Head over to GetOutline.org and install the Outline Manager. You will need to make the .AppImage executable in order to run:
Now the GUI is extremely straightforward, and pretty good-looking too! You will want to select the "Set up Outline anywhere" server option, unless you are hosting on one of the suggested vendors.
Now here you will need the JSON token that we saved earlier, at the setup stage. Paste this is, as per instruction:
Voila! You now have a fully functioning VPN server! Make sure to turn off the settings option for reporting anonymous data, and then you are good to go setting up user keys:
Transfer your pre-shared keys securely to the intended users to set up VPN clients. The Outline VPN Client application is supported on Windows, OSX, iOS and Android. For Linux, you can use Shadowsocks directly to connect to the VPN server.
And that's all there is to it. I am personally very impressed with Outline, and will continue using alongside my go-to IPSEC and OpenVPN when I need a simple proxy.
Do you use a VPN? What are your thoughts on Outline? Let me know in the comments!
Thanks for reading.