This repository has been archived by the owner on Jun 4, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2k
/
instructions.md.j2
237 lines (178 loc) · 12.4 KB
/
instructions.md.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
L2TP/IPsec
----------
L2TP/IPsec is a great first choice. It is natively supported by Android, iOS, macOS, and Windows. There is no additional software to install. Setup should only take a few minutes.
If the connection appears to time out, first check to make sure the passwords were entered correctly. If you still can't connect then it's possible that your country or ISP is blocking the L2TP/IPsec protocol and one of the other services described in the [README](/index.html) may work better for you.
---
* Platforms
* [Windows](#windows)
* [macOS](#macOS)
* [Linux](#linux)
* [Android](#android)
* [iOS](#ios)
* [Chromebook](#chromebook)
<a name="windows"></a>
### Windows ###
These instructions assume Windows 7 or later.
In order to proceed, you'll need to use Windows PowerShell ISE as an Administrator. To start:
1. Look in the *Start* menu, and navigate to or search for *Windows PowerShell*, but don't click it yet.
1. Right-click on *PowerShell ISE*, and choose "Run as administrator"
#### Windows L2TP and NAT ####
If you are connecting from behind a NAT device (such most home routers), you need to add a setting to tell Windows to expect the NAT. You only need to do this once.
Start PowerShell ISE as an Administrator. In the ISE command window, paste the following code, and press *Enter*.
```
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent -Name AssumeUDPEncapsulationContextOnSendRule -Value 2 -Type DWord
```
The setting will take effect after a reboot. Reboot.
#### Registering the VPN ####
You can [configure the VPN manually](#winmanual). If you're using Windows 7, this is required.
If you're using Windows 8 or later, you can set up the VPN using a PowerShell ISE command.
#### Registering the VPN using PowerShell
Open *PowerShell ISE* as an Administrator, and paste this block into the command window:
```
Add-VpnConnection -Name {{ streisand_server_name }} -ServerAddress {{ streisand_ipv4_address }} -AuthenticationMethod Chap -EncryptionLevel Optional -TunnelType L2tp -Force -RememberCredential -L2tpPsk {{ ipsec_preshared_key.stdout }}
```
Windows will print a warning about EAP/MS-CHAPv2. Ignore it.
You also need to log in to the L2TP server. On Windows 10, click on the network icon in the task bar. You should see `Connect to {{ streisand_server_name }}`. Click on it, and enter:
Username: `streisand`
Password: `{{ chap_password.stdout }}`
You should not be prompted for the username/password again. Skip down to [Checking your connection](#wincheck).
<a name="winmanual"></a>
### Manual VPN configuration ###
If you don't want to use PowerShell, you can configure the VPN by hand. These instructions are primarily intended for people using Microsoft operating systems before Windows 10, or for troubleshooting.
1. Click on the Start Menu and go to the Control Panel.
1. Go to the *Network and Internet* section.
1. Click *View network status and tasks*.
1. Click *Set up a new connection or network*.
1. Select *Connect to a workplace* and click *Next*.
1. Click *Use my Internet connection (VPN)*.
1. Enter `{{ streisand_ipv4_address }}` in the *Internet address* field.
1. Enter `{{ streisand_server_name }}` in the *Destination name* field.
1. Check the *Don't connect now; just set it up so I can connect later* checkbox.
1. Click *Next*.
1. Enter `streisand` in the *User name* field.
1. Enter `{{ chap_password.stdout }}` in the *Password* field.
1. Check the *Remember this password* checkbox.
1. Click *Connect*, then click the *Close* button.
1. Return to the Control Panel's *Network and Internet* section and click on the *Connect to a network* option.
1. Right-click on the new *{{ streisand_server_name }}* connection and choose *Properties*.
1. Click the *Options* tab and uncheck *Include Windows logon domain*.
1. Click the *Security* tab and select *Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)* from the *Type of VPN* drop-down menu.
1. Click the *Advanced settings* button.
1. Select *Use preshared key for authentication* and enter `{{ ipsec_preshared_key.stdout }}` for the *Key*.
1. Click *OK* to close the *Advanced settings*.
1. Click *OK* to save the VPN connection details.
1. To connect to the VPN, simply right-click on the wireless/network icon in your system tray, select *{{ streisand_server_name }}*, and click *Connect*.
If you're using Windows 10, you can configure the VPN by hand using the following instructions.
1. Click on the Start Menu and open *Settings* by typing "Settings".
1. Click on *Network & Internet*.
1. Click on *VPN*.
1. Click on *Add a VPN connection*.
1. Select *Windows (built-in)* for the *VPN provider* field.
1. Enter `{{ streisand_server_name }}` in the *Connection name* field.
1. Enter `{{ streisand_ipv4_address }}` in the *Server name or address* field.
1. Select *L2TP/IPsec with pre-shared key* for the *VPN type* field.
1. Enter `{{ ipsec_preshared_key.stdout }}` for the *Pre-shared key*.
1. Select *User name and password* for the *Type of sign-in info* field.
1. Enter `streisand` in the *User name* field.
1. Enter `{{ chap_password.stdout }}` in the *Password* field.
1. Check the *Remember my sign-in info* box.
1. Click *Save*.
1. Click *Connect*.
<a name="wincheck"></a>
#### Checking your connection ####
You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*.
<a name="macOS"></a>
### macOS ###
There are two ways to configure the macOS L2TP VPN to connect to this Streisand server. The easier is to install an macOS *profile* containing the VPN definition. You can also set up the VPN [manually](#macOS_manual).
To install via profile, click here:
[__`streisand.mobileconfig`__](streisand.mobileconfig)
If the file is downloaded successfully, macOS will ask if you want to install it. Click *Continue* to do so. Once installed, you can [activate the VPN](#macOS_connect).
Your installed profiles are managed in the System Preferences "Profiles" pane. Streisand's profiles may be removed at any time.
Please note that profiles are very powerful, and you should be careful installing unknown profiles. macOS will display which features would be configured by a profile before you install it. In Streisand's case, the only feature will be "VPN Service".
<a name="macOS_manual"></a>
If you'd prefer to set it up manually:
1. Open *System Preferences* and go to the *Network* section.
1. Click the *+* button in the lower-left corner of the window.
1. Select *VPN* from the *Interface* drop-down menu.
1. Select *L2TP over IPSec* from the *VPN Type* drop-down menu.
1. Enter `{{ streisand_server_name }}` for the *Service Name*.
1. Click *Create*.
1. Enter `{{ streisand_ipv4_address }}` for the *Server Address*.
1. Enter `streisand` for the *Account Name*.
1. Click the *Authentication Settings* button.
1. In the *User Authentication* section, select the *Password* radio button and enter `{{ chap_password.stdout }}` as its value.
1. In the *Machine Authentication* section, select the *Shared Secret* radio button and enter `{{ ipsec_preshared_key.stdout }}` as its value.
1. Click *OK*.
1. Check the *Show VPN status in menu bar* checkbox.
1. Click the *Advanced* button and make sure the *Send all traffic over VPN connection* checkbox is selected.
1. Click the *TCP/IP* tab, and make sure *Link-local only* is selected in the *Configure IPv6* section.
1. Click *OK* to close the Advanced settings, and then click *Apply* to save the VPN connection information.
<a name="macOS_connect"></a>
#### Connecting on macOS ####
To activate the VPN:
* Use the VPN icon in the menu bar, or
* Open *Network* in *System Preferences*. Click on the Streisand entry in the list of connections. There's a *Connect* button there.
You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*.
<a name="linux"></a>
### Linux ###
L2TP/IPsec connections are not supported out-of-the-box on most Linux distributions without requiring the installation of additional software. This nullifies one of the biggest appeals of L2TP/IPsec (i.e. its native client-side support). It is recommended to use another connection method like OpenVPN instead, but if you would like to configure L2TP/IPsec on your Linux desktop, here are the settings you will need:
Server Address: {{ streisand_ipv4_address }}
IPsec pre-shared key: {{ ipsec_preshared_key.stdout }}
CHAP user: streisand
CHAP pass: {{ chap_password.stdout }}
<a name="android"></a>
### Android ###
1. Launch the *Settings* application.
1. Tap *More...* in the *Wireless & Networks* section.
1. Tap *VPN*.
1. Tap the *+* icon in the top-right of the screen.
1. Enter `{{ streisand_server_name }}` in the *Name* field.
1. Select *L2TP/IPSec PSK* in the *Type* drop-down menu.
1. Enter `{{ streisand_ipv4_address }}` in the *Server address* field.
1. Enter `{{ ipsec_preshared_key.stdout }}` in the *IPSec pre-shared key* field.
1. Tap *Save*.
1. Tap the *{{ streisand_server_name }}* connection.
1. Enter `streisand` in the *Username* field.
1. Enter `{{ chap_password.stdout }}` in the *Password* field.
1. Check the *Save account information* checkbox.
1. Tap *Connect*.
1. Once connected, you will see a VPN icon in the notification bar. You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*.
<a name="ios"></a>
### iOS ###
There are two ways to configure the iOS L2TP VPN to connect to this Streisand server. The easier is to install an iOS *profile* containing the VPN definition. You can also set up the VPN [manually](#ios_manual).
To install via profile, view this page using Mobile Safari and tap here:
[__`streisand.mobileconfig`__](streisand.mobileconfig)
If the file is downloaded successfully, iOS will will ask if you want to install the profile. Click *Install*. iOS will prompt for your PIN to confirm it's you installing a profile. iOS will then (correctly) warn you that a VPN server like Streisand could monitor your network traffic. If this is acceptable to you, click *Install* again. Once installed you can [activate the VPN](#ios_connect).
Your installed profiles are managed in iOS *Settings*. Near the bottom of the *General* settings, there is a *Profiles* sub-menu listing all your installed profiles. Streisand's profiles may be removed at any time.
Please note that profiles are very powerful, and you should be careful installing unknown profiles. iOS will display which features would be configured by a profile before you install it. In Streisand's case, the only feature will be "VPN Service".
<a name="ios_manual"></a>
If you'd prefer to set it up manually:
1. Go to Settings -> General -> VPN.
1. Tap *Add VPN Configuration...*.
1. Tap *Type*.
1. Select *L2TP* and go back.
1. Tap *Description* and enter `{{ streisand_server_name }}`.
1. Tap *Server* and enter `{{ streisand_ipv4_address }}`.
1. Tap *Account* and enter `streisand`.
1. Tap *Password* and enter `{{ chap_password.stdout }}`.
1. Tap *Secret* and enter `{{ ipsec_preshared_key.stdout }}`.
1. Tap *Done*.
<a name="ios_connect"></a>
#### Connecting on iOS ####
To activate the VPN:
1. Go to *Settings* -> *General* -> *VPN*.
1. Slide the *VPN* switch on.
1. Once connected, you will see a VPN icon in the status bar. You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*.
<a name="chromebook"></a>
### Chromebook ###
1. Go to *Settings*.
1. Under *Internet Connection* click *Add connection*.
1. Select *Add private network...*.
1. Enter `{{ streisand_ipv4_address }}` for the *Server hostname*.
1. Enter `{{ streisand_server_name }}` for the *Service name*.
1. Make sure *Provider type* is *L2TP/IPSec + pre-shared key*.
1. Enter `{{ ipsec_preshared_key.stdout }}` for the *Pre-shared key*.
1. Enter `streisand` for the *Username*.
1. Enter `{{ chap_password.stdout }}` for the *Password*.
1. Click *Connect*.
1. Once connected, you will see a VPN icon overlay on the network status icon. You can verify that your traffic is being routed properly by [looking up your IP address on DuckDuckGo]({{ streisand_my_ip_url }}). It should say *Your public IP address is {{ streisand_ipv4_address }}*.