Overview

很多时候需要vpn(virtual private network)来保护网络privacy, 以及跨越一些restriction. 所以记录openvpn的安装过程及其对比,

1. 使用aws安装openvpn的主要流程
2. 列举安装后的openvpn与其他vpn之间的speedtest对比

How vpn works

利用encryption key在vpn-client与vpn-server之间加密/解密网络数据.

Only your computer and the VPN server know this key.

vpn diff, credits drsoft

Install openvpn on aws

这里采用aws的ec2作为server, 当然可以采用更轻量级的lightsail.

sign up aws account

这里需要用到真实信用卡, 并临时扣除$1. 否则虽然可以login, 但是有很多restrictions, e.g., 不能launch ec2.

aws account homepage

launch ec2 with openvpn AMI

1. choose openvpn AMI
2. choose suitable ec2 instance
3. create a new key pair (you can only download from the web once)

choose AMI

choose instance

create & download key pair

ps.

有需求的话, 这里可以使用shadowsocks来替换openvpn.

这次采用openvpn是因为aws free tier集成了它, 使得安装一键化.

当然如果是shadowsocks的话, 就是在linux下pip/wget来安装.

configure openvpn server using SSH

here ip1 is your Public IPv4 address, ip2 is your Private IPv4 address,

1. ssh to ec2 from local with root
   • ssh -i somepath/your-key-pair.pem root@ec2-ip1.amazonaws.com
   • if the pem are too open, then chmod 400 somepath/your-key-pair.pem to make it private
   • initial openvpn access server config
2. ssh to ec2 from local with openvpnas
   • ssh -i somepath/your-key-pair.pem openvpnas@ec2-ip1.amazonaws.com
3. setup password used by openvpn UI
   • sudo passwd openvpn
4. login openvpn web UI(optional)
   • type ip1 in chrome

ip1 and ip2 in aws web

openvpn web UI login

openvpn web UI

connect to openvpn server using its client

我的设备是mac和iPhone,

mac

import profile in mac

login

ios

import profile in ios

current usage check

two users surfing

aws free tier limit

如果经常使用刚搭建的vpn上传out/下载in YouTube, 那么流量会飞快消耗. 此时很可能需要额外支付超过每月15GB的流量

check ec2 network usage

Comparison

details

vpn	no vpn	openvpn	Hotspot Shield	VPN - Super Unlimited Proxy
snapshot

summary

comparison

可以看出,

1. normally多了一层vpn会慢一些(encrypt, etc.)
2. openvpn较快
3. hotspot shield较慢

Reference

1. setup a FREE VPN server in the cloud(AWS)
2. Amazon VPC是Amazon EC2的网络层
3. What is a VPN?

v2ray(2022-10-10)

compare to openvpn, v2ray seems more stable

Steps

准备一个vpc(lightsail/ec2/gce)

安装server(v2ray)

• 注意设置时区
  • sudo su
  • timedatectl set-timezone Asia/Shanghai
• generate userID
  • cat /proc/sys/kernel/random/uuid
• docker安装

# install docker
mkdir -p /home/ubuntu/wall/v2ray && cd /home/ubuntu/wall/v2ray
curl -fsSL https://get.docker.com -o get-docker.sh
sh ./get-docker.sh

# pull image
docker pull v2fly/v2fly-core:v4.45.2
docker pull v2fly/v2fly-core:v5.4.1

# conf
mkdir -p /etc/v2ray
cat >> /etc/v2ray/config.json << EOF
{
    "log": {
        "access": "/var/log/v2ray/access.log",
        "error": "/var/log/v2ray/error.log",
        "loglevel": "warning"
    },
    "inbound": {
        "port": 65423,
        "protocol": "vmess",
        "settings": {
            "clients": [
                {
                    "id": "xxx",
                    "level": 1,
                    "alterId": 100
                }
            ]
        }
    },
    "outbound": {
        "protocol": "freedom",
        "settings": {}
    },
    "inboundDetour": [],
    "outboundDetour": [
        {
            "protocol": "blackhole",
            "settings": {},
            "tag": "blocked"
        }
    ],
    "routing": {
        "strategy": "rules",
        "settings": {
            "rules": [
                {
                    "type": "field",
                    "ip": [
                        "0.0.0.0/8",
                        "10.0.0.0/8",
                        "100.64.0.0/10",
                        "127.0.0.0/8",
                        "169.254.0.0/16",
                        "172.16.0.0/12",
                        "192.0.0.0/24",
                        "192.0.2.0/24",
                        "192.168.0.0/16",
                        "198.18.0.0/15",
                        "198.51.100.0/24",
                        "203.0.113.0/24",
                        "::1/128",
                        "fc00::/7",
                        "fe80::/10"
                    ],
                    "outboundTag": "blocked"
                }
            ]
        }
    }
}
EOF


# start docker
docker run --log-opt max-size=10m --log-opt max-file=3 --name v2ray -d -e TZ="Asia/Shanghai" -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p 65423:65423 v2fly/v2fly-core:v4.45.2
docker run --log-opt max-size=10m --log-opt max-file=3 --name v2ray -d -e TZ="Asia/Shanghai" -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p 65423:65423 v2fly/v2fly-core:v5.4.1 run -c /etc/v2ray/config.json


# start v2ray
docker container start v2ray
docker container stop v2ray
docker container restart v2ray


# log
docker logs -f v2ray
docker container logs v2ray

安装client(V2rayU for mac & Shadowrocket for IOS)

V2rayU, 注意address填写的是ec2的公有IPv4地址

Shadowrocket directly scan config via V2rayU’s Share QR Code

监控vpc使用量

ec2的network实时量与累积量

从console直接查看用量, https://us-east-1.console.aws.amazon.com/billing/home#/bills?year=2024&month=4

speed test result

v2ray(2024-04-12, v5.15.1)

1. login aws
2. new security group
   • in,
   • out,
3. launch a new ec2
4. connect to ec2
5. generate config

    {
        "log": {
            "access": "/var/log/v2ray/access.log",
            "error": "/var/log/v2ray/error.log",
            "loglevel": "warning"
        },
        "inbounds": [{
          "port": xxx,
          "protocol": "vmess",
          "settings": {
            "clients": [
              {
                "id": "xxx",
                "alterId": 0,   
                "level": 0
              }
            ]
          }
        }],
        "outbounds": [{
          "protocol": "freedom",
          "settings": {}
        }]
    }    
   

6. bootstrap server

   docker run --log-opt max-size=10m --log-opt max-file=3 --name v2ray -d -v /etc/localtime:/etc/localtime:ro -v /etc/v2ray:/etc/v2ray -v /etc/v2ray/config.json:/etc/v2ray/config.json -p xxx:xxx v2fly/v2fly-core:v5.15.1 run -c /etc/v2ray/config.json
   

7. config client with server PublicIPs
8. enjog

Reference

1. config.json example
2. v2ray docker repo
3. v2ray server image
4. Docker容器日志查看与清理
5. Fake Credit Card Number Generator