Intro
Ok, so with a million different vpn providers why would I use vpncloud over any of the others? Well, it is quite simple to configure. Especially behind a firewall; for example, T-Mobile home internet. Now, maybe there is a way to configure the firewall on this device. However, why? This is a simple internet device and it is better to leave it alone much of the time. Basically, vpncloud punches a hole in the firewall by allowing the device to communicate out and find other devices. Then, it uses this pathway to also allow in as well as out traffic to flow via the VPN. Thus, allowing a pipe through that is specific to the VPN to send and receive data.
Install Steps
Step 1 - Add packages and update/upgrade apt and install vpncloud
Install sudo and update and upgrade the server to latest base image.
apt install sudo -y
sudo apt update && sudo apt upgrade -y
Install key other elements such as curl and gnupg2
sudo apt install -y curl apt-transport-https wget ca-certificates gnupg2
Finally, Install vpnCloud gpg, sources list and actual vpncloud package.
KEYRING=/usr/share/keyrings/vpncloud.gpg
curl https://repo.ddswd.de/deb/public.key | gpg --dearmor | sudo tee "$KEYRING" > /dev/null 2>&1
echo "deb [signed-by="$KEYRING"] https://repo.ddswd.de/deb stable main" | sudo tee /etc/apt/sources.list.d/vpncloud.list
sudo apt update && sudo apt install -y vpncloud
Step 2 - Configure vpncloud config
Ok, the tough part is over. At least for me, getting GPG to work the first time took some doing. Now, comes the most important part setting the configuration params.
sudo vpncloud config
See this article for more info on configuration from vpncloud site.
Below is the start service info provided by vpncloud config. Note: sysctl may not be aliased on your system. So, use this instead as on example: sudo sysctl enable vpncloud@alshowto
Use the following commands to control your VPN:
start the VPN: sudo service vpncloud@alshowto start
stop the VPN: sudo service vpncloud@alshowto stop
get the status: sudo service vpncloud@alshowto status
add VPN to autostart: sudo sysctl enable vpncloud@alshowto
remove VPN from autostart: sudo sysctl disable vpncloud@alshowto
Below are my recommended ones
Use the following commands to control your VPN:
start the VPN: sudo service vpncloud@alshowto start
stop the VPN: sudo service vpncloud@alshowto stop
get the status: sudo service vpncloud@alshowto status
add VPN to autostart: sudo systemctl enable vpncloud@alshowto
remove VPN from autostart: sudo systemctl disable vpncloud@alshowto
To start it, use the below command.
sudo service vpncloud@alshowto start
Important Fix
If this fails with error: Job for vpncloud@alshowto.service failed because the control process exited with error code. It may be related to a reported vulnerability.
vpncloud provided a recommended 0fix related to linux kernel. For the fix, See this article. I think, I have included a little better fix recommendation.
Here is the common error
root@mail01:~# sudo service vpncloud@alshowto start
Job for vpncloud@alshowto.service failed because the control process exited with error code.
See "systemctl status vpncloud@alshowto.service" and "journalctl -xe" for details.
While looking at the log, I found this error.
root@mail01:~# cat /var/log/vpncloud-alshowto.log
2022-10-23 20:27:24 - INFO - Reading config file '/etc/vpncloud/alshowto.net'
2022-10-23 20:27:24 - INFO - Opened device vpncloud0
2022-10-23 20:27:24 - INFO - Setting MTU 1427 on device vpncloud0
2022-10-23 20:27:24 - INFO - Configuring device with ip 10.1.1.1, netmask 255.255.255.0
2022-10-23 20:27:24 - WARN - Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently 0).
Here is my fix
The vpncloud fix states to add --fix-rp-filter to provide the fix. However, there is no explanation on where to place it so this is where I put it "/lib/systemd/system/vpncloud@.service".
nano /lib/systemd/system/vpncloud@.service
[Unit]
Description=VpnCloud network '%I'
After=network-online.target
Wants=network-online.target
PartOf=vpncloud.target
Documentation=man:vpncloud(1)
[Service]
Type=forking
ExecStart=/usr/bin/vpncloud --fix-rp-filter --config /etc/vpncloud/%i.net --log-file /var/log/vpncloud-%i.log --stats-file /var/log/vpncloud-%i.stats --daemon --pid-file /run/vpncloud-%i.pid
PIDFile=/run/vpncloud-%i.pid
WorkingDirectory=/etc/vpncloud
RestartSec=5s
Restart=on-failure
TasksMax=10
MemoryMax=50M
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=/var/log /run
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
[Install]
WantedBy=multi-user.target
Once saved, it is required to reload systemctl
systemctl daemon-reload
Now, restart the service and it should work fine without the error.
sudo service vpncloud@alshowto start
Step 3 - Enable services for config
Now, simply enable the service so that it starts the vpn network.
sudo systemctl enable vpncloud@alshowto
Step 4 - Test configuration
Other Things to Consider
Here is the original setup video from YouTube.