Ok, so with a million different vpn providers why would I use vpncloud over any of the others? Well, it is quite simple to configure. Especially behind a firewall; for example, T-Mobile home internet. Now, maybe there is a way to configure the firewall on this device. However, why? This is a simple internet device and it is better to leave it alone much of the time. Basically, vpncloud punches a hole in the firewall by allowing the device to communicate out and find other devices. Then, it uses this pathway to also allow in as well as out traffic to flow via the VPN. Thus, allowing a pipe through that is specific to the VPN to send and receive data.
Step 1 – Add packages and update/upgrade apt and install vpncloud
Install sudo and update and upgrade the server to latest base image.
apt install sudo -y sudo apt update && sudo apt upgrade -y
Install key other elements such as curl and gnupg2
sudo apt install -y curl apt-transport-https wget ca-certificates gnupg2
Finally, Install vpnCloud gpg, sources list and actual vpncloud package.
KEYRING=/usr/share/keyrings/vpncloud.gpg curl https://repo.ddswd.de/deb/public.key | gpg --dearmor | sudo tee "$KEYRING" > /dev/null 2>&1 echo "deb [signed-by="$KEYRING"] https://repo.ddswd.de/deb stable main" | sudo tee /etc/apt/sources.list.d/vpncloud.list sudo apt update && sudo apt install -y vpncloud
Step 2 – Configure vpncloud config
Ok, the tough part is over. At least for me, getting GPG to work the first time took some doing. Now, comes the most important part setting the configuration params.
sudo vpncloud config
See this article for more info on configuration from vpncloud site.
Below is the start service info provided by vpncloud config. Note: sysctl may not be aliased on your system. So, use this instead as on example: sudo sysctl enable vpncloud@alshowto
Use the following commands to control your VPN: start the VPN: sudo service vpncloud@alshowto start stop the VPN: sudo service vpncloud@alshowto stop get the status: sudo service vpncloud@alshowto status add VPN to autostart: sudo sysctl enable vpncloud@alshowto remove VPN from autostart: sudo sysctl disable vpncloud@alshowto
Below are my recommended ones
Use the following commands to control your VPN: start the VPN: sudo service vpncloud@alshowto start stop the VPN: sudo service vpncloud@alshowto stop get the status: sudo service vpncloud@alshowto status add VPN to autostart: sudo systemctl enable vpncloud@alshowto remove VPN from autostart: sudo systemctl disable vpncloud@alshowto
To start it, use the below command.
sudo service vpncloud@alshowto start
If this fails with error: Job for email@example.com failed because the control process exited with error code. It may be related to a reported vulnerability.
vpncloud provided a recommended 0fix related to linux kernel. For the fix, See this article. I think, I have included a little better fix recommendation.
Here is the common error
root@mail01:~# sudo service vpncloud@alshowto start
Job for firstname.lastname@example.org failed because the control process exited with error code.
See “systemctl status email@example.com” and “journalctl -xe” for details.
While looking at the log, I found this error.
root@mail01:~# cat /var/log/vpncloud-alshowto.log 2022-10-23 20:27:24 - INFO - Reading config file '/etc/vpncloud/alshowto.net' 2022-10-23 20:27:24 - INFO - Opened device vpncloud0 2022-10-23 20:27:24 - INFO - Setting MTU 1427 on device vpncloud0 2022-10-23 20:27:24 - INFO - Configuring device with ip 10.1.1.1, netmask 255.255.255.0 2022-10-23 20:27:24 - WARN - Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently 0).
Here is my fix
The vpncloud fix states to add –fix-rp-filter to provide the fix. However, there is no explanation on where to place it so this is where I put it “/lib/systemd/system/vpncloud@.service“.
[Unit] Description=VpnCloud network '%I' After=network-online.target Wants=network-online.target PartOf=vpncloud.target Documentation=man:vpncloud(1) [Service] Type=forking ExecStart=/usr/bin/vpncloud --fix-rp-filter --config /etc/vpncloud/%i.net --log-file /var/log/vpncloud-%i.log --stats-file /var/log/vpncloud-%i.stats --daemon --pid-file /run/vpncloud-%i.pid PIDFile=/run/vpncloud-%i.pid WorkingDirectory=/etc/vpncloud RestartSec=5s Restart=on-failure TasksMax=10 MemoryMax=50M PrivateTmp=yes ProtectHome=yes ProtectSystem=strict ReadWritePaths=/var/log /run CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw [Install] WantedBy=multi-user.target
Once saved, it is required to reload systemctl
Now, restart the service and it should work fine without the error.
sudo service vpncloud@alshowto start
Step 3 – Enable services for config
Now, simply enable the service so that it starts the vpn network.
sudo systemctl enable vpncloud@alshowto
Step 4 – Test configuration
Other Things to Consider
Here is the original setup video from YouTube.