VPNCloud And Debian 11 Logo'sVPNCloud And Debian 11 Logo's

Intro

Ok, so with a million different vpn providers why would I use vpncloud over any of the others? Well, it is quite simple to configure. Especially behind a firewall; for example, T-Mobile home internet. Now, maybe there is a way to configure the firewall on this device. However, why? This is a simple internet device and it is better to leave it alone much of the time. Basically, vpncloud punches a hole in the firewall by allowing the device to communicate out and find other devices. Then, it uses this pathway to also allow in as well as out traffic to flow via the VPN. Thus, allowing a pipe through that is specific to the VPN to send and receive data.

Install Steps

Step 1 - Add packages and update/upgrade apt and install vpncloud

Install sudo and update and upgrade the server to latest base image.

apt install sudo -y
sudo apt update && sudo apt upgrade -y

Install key other elements such as curl and gnupg2

sudo apt install -y curl apt-transport-https wget ca-certificates gnupg2

Finally, Install vpnCloud gpg, sources list and actual vpncloud package.

KEYRING=/usr/share/keyrings/vpncloud.gpg
curl https://repo.ddswd.de/deb/public.key | gpg --dearmor | sudo tee "$KEYRING" > /dev/null 2>&1
echo "deb [signed-by="$KEYRING"] https://repo.ddswd.de/deb stable main" | sudo tee /etc/apt/sources.list.d/vpncloud.list
sudo apt update && sudo apt install -y vpncloud

Step 2 - Configure vpncloud config

Ok, the tough part is over. At least for me, getting GPG to work the first time took some doing. Now, comes the most important part setting the configuration params.

sudo vpncloud config

See this article for more info on configuration from vpncloud site.

Below is the start service info provided by vpncloud config. Note: sysctl may not be aliased on your system. So, use this instead as on example: sudo sysctl enable vpncloud@alshowto

Use the following commands to control your VPN:
  start the VPN:   sudo service vpncloud@alshowto start
  stop the VPN:    sudo service vpncloud@alshowto stop
  get the status:  sudo service vpncloud@alshowto status
  add VPN to autostart:       sudo sysctl enable vpncloud@alshowto
  remove VPN from autostart:  sudo sysctl disable vpncloud@alshowto

Below are my recommended ones

Use the following commands to control your VPN:
  start the VPN:   sudo service vpncloud@alshowto start
  stop the VPN:    sudo service vpncloud@alshowto stop
  get the status:  sudo service vpncloud@alshowto status
  add VPN to autostart:       sudo systemctl enable vpncloud@alshowto
  remove VPN from autostart:  sudo systemctl disable vpncloud@alshowto

To start it, use the below command.

sudo service vpncloud@alshowto start

Important Fix

If this fails with error: Job for vpncloud@alshowto.service failed because the control process exited with error code. It may be related to a reported vulnerability.

vpncloud provided a recommended 0fix related to linux kernel. For the fix, See this article. I think, I have included a little better fix recommendation.

Here is the common error

root@mail01:~# sudo service vpncloud@alshowto start
Job for vpncloud@alshowto.service failed because the control process exited with error code.
See "systemctl status vpncloud@alshowto.service" and "journalctl -xe" for details.

While looking at the log, I found this error.

root@mail01:~# cat /var/log/vpncloud-alshowto.log
2022-10-23 20:27:24 - INFO - Reading config file '/etc/vpncloud/alshowto.net'
2022-10-23 20:27:24 - INFO - Opened device vpncloud0
2022-10-23 20:27:24 - INFO - Setting MTU 1427 on device vpncloud0
2022-10-23 20:27:24 - INFO - Configuring device with ip 10.1.1.1, netmask 255.255.255.0
2022-10-23 20:27:24 - WARN - Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently 0).

Here is my fix

The vpncloud fix states to add --fix-rp-filter to provide the fix. However, there is no explanation on where to place it so this is where I put it "/lib/systemd/system/vpncloud@.service".

nano /lib/systemd/system/vpncloud@.service
[Unit]
Description=VpnCloud network '%I'
After=network-online.target
Wants=network-online.target
PartOf=vpncloud.target
Documentation=man:vpncloud(1)

[Service]
Type=forking
ExecStart=/usr/bin/vpncloud --fix-rp-filter --config /etc/vpncloud/%i.net --log-file /var/log/vpncloud-%i.log --stats-file /var/log/vpncloud-%i.stats --daemon --pid-file /run/vpncloud-%i.pid
PIDFile=/run/vpncloud-%i.pid
WorkingDirectory=/etc/vpncloud
RestartSec=5s
Restart=on-failure
TasksMax=10
MemoryMax=50M
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=/var/log /run
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw

[Install]
WantedBy=multi-user.target

Once saved, it is required to reload systemctl

systemctl daemon-reload

Now, restart the service and it should work fine without the error.

sudo service vpncloud@alshowto start

Step 3 - Enable services for config

Now, simply enable the service so that it starts the vpn network.

sudo systemctl enable vpncloud@alshowto

Step 4 - Test configuration

Other Things to Consider

Here is the original setup video from YouTube.

Leave a Reply

Your email address will not be published. Required fields are marked *