{"id":2949,"date":"2018-08-03T00:00:00","date_gmt":"2018-08-03T00:00:00","guid":{"rendered":"http:\/\/ssdnodes.billabailey.com\/2017\/08\/03\/tutorial-the-easiest-vpn-with-streisand-and-ubuntu-16-04\/"},"modified":"2025-05-15T15:31:01","modified_gmt":"2025-05-15T15:31:01","slug":"streisand-vpn-tutorial","status":"publish","type":"post","link":"https:\/\/www.ssdnodes.com\/blog\/streisand-vpn-tutorial\/","title":{"rendered":"Streisand VPN: How To Install And Configure (Tutorial)"},"content":{"rendered":"<p>We've written about VPNs before, but the Streisand VPN, with a supposedly easy installation process, has caught our eye.<\/p>\n<p>The results are clear: Streisand VPN is one of the easiest VPS+VPN installations we've found. It's much easier than <a href=\"https:\/\/www.ssdnodes.com\/blog\/tutorial-installing-openvpn-on-ubuntu-16-04\/\">OpenVPN<\/a>, and only the <a href=\"https:\/\/www.ssdnodes.com\/blog\/tutorial-installing-alphabets-outline-vpn-on-your-vps\/\">Outline VPN<\/a> is easier to install, depending on your particular needs.<\/p>\n<p>In the following tutorial, you'll learn how to set up the Streisand VPN on a new Ubuntu 16.04 VPS in a matter of minutes (plus a handful more for Ansible).<\/p>\n<h2>Prerequisites to install Streisand VPN<\/h2>\n<p><strong>On your VPS<\/strong>:<\/p>\n<ul>\n<li>A brand-new Ubuntu 16.04 installation\u2014this means either just purchased and provisioned, or reinstalled using the dashboard.<\/li>\n<\/ul>\n<p><strong>On your local machine:<\/strong><\/p>\n<ul>\n<li>A BSD, Linux, or OS X system (no Windows support)<\/li>\n<li>A working SSH key at ;<code>~\/.ssh\/id_rsa.pub<\/code><\/li>\n<li>Git<\/li>\n<li>The <code>pip<\/code> package management system for Python\u2014see here for <a href=\"https:\/\/pip.pypa.io\/en\/stable\/installing\/\" target=\"_blank\" rel=\"noopener\">installation instructions<\/a><\/li>\n<li>Ansible\u2014see our <a href=\"https:\/\/www.ssdnodes.com\/blog\/ansible-tutorial-getting-started\/\">Ansible tutorial<\/a> or the <a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/intro_installation.html\" target=\"_blank\" rel=\"noopener\">official documentation<\/a> for more details<\/li>\n<\/ul>\n<div class=\"cta-inline\"><\/div>\n<h2>Step 1. Copying your SSH key to the bare server<\/h2>\n<p>We've covered SSH keys at length in <a href=\"https:\/\/www.ssdnodes.com\/blog\/tutorial-setting-up-and-securing-ssh-based-authentication\/\">other tutorials<\/a>, but we'll quickly walk through the steps here again.<\/p>\n<p>In order for Streisand VPN to communicate with your server through Ansible, it needs to use public key authentication rather than passwords. We'll create a private key on our local machine, and then copy the public key to the VPS to enable this connection.<\/p>\n<h3>If you don't have an SSH key yet<\/h3>\n<p>Simply create a new SSH key using the <code>ssh-keygen<\/code> command:<\/p>\n<pre><code class=\"language-shell hljs\"><span class=\"hljs-meta\">$<\/span><span class=\"bash\"> ssh-keygen -t rsa<\/span>\n<\/code><\/pre>\n<p>When asked where to save the key, just hit <code>Enter<\/code>\u2014we want the default location in this case.<\/p>\n<p>Whether or not you enter a passphrase is entirely up to you\u2014they can be blank\u2014but we recommend a strong, secure passphrase to improve the integrity of your server if your private key was ever exposed.<\/p>\n<h3>Now that you have an SSH key, or if you had one already<\/h3>\n<p>Now that we're all on the same page with an SSH key, let's quickly copy that over to the server in question.<\/p>\n<pre><code class=\"hljs shell\"><span class=\"hljs-meta\">$<\/span><span class=\"bash\"> ssh-copy-id root@<\/span><strong><span class=\"bash\">IP_ADDRESS<\/span><\/strong>\n<\/code><\/pre>\n<p>You can double-check that the SSH key is working by establishing an <code>ssh<\/code> connection. If you connect either automatically (if no passphrase), or after you've entered your passphrase, then you know your key is working.<\/p>\n<h2>Step 2. Getting the Streisand repository<\/h2>\n<p>Before we get started, we need to set up our local environment to allow the Streisand VPN installer to run correctly.<\/p>\n<p><strong>Remember: The following instructions are to be completed on your local machine, not the VPS.<\/strong><\/p>\n<p>First, download the Streisand github repository and <code>cd<\/code> into it.<\/p>\n<pre><code class=\"hljs shell\"><span class=\"hljs-meta\">$<\/span><span class=\"bash\"> git <span class=\"hljs-built_in\">clone<\/span> https:\/\/github.com\/jlund\/streisand.git &amp;&amp; <span class=\"hljs-built_in\">cd<\/span> streisand<\/span>\n<\/code><\/pre>\n<p>At this point, all you need to do is run the <code>.\/streisand<\/code> command, which will chain into all the Ansible tasks that need to be run.<\/p>\n<pre><code class=\"hljs markdown\">$ .\/streisand\n\nS T R E I S A N D  \n\nWhich provider are you using?\n<span class=\"hljs-bullet\">1. <\/span>Amazon\n<span class=\"hljs-bullet\">2. <\/span>Azure\n<span class=\"hljs-bullet\">3. <\/span>DigitalOcean\n<span class=\"hljs-bullet\">4. <\/span>Google\n<span class=\"hljs-bullet\">5. <\/span>Linode\n<span class=\"hljs-bullet\">6. <\/span>Rackspace\n<span class=\"hljs-bullet\">7. <\/span>Localhost (Advanced)\n<span class=\"hljs-bullet\">8. <\/span>Existing Server (Advanced)\n<\/code><\/pre>\n<p>After typing in <code>8<\/code> and then hitting <code>Enter<\/code>, the command will ask for the IP address of the server you're installing Streisand on. You'll then see the following\u2014one last warning to let you know that installing Streisand will override any existing configurations with impunity.<\/p>\n<pre><code class=\"hljs php\">THIS WILL OVERWRITE CONFIGURATION ON THE EXISTING SERVER.\nSTREISAND ASSUMES \u2588\u2588\u2588.\u2588\u2588\u2588.\u2588\u2588\u2588.\u2588 IS A BRAND <span class=\"hljs-keyword\">NEW<\/span> UBUNTU INSTANCE <span class=\"hljs-keyword\">AND<\/span> WILL\nNOT PRESERVE EXISTING CONFIGURATION <span class=\"hljs-keyword\">OR<\/span> DATA.\n\nARE YOU <span class=\"hljs-number\">100<\/span>% SURE THAT YOU WISH TO <span class=\"hljs-keyword\">CONTINUE<\/span>?\n\nPlease enter the word <span class=\"hljs-string\">'streisand'<\/span> to <span class=\"hljs-keyword\">continue<\/span>:\n<\/code><\/pre>\n<p>If all goes well, the installer will take off, and you'll see lots of output from Ansible as it installs and configures the applications that make up the Streisand core.<\/p>\n<h3>Troubleshooting<\/h3>\n<p>Seeing this error: <code>Permission denied (publickey,password)<\/code>? I had the same issue the first time I tried installing Streisand on a brand new server. After some investigation, I discovered that, apparently, Streisand doesn't allow you to input your passphrase when it invokes an <code>ssh<\/code> connection, leading to the rejected connection.<\/p>\n<p>I discovered a workaround in the way that most systems keep passphrase-protected SSH keys open for a short period of time after being unlocked for ease of use. We can utilize this feature by first connecting to the server in question and unlocking our key with the passphrase.<\/p>\n<pre><code class=\"hljs shell\">\nssh root@IP_ADDRESS\n<\/code><\/pre>\n<p>Immediately after, you should re-run the <code>.\/streisand<\/code> command, and it should work.<\/p>\n<p>If it doesn't, you might want to look into <code>ssh-agent<\/code> or whatever keychain your OS comes with.<\/p>\n<h2>Step 3. Connecting to your new Streisand VPN server<\/h2>\n<p>With any luck, the actual Streisand installation went smoothly, and you'll see the following output.<\/p>\n<pre><code class=\"hljs shell\">\n[streisand-gateway : Success!]\nServer setup is complete. The <code>HOSTNAME.html<\/code> instructions file in the generated-docs folder is ready to give to friends, family members, and fellow activists. Press Enter to continue.:\n<\/code><\/pre>\n<p>Hit <code>Enter<\/code> and then check out the <code>generated-docs<\/code> folder.<\/p>\n<pre><code class=\"language-shell hljs\">cd generated-docs\n<\/code><\/pre>\n<p>Open the <code>HOSTNAME.html<\/code> file in your browser of choice, and you'll see extensive directions on how to download the SSL certificate that will allow you to connect to your new Streisand VPN server. Follow the instructions according to your operating system or browser of choice\u2014while you can only <em>install<\/em> Streisand from a Linux\/OS X system, you can certainly connect to your existing Streisand server from a Windows machine.<\/p>\n<p>Once you have the certificate installed, you can access your server via your IP address and the username\/password combination that's generated. There's also a Tor\/.onion link available for those who want to use that protocol instead of HTTPS.<\/p>\n<p>After entering your username and unique password, you'll see documentation on how to connect to the various services enabled. The really cool thing about Streisand's documentation is that it's completely customized to your server's IP address. There are built-in instructions for OpenVPN, L2TP\/IPsec, Wireguard, Tor, and more.<\/p>\n<h2>Final thoughts on the Streisand VPN<\/h2>\n<p><img decoding=\"async\" style=\"display: block; margin-left: auto; margin-right: auto; width: 640px;\" src=\"https:\/\/www.ssdnodes.com\/wp-content\/uploads\/2024\/01\/20170803-streisand.gif\" alt=\"20170803-streisand.gif\" width=\"640\" \/><\/p>\n<p>Personally, I was able to get an OpenVPN connection running in just about 5 minutes after connecting to the Streisand server and following the customized instructions.<\/p>\n<p>As far as I can tell, that makes Streisand the easiest path to a VPN out there right now, solving much of the <a href=\"https:\/\/www.ssdnodes.com\/blog\/tutorial-installing-openvpn-on-ubuntu-16-04\/\">complexity of installing OpenVPN manually<\/a> or <a href=\"https:\/\/www.ssdnodes.com\/blog\/an-idiot-and-his-vpn\">struggling with the likes of Algo<\/a>. We hope you agree! Let us know about your VPN success stories in the comments.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re looking to install a virtual private network (VPN) on your VPS without the hassle, give Streisand VPN (and our step-by-step tutorial) a shot.<\/p>\n","protected":false},"author":20,"featured_media":2952,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[18,30],"tags":[255],"class_list":["post-2949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","category-tutorials","tag-vpn"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/2949","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/comments?post=2949"}],"version-history":[{"count":3,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/2949\/revisions"}],"predecessor-version":[{"id":12920,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/posts\/2949\/revisions\/12920"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media\/2952"}],"wp:attachment":[{"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/media?parent=2949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/categories?post=2949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssdnodes.com\/wp-json\/wp\/v2\/tags?post=2949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}