Published June 8, 2023, 6:20 p.m. by Jerald Waisoki
▶ Check out my gear on Kit: https://kit.co/crosstalk
In this video, I detail how to build your own personal VPN proxy server using Streisand.
Blog post (full server build instructions): https://crosstalksolutions.com/create-your-own-personal-vpn-proxy-with-streisand/
PDF download instructions (same as blog post, but with extra client setup instructions): https://crosstalksolutions.com/product/streisand-vpn-proxy-server-documentation/
Donation links from Streisand project creator: https://github.com/StreisandEffect/streisand/issues/168
Private Internet Access: https://www.privateinternetaccess.com/CrosstalkSolutions
crosstalk Store on Amazon - RECOMMENDED PRODUCTS: https://www.amazon.com/shop/crosstalksolutions
crosstalk Discord: https://discord.gg/crosstalksolutions
crosstalk Solutions offers best practice phone systems, network design and deployment, and UniFi Video camera systems. Visit https://CrosstalkSolutions.com for details.
crosstalk Solutions is an authorized Sangoma partner and reseller.
You may also like to read about:
if you're interested in building your
own personal VPN proxy server in order
to surf the web privately and
anonymously then this is the video for
you stay tuned
welcome to crosstalk Solutions my name
is Chris and by now you've probably
heard a lot about protecting yourself
online with a VPN proxy you've probably
even heard the names of some of the top
VPN proxy providers Nord VPN tor guard
tunnel bear and my own personal favorite
which is private Internet access that's
a service that I use daily and I highly
recommend if you get frustrated trying
to build your own VPN proxy then I
recommend checking them out and my
referral code is down in the description
below but what does a VPN proxy do
exactly well there's two parts the VPN
and the proxy now essentially you're
creating a secure tunnel between you and
a random computer server located
somewhere around the globe from that
server you do all of your web surfing
your YouTube or Netflix watching file
downloading and whatever else now if
you're connecting to a server in Seattle
Washington you appear to the Internet as
coming from some random IP address in
Seattle Washington no matter what your
actual location is that's the proxy part
you're not surfing the web directly out
of the IP address that was given to you
by your ISP you're someone else
completely and anonymous your ISP can
see perhaps how much bandwidth is being
transferred from the Internet to your
home and back but because the tunnel is
encrypted with VPN they can't tell what
you're downloading where you're surfing
or what you're watching I like to think
of it as a big opaque garden hose
stretching across your yard the ISP can
hear that liquid is flowing through the
hose but they don't know where that
liquids going or even what kind of
liquid it is there are a ton of other
advantages and benefits to using a VPN
proxy besides the security aspect as
well but the bottom line is that using a
VPN proxy is a really great habit to
have your ISP can't watch you but then
this brings up a logical next question
are you just picking a different watcher
- who's to say that your VPN proxy
service isn't storing all sorts of
information about you and then selling
that information to the highest bidder
or happily handing over years worth of
server logs to anyone who comes knocking
with a subpoena most VPN proxy services
have very clear policies about this
stuff and in the case of private
Internet access they claim to not keep
any traffic or access logs and they even
have a transparency report that shows
how many warrants and subpoenas they've
received and complied to but of course
the internet being the skeptical den of
villainy that it is a lot of people are
still not convinced that any third party
VPN proxy service is trustworthy so for
those people here's some good news in
this video we're gonna teach you how to
build your own now there's a fantastic
project on github called Streisand as in
the Streisand effect or the phenomenon
by which an attempt to hide remove or
censor a piece of information has the
unintended consequence of publicizing
that information more widely so back in
2003 Barbra Streisand made a big stink
about trying to suppress photos of her
Malibu California home it became such a
big story that it actually drew a lot
more attention to the home than it would
have if she just stayed out of it
completely so let's set up our own
personal Streisand VPN proxy server this
project is a great overall learning
experience it gives you experience in
working with a cloud server provider
such as digital ocean and it has a
decent amount of Linux and a decent
amount of networking as well I would
rate this an intermediate skill level
project but it's really really
satisfying once it's up and running and
protecting you from your big bad ISP the
Streisand VPN project tries to automate
the server setup as much as possible
they've really done most of the heavy
lifting so huge huge kudos to the folks
behind that project but these
instructions will walk you through the
setup start to finish step-by-step if
you follow these steps exactly you will
have a working Streisand server in the
end and like all of my projects I will
do my best to keep the documentation up
to
date as things change now as I said this
is an intermediate level project in this
video and the accompanying blog post
will get you all of the way from nothing
all the way up to having a fully
functional strife Streisand VPN proxy
server setup however and this is
completely optional if you're interested
in supporting cross talks efforts in
documenting this process for you you can
optionally purchase a downloadable PDF
of these instructions that contains
everything in the blog post online as
well as an additional 12 pages worth of
instructions for connecting your various
client devices such as your PC your iOS
or your Android devices in a variety of
different methods now again you do not
need the PDF but if you want it it does
go further than I'm gonna go in this
video beyond the server setup and into
the client setup as well that PDF is
downloadable through the crosstalk
solutions store and it has a price tag
of $9.95 link down below for anyone
who's interested and I greatly
appreciate the support now with that
being said to set up streisand we're
gonna need two separate digital ocean
servers the first server will be our
builder server and the second server
will be our VPN proxy the builder server
is just that we're creating a freshly
installed Ubuntu Linux server that will
in turn be used to build our VPN proxy
server through a series of scripts and
automated steps now you can use an
existing server as your builder but
honestly if you stray from these
instructions at all you really have to
have a decent knowledge of what you're
doing if you're still learning stick
with these steps and you'll be good the
builder server on digitalocean cost five
dollars a month and you really only need
it up and running for a few hours to get
this done it's worth a few cents to
start with a clean foundation okay
with all that being said let's go ahead
and get started to build my VPN proxy
server I'm gonna be following along with
a blog post that I wrote on crosstalk
solutions.com there's a link down below
to the blog post and I
highly suggest that you follow along
with the blogpost so that you can copy
and paste all the commands instead of
having to type everything in manually
the first step is to log into digital
ocean if you don't yet have a digital
ocean account you can use my affiliate
link to sign up that'll get you a
hundred dollars worth of digital ocean
credit and I would be very appreciative
of those sign ups because it helps out
the crosstalk Solutions channel okay
once you're logged in we need to create
our streisand builder server so this is
the first of the two servers that we're
going to have this is the server that
we're going to use to in turn then build
the VPN proxy server so let's do that
now I'm popping over to digital ocean
I'm going to say create a droplet and
we're gonna do a boon to 16.0 4.6 64-bit
version we're gonna choose the standard
plan and then down here we certainly
don't need to go $40 a month for this
server so we're gonna scroll all the way
down to the bottom and we're gonna
choose the five dollars per month server
which is actually the point seven cents
per hour server and you know assuming
that everything goes well we can
actually destroy this server in just a
few hours here now since we're going to
destroy this server in just a few hours
you don't need to enable automated
backups or any of the extra bells and
whistles you just need to choose a data
center to host this virtual server in
and I'm gonna choose San Francisco to
just because that is geographically
close to my location all right I'm gonna
scroll all the way down to the bottom
and we want to give this server a
hostname I'm gonna call it Streisand
builder and this does not have to be a
fully qualified domain name this is not
something that we're gonna actually
resolve DNS requests - we will need an
fqdn for the VPN proxy server but we'll
cross that bridge when we come to it
okay go ahead and click create and
what's going to happen now is your
server will be created you will get an
IP address and you will get an email
from digitalocean with the IP address as
well as the default root password so
wait until you get that email and then
we can move on to the next steps all
right so we can see the IP address here
I'm gonna copy that and I'm gonna pop
open putty now you can use putty or any
other SSH program to get into the server
I personally prefer putty because it's
free and it's easy to use and we're
going to be using putty for the
rest of this documentation okay so we're
gonna paste the IP address as the host
name and then you want to go to that
email that digital ocean sent you and
copy the password so we're gonna say
open and say yes to the security alert
and then we're gonna log in as root and
then shift insert to paste the password
you can also right click to paste the
first thing it's going to have us do is
change that password so shift insert or
right-click again to paste that password
one more time and now pick a new
password that you're going to enter once
and then confirm and now I have
successfully logged into my streisand
builder server okay let me rearrange my
windows a little bit here and once we've
logged in the first thing we want to do
is create an SSH a key pair we're gonna
do that by saying SSH - key Jen and then
just hit enter three times to take the
defaults enter enter enter now if you do
LS - la SSH you should see an ID
underscore RSA and an ID underscore RSA
pub we want to backup both of these
files these are our private and public
key files so we're gonna say Kat dot SSH
slash ID underscore RSA and then we can
see the key is output to the screen here
I'm just gonna copy that with ctrl
insert and then I'm gonna paste it into
notepad and save that onto my computer
alright that's our private key you also
want to do the same thing for the public
key which is the ID underscore RSA dot
Pub file ok and now I have my public and
private keys backed up people always
give me crap by the way about showing my
public and private keys on video but by
the time you guys are watching this
video this server will be destroyed so
there's no need go ahead and copy it
down if you want it's literally of no
use to you alright so now that we have
our public and private keys backed up we
need to install the programs that will
then allow us to download the software
that we need from github so we're gonna
say sudo apt update and and sudo apt
install git and Python - pip - why the -
why is just our confirmation that we
want to go ahead and do this so that it
doesn't prompt us
and this process takes about one minute
or so to complete okay there we go and
now that we've done that we need to
download and execute the scripts that
will allow us to create our Streisand
VPN proxy server so we're gonna clone
that software from github which
basically just means we're grabbing a
copy of that software from the github
repository so I'm gonna copy this
command here and paste it into putty and
if we do LS - la we can see that we have
now moved into the slash strife
streisand folder and we have all of this
software that was downloaded so this
next part is a little bit tricky and
what we're gonna do here is we're gonna
run this command dot slash util keep in
mind that this command is relative to
the streisand path that we're currently
in
so it's slash util slash V env -
dependencies SH dot slash ve and V now
the first time that we run this command
it should be relatively quick and it's
gonna tell us setup will fail without
these packages so basically what we did
was a dependency check and it found all
of these different packages that we need
to install first before we can run that
same command again so let's go ahead and
do that it gives us the command right
here so we're gonna copy this and I'm
gonna say sudo space and then shift
insert - paste it and I don't know if
you need sudo there or not for sure but
I always just do it to be safe and then
that has now installed all of those
missing dependencies so we can hit up up
and we can run that util vem
dependencies SH command one more time
okay so now this is running this is
installing some stuff it's going to stop
install everything that we need to do
the actual build of the Streisand VPN
proxy server and this process is going
to take about two minutes or so you also
might see some Python 2.7 warnings in
red text you can safely ignore those
warnings okay so once that has completed
you'll see this command you'll see this
here all dependencies installed to use
this environment run this in your shell
okay so now is the fun part we're
actually going to start building our VPN
proxy server we're gonna say source dot
ve NV dot slash V env scuse me slash bin
slash activate and now you'll see the
command prompt here has changed to a V E
and V in the front and then we want to
say dot slash streisand
so the first thing that we are asked
when we run this streisand command this
is by the way in ansible script if
you're not familiar with what that is
it's basically a scripting language that
is really really powerful as you can see
this is going to do a lot of stuff for
us and I'll explain what it's doing as
we're going but the first thing that we
are asked is which cloud service
provider we are using I have set this up
in two different ways I've set it up
with digitalocean I've also set it up
using an existing server so just a blank
ubuntu 16.04 server both works perfectly
fine for me but you can also do lie node
or Rackspace or Amazon or Azure there's
a bunch of different options here this
tutorial is on digital ocean so I can
only support or you know talk about
what's happening with digital ocean so
we're gonna say three for digital ocean
and it says do you wish to customize
which services streisand will install I
don't want to do any customization so
we're going to say no and it starts to
do its thing now it's going to ask me
which region should the server be
located in and that is basically you
know when we created the droplet for the
streisand builder remember I picked San
Francisco datacenter number two now you
don't have to pick the same
data center that you picked for your
streisand builder however I'm going to
go ahead and do that just because it's
convenient so I'm gonna say number 10
here which is San Francisco data center
2 and now we can say what should the
server be named and this is the name as
it's going to show up in the digital
ocean interface so I'm just going to
call this stri sand VPN server and we're
gonna press Enter
the next thing it asks us for is our
digital ocean personal access token now
the personal ask access token is
basically an API string that we're going
to download from digital ocean that
allows us to run commands and
successfully authenticate ourselves from
a third-party application so let's pop
back over to digital ocean and in
digital ocean we want to click down here
on API and then here we can see personal
access tokens now I have an old one in
here from an older streisand VPN server
so I'm just going to delete that one
first and then we're gonna create a
brand-new one as if we're just starting
from scratch so I'm gonna say generate
new token we're gonna call this
streisand VPN server and then we're
gonna say generate token now your token
is generated here we're gonna copy that
token again this will be destroyed by
the time you guys are watching this
video so don't even try it and we're
going to go back to SSH and we're just
gonna paste that API token and hit enter
next this is asking us for what we want
to call our SSH key pair so the SSH key
pair that we already generated is going
to end up showing up in our digital
ocean interface and this is just a
friendly name for that SSH key pair that
we could potentially reuse with other
servers even other Streisand VPN proxy
servers if we're going to build multiple
servers so if you don't have an SSH key
already in digitalocean that's named
Streisand then you can just safely press
enter here and now it's telling us
Streisand will now set up your server
this process usually takes around 10
minutes press ENTER to begin setup and
so we're going to go ahead and press
enter now it's gonna start running
through all of these scripts and if you
go back to digitalocean and click on
droplets one of the first things you're
going to see here is that it is already
creating a new Streisand VPN server
droplet that's the friendly name that I
gave it just a few steps ago so it's
going to create this droplet and then it
is going to prompt us next for a fully
qualified domain name and that is for
let's encrypt so what you want to do is
keep an eye on the Streisand VPN server
progress and then as soon as you have an
IP address like the one that I have here
you want to log in to your DNS provider
whether that's your hosting provider or
whomever you know hosts the DNS names
where you can create an a record and you
need to create an a record for some
fully qualified domain name and it needs
to point to this IP address for the
Streisand VPN server so while it's
building in the background once you have
the IP go ahead and shoot over to your
DNS hosting provider and create that DNS
a record okay so we can see here that we
are now being prompted for that DNS a
record it says enter your fully
qualified domain name below we can see
that digitalocean gave me an IP address
of 206 that 189 dot 72 52 and if I ping
my VPN crosstalk solutions comm which is
the fqdn that I chose for my own install
here we can see that that resolves to
206 189 72 52 okay so that a record
already resolves to the Streisand VPN
server so we know we are good to go at
this point and I'm gonna type in my VPN
cross-talk solutions.com and press enter
now it asked us for a contact email this
is for let's encrypt so basically if
there's a problem renewing your
certificate it's going to shoot you an
email to this email if you want to skip
this you can just press ENTER but I do
suggest you put in a valid email address
once you have that email address in once
again press ENTER once the process has
finished and in my case it took about 14
minutes to complete all of the steps to
create the Streisand VPN server you're
going to get this message server setup
is complete and if you press ENTER you
get a summary of some stuff that either
passed or failed now during the
installation you may have noticed that
there were a couple of packages that
quote-unquote failed and then there was
a 20-second pause okay and it shows a
big red scary-looking error all right
those are okay I got to Feiler failures
in my setup and that's fine
however if you get like 30 failures or
12 failures or some higher number of
failures then you probably did something
wrong in the initial steps but two
failures like said the ones that I have
here that appears to be normal and I
believe those failures were just GPG
checks that that did not pass the the
check for a piece of software that was
downloaded okay so once we have our
server built the next thing we need to
do is connect to our Streisand VPN
server and if we go here to generated
Docs so if we look in the directory that
we're in right now we are in /root slash
Streisand if we do LS - LA there is a
new folder that's been created called
generated Docs let's go in there CD
generated Docs and here we have
basically two far two files we have a
French and an English version of the
same two files we have Streisand VPN
server HTML and then we have Streisand
VPN server - firewall - information -
HTML so let's go ahead and take a look
at the Streisand VPN server HTML one of
the easiest ways to do that from windows
of course you can just download that
file and open it up with any you know
browser but I like to use winscp so I'm
going to bring up winscp first and I'm
going to connect to the Streisand
builder server using the root root as
the username and the password that I set
when we initially created that server
okay and now we can go into Streisand
and then generated Docs and then I'm
just gonna right click on Streisand VPN
server and choose open and here we can
see that this is how we're going to
connect to the Streisand gateway so with
SSL HTTPS
we can right-click open in a new tab and
then here's our username and password
it's streisand for the username and then
a randomly generated passphrase for the
passwords let me copy this and we're
gonna say Streisand and paste sign in
okay this is on our Streisand VPN server
so number one make a copy of this
information right here and then once
you've connected to my VPN whatever comm
this gives you all of the information
that you're going to need to connect up
your clients your iPhone your Android
devices your Windows or Mac PCs all of
the information needed to connect those
devices along with full like really
detailed instructions are in the is it's
in this document right here now I'm not
going to cover how to connect every type
of different little client to this
Streisand VPN server but what I am going
to do is we're going to connect to this
server using SSH and we're going to
connect to the server with a SSH tunnel
in place so that once we connect we will
be able to surf using Firefox surf
through our Streisand VPN server okay so
let's go ahead and do that next plus
there's one additional step that needs
to be done in some of the open VPN
configuration files in order to be able
to connect successfully with Open VPN so
we're going to fix that one
configuration file and we're going to
connect using SSH with an SSH tunnel
that will allow us to in turn use
Firefox to browse securely through our
Streisand VPN server proxy okay
hopefully that's not too confusing let's
go ahead and get started for the
connections start instructions you can
click down here on SSH and this will
give you SSH instructions for using
putty very similarly to the way that
we're about to do it and these
instructions 100% work I have tested
them out however they don't allow you to
actually create a command shell or log
in to the Streisand VPN server in order
to you know fix that config file so I'm
gonna do this a little bit differently
then you have in the instructions here
but but these instructions do absolutely
work okay so the first thing we need to
do is open up puttygen and we need to
convert the private key file that we
downloaded in like step 3 we need to
convert that to a dot PPK file so let's
go ahead and run puttygen and you want
to click on load and load up the ID
underscore RSA key that you saved
earlier ok we've successfully imported
that key and then we just want to save
private key as a dot PPK file ok that's
it we can close puttygen and now we need
to do a new putty session okay so for
the hostname we're gonna say my VPN dot
crosstalk solutions.com again substitute
your own fully qualified domain name
there then we want to click on
connection SSH right here and then open
that up and click on off au th or
authentication then you want to browse
and select that PPK file that we just
generated from puttygen ok I have that
in place now and the next thing we want
to do is we want to click on SSH
connection SSH and then click on tunnels
right here and we're going to add a new
source port of 8080 and we want that to
be dynamic then we're gonna click Add
and it's gonna show up in this box up
here as d 8080 finally scroll all the
way back up and click back on session
and then what you can do here is click
save or a copy your fqdn copy paste it
under save sessions and then hit save in
order to save all this information so
you don't have to type it in again the
next time you launch putty and want to
connect to your server once you've saved
your session go ahead and click open and
then say yes we're gonna log in as root
and we should successfully authenticate
with our streisand VPN proxy server
okay so we have SSH into our streisand
VPN server and now we're going to proxy
Firefox through our streisand VPN server
on port 8080 since we added port 8080 as
an SSH tunnel when we created the
putty session okay so the first thing we
want to do is bring a firefox over and
you want to click on these three little
lines and choose options scroll down to
the very bottom click settings and then
you should be configured as no proxy by
default but we're going to change this
to manual proxy configuration this is
going to be a Sox v5 proxy the Sox host
is going to be our localhost address 1
2700 dot one on port 8080 okay so we
have that set we're gonna click OK and
now you can surf through Firefox through
your Streisand VPN proxy server and how
can we tell that it's working we can
tell that by going to a website that's
going to show us our external IP address
such as what is my IP comm or IP cow
comm or IP chicken comm or any other
number of sites that will show a win IP
address so let's just go to what is my
IP comm and you can see here that my IP
address is 2 Oh 6.1 89.7 T 252 now if we
bring over our digitalocean droplet page
the IP address of our Strife's and VPN
server is 206 dot 189 dot 72-52
so that matches and that means that
anything that we are surfing from
firefox any web pages that we go to etc
we are going to be surfing through the
streisand VPN proxy server so that is
working and the next thing that we need
to do is actually fix Open VPN so we can
successfully proxy Firefox through but
if you wanted to use opie Open VPN so
that you could proxy all of your
computer's traffic using Open VPN
through the Streisand VPN server there
are a couple of settings that we need to
change in order to make that happen
otherwise when you try to connect Open
VPN it just goes into a loop and it
never actually connects
ok so let's fix that this is going to be
step 12 of the documentation fix Open
VPN configuration settings and we need
to just change this line limit and procs
equals and we need to change that line
in
three different files on the streisand
VPN server the first file is this one
Lib system D system Open VPN at service
so we're gonna copy this here paste that
in there and then we want to scroll down
until we find limit and proc equals it's
ten by default we want to change it to
27 now what does this line do and why
are we changing it to 27 I haven't the
slightest idea honestly and if you do
know what limit and proc is I'm sure I
could look it up but put that down in
the comments below I'd be happy to hear
about that when it wasn't working for me
I emailed the project the people that
put on the streisand project and they
emailed me back and said yeah it's a
known issue you just have to change this
to 27 bla bla bla and so I did it and it
worked and that's good enough for me
okay so control X followed by yes and
entered to save and exit that file and
then we want to do the same thing for
two other files Etsy system D system
openvpn @ server dot service and OpenVPN
@ server - UDP dot service again all of
this is in the blog post just copy and
paste make your life easy okay
27 control X yes enter and then we're
going to do this last one here
okay and now at this point we want to
basically just reboot the server now it
says here do systemctl daemon reload and
then reboot you can probably just reboot
without the daemon reload but I like to
be thorough so we're gonna say systemctl
da e mo and - reload and then reboot
okay once the server comes back up you
should be able to connect up your open
VPN clients no problem that's it
congratulations you now have your
streisand VPN proxy server up and
running and let's do a speed test just
to make sure we're not gonna be slowing
down any of our traffic I have a
spectrum business 300 by 20 cable
connection here in my home office you
can see what is my IP let's just double
check make sure that I am still in that
same proxy IP address I am and let's
open up fast comm and see what kind of
speeds we're getting there we go
350 megabits per second through my
Streisand VPN proxy server let's also do
speedtest.net just for kicks and we're
gonna click go you can see that my ISP
my quote/unquote ISP and when IP says
digitalocean LLC and my speed test shows
331 down and four point four eight up so
not so great on the upload but again
your mileage may vary I've also had this
running on my iPhone connected through
wire guard for about the past 48 hours I
have not noticed any slowdown or any
problems running through this VPN proxy
server through my iPhone as well it's
been working just perfectly alright
there you go at this point you can
follow the instructions when you log
into the GUI of your streisand VPN
server you've got full client
instructions for how to connect your
iPhone your Android devices Open VPN
wire guard Windows 10 Mac whatever
client you happen to want to connect
through your streisand VPN server there
are full instructions I
tested most of them and there's a little
of a few caveats here and there and if
you're interested in supporting cross
talk solutions you can certainly
purchase the PDF as I mentioned earlier
where I detail some of the instructions
for connecting clients I do android
devices iOS devices using either open
VPN or wire guard as well as Windows 10
using Open VPN so all of that extra
client connection information is beyond
the scope of this video but it is in
that PDF if you're interested in
downloading it of course you don't have
to you can just look at the instructions
and figure it out just like I did
and if you're like Chris you're a greedy
bastard for trying to charge money for
that documentation again it's totally
optional but if you do have extra money
that's burning a hole in your wallet and
you would like to donate to perhaps the
streisand projects the creator of the
project joshua lund out of Salt Lake
City Utah does not take donations
through the Streisand page however he
did put a statement out on this and he
said he's not looking to make any money
off of Streisand but you can donate to
one of these other causes which would be
the ACLU Debian the Electronic Frontier
Foundation the freedom of the press
foundation open whisper systems or the
Tor project and I will put a link to
that statement as well down below if you
would like to donate to any of those
really good causes okay there you go
there is the complete set up for the
Streisand VPN server proxy what do you
guys think put your thoughts down in the
comments below I would love to hear them
and if you enjoyed this video please
give me a thumbs up if you'd like to see
more videos like this please click
subscribe my name is Chris for the
crosstalk solutions and thank you so
much for watching
[Music]
2CUTURL
Created in 2013, 2CUTURL has been on the forefront of entertainment and breaking news. Our editorial staff delivers high quality articles, video, documentary and live along with multi-platform content.
© 2CUTURL. All Rights Reserved.