Install and Configure Linux VPN Server using Streisand

You finally got connected to the internet, your smile is from ear to ear and your joy cannot be concealed. We get it, you now have the chance to read, to view and to watch all that the internet has to offer. Later along the road you realize there are some content that you are not privy to because your ISP has blocked the content or some policy governing your geographical region does not allow. What do you do? For some people, that is the end of the road and they will prefer to be content with the content they already have but for others, they would rather let curiosity kill them.

If you fall on the latter category, this guide introduces a tool that will not only protect your public IP but allow you to access content that is available in other countries. Streisand VPN is its name. We shall look at its features then go ahead with steps involved to get it installed.

Features of Streisand

• A single command sets up a brand new Ubuntu 16.04 server running a wide variety of anti-censorship software that can completely mask and encrypt all of your Internet traffic.
• Streisand natively supports the creation of new servers at Amazon EC2, Azure, DigitalOcean, Google Compute Engine, Linode, and Rackspace—with more providers coming soon! It also runs on any Ubuntu 16.04 server regardless of provider, and hundreds of instances can be configured simultaneously using this method.
• The process is completely automated and only takes about ten minutes, which is pretty awesome when you consider that it would require the average system administrator several days of frustration to set up even a small subset of what Streisand offers in its out-of-the-box configuration.
• Once your Streisand server is running, you can give the custom connection instructions to friends, family members, and fellow activists. The connection instructions contain an embedded copy of the server’s unique SSL certificate, so you only have to send them a single file.
• Each server is entirely self-contained and comes with absolutely everything that users need to get started, including cryptographically verified mirrors of all common clients. This renders any attempted censorship of default download locations completely ineffective.
• And much more

Sreisand is rich in features and before we get it installed, let us see the stuff it needs from us first.

Streisand Prerequisites

The following must be met before Streisand can be installed

• SSH key: Make sure an SSH public key is present in ~/.ssh/id_rsa.pub. We shall generate it in the installation steps. SSH keys are a more secure alternative to passwords that allow you to prove your identity to a server or service built on public key cryptography. The public key is something that you can give to others, whereas the private key should be kept secret (like a password).
• Packages: Streisand requires Git, and Python 3.5 or later
• The Streisand builder requires a Linux, macOS, or BSD system. Ubuntu on the Windows Subsystem For Linux (WSL) should work too.
• The Streisand existing or localhost server must be running Ubuntu 16.04 (I know!!)

We have been well acquainted with the information we need to build this house and we shall therefore jump into it by following the steps below. Note that we are going to use two machines to setup Streisand. One is our local server which should be running Linux or macOS or Ubuntu in WSL and the other is preferably a server purring in the Cloud in Amazon, Azure, DigitalOcean, Google Compute Engine, Linode, or Rackspace. The local server will be referred to as the builder server.

The reason for this is because Streisand is based on Ansible, an automation tool that is typically used to provision and configure files and packages on remote servers. Streisand automatically sets up another server with the VPN packages and configuration.

Our setup will be based on the following image

Step 1: Prepare Server and install all dependencies

In this step, we shall get everything we need for the entire installation process installed. Run the commands below to get everything ready on the builder server (your local machine)

-----Ubuntu-----

sudo apt-get update
sudo apt-get install git python3 python3-venv python3-pip python3-dev python3-setuptools python-cffi  libcurl4-openssl-dev -y

----- Fedora -----
sudo dnf update
sudo dnf install git python3 gcc python3-devel python3-crypto 
     python3-pycurl libcurl-devel -y

-----CentOS 7-----
sudo yum -y update && sudo yum install -y epel-release
sudo yum -y update && sudo yum install -y 
    git gcc python36-devel python36-crypto python36-pycurl 
    libcurl-devel

-----macOS-----
brew install python3

Step 2: Generate SSH Public Keys

We need authentication via keys between our local machine and the server sitting in the cloud. You can easily generate ssh keys as follows. Enter another file in which to save the key if you do not like the default. You can leave the passphrase empty.

$ ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vagrant/.ssh/id_rsa
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Rb1qJGIsTi9X wtVlCChmQbH9bXtSyI2fD8xjsDMtvk [email protected]    
The key's randomart image is:
 ---[RSA 3072]---- 
|    .... .ooo.   |
|     o.    ooo   |
|     .=   o o..  |
|    o.  o*....   |
|   o   oS %.o =  |
|    o o . oB *   |
|     o  .oo . =  |
|         ...   . |
|          ..E    |
 ----[SHA256]----- 

Copy the public key to the remote server

In order for authentication via keys to happen, we have to copy the public key we just generated above to the remote server where Streisand will be installed. To do so, run the ssh-copy-id command as follows.

$ ssh-copy-id @

##For example
$ ssh-copy-id [email protected]
[email protected]'s password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Now we are good to go. You can test if you can be logged in automatically without a password

$ ssh [email protected]
##For example
ssh [email protected]

Step 3: Clone Streisand’s repository and prepare for installation

On your local machine, clone Streisand’s repository and prepare to install the server

$ cd ~
$ git clone https://github.com/StreisandEffect/streisand.git
$ cd streisand

Run the installer for Ansible and its dependencies. The installer will detect missing packages, and print the commands needed to install them. (Ignore the Python 2.7 DEPRECATION warning; ignore the warning from python-novaclient that pbr 5.1.3 is incompatible.) If all packages it needs are present, it will proceed to install necessary tools it needs so that installation of Streisand goes smoothly

$ ./util/venv-dependencies.sh ./venv
Found a python3 command....
This system appears to be running Ubuntu or Debian. Checking
for critical packages.

Found: build-essential
Found: python3-pip
Found: python3-openssl
Found: python3-dev
Found: python3-setuptools
Found: python3-venv
Found: python-cffi
Found: libffi-dev
Found: libssl-dev
Found: libcurl4-openssl-dev
Found all critical packages.

In case you find any missing packages in the output, kindly install them depending on the environment your local machine is on.

Step 4: Install Streisand

While still in the same Streisand cloned directory, activate the Ansible packages that were installed in the previous step as follows

source ./venv/bin/activate

Then execute the Streisand script. You should see an output as shown below the command. Choose where your server sits. For this example, I will go with “Existing Server“

$ ./streisand

S T R E I S A N D  

Created new Streisand home directory: /home/vagrant/.streisand
Created new Streisand site vars file: /home/vagrant/.streisand/site.yml
Which provider are you using?  
  1. Amazon
  2. Azure
  3. DigitalOcean
  4. Google
  5. Linode
  6. Rackspace
  7. localhost (Advanced)      
  8. Existing Server (Advanced)
:8

What is the IP of the existing server: 172.25.166.153

THIS WILL OVERWRITE CONFIGURATION ON THE EXISTING SERVER.
STREISAND ASSUMES 172.25.166.153 IS A BRAND NEW UBUNTU INSTANCE AND WILL
NOT PRESERVE EXISTING CONFIGURATION OR DATA.

ARE YOU 100% SURE THAT YOU WISH TO CONTINUE?

Please enter the word 'streisand' to continue: streisand

Confirmed. Continuing

Do you wish to customize which services Streisand will install?
By saying 'no' Streisand will use the settings configured in /home/vagrant/.streisand/site.yml

Press enter to customize your installation:

Confirmed. Customizing Streisand services.


 [WARNING]: Found both group and host with same name: localhost

Enter the path to your SSH private key, or press enter for default  [~/.ssh/id_rsa]:
How many VPN client profiles should be generated per-service (min: 1 max: 20)? Press enter for default  [10]:
Enable DNS-based ad-blocking? Press enter for default  [no]:
Enable OpenConnect? Press enter for default  [yes]:
Enable OpenVPN? Press enter for default  [yes]:
Enable stunnel service (only allowed for OpenVPN)? Press enter for default  [yes]:
Enable Shadowsocks? Press enter for default  [yes]: 
Enable v2ray-plugin for Shadowsocks? Press enter for default  [no]: 
Enable SSH Forward User? (Note: A SOCKS proxy only user will be added, no shell). Press enter for default  [yes]:
Enable sshuttle? (Note: A full shell access user will be added) Press enter for default  [no]:
Enable tinyproxy? Press enter for default  [yes]:
Enable Tor? Press enter for default  [no]:    
Enable WireGuard? Press enter for default  [yes]: 
[BROKEN ON SOME PROVIDERS, including AWS] Enable DNS-over-HTTPS (cloudflared)? Press enter for default  [no]:

Once Ansible Play begins, pay key attention to the questions and options you will be required to input as the installation goes on. Sample installation progress output is shown below

PLAY [Prepare the new server for Ansible] ************************************************
TASK [Install Python using a raw SSH command to enable the execution of Ansible modules] ***
changed: [localhost]

PLAY [Try to detect Cloud providers for specific overrides] ******************************

TASK [Gathering Facts] *******************************************************************
ok: [localhost]

TASK [Install dmidecode to use for BIOS version detection] *******************************
 [WARNING]: Updating cache and auto-installing missing dependency: python-apt

 [WARNING]: Could not find aptitude. Using apt-get instead

ok: [localhost]

TASK [Try to determine localhost Cloud provider name from BIOS version] ******************
ok: [localhost]

TASK [Set BIOS name fact from dmidecode if possible] *************************************
ok: [localhost]

TASK [...Otherwise set unknown BIOS fact] ************************************************
skipping: [localhost]

TASK [Warn about manual provisioning of GCE instances] ***********************************
skipping: [localhost]

TASK [Find the external GCE IP from Google Metadata] *************************************
skipping: [localhost]

TASK [Set the Streiand IPv4 address to the GCE external IP: {{ streisand_gce_external_ip.stdout }}] ***
skipping: [localhost]

TASK [Warn about manual provisioning of EC2 instances] ***********************************
skipping: [localhost]

TASK [Find the external EC2 IP from Metadata] ********************************************
skipping: [localhost]

TASK [Set the Streiand IPv4 address to the EC2 external IP: {{ streisand_ec2_external_ip.stdout }}] ***
skipping: [localhost]

PLAY [Prepare the localhost for Streisand] ***********************************************

TASK [Gathering Facts] *******************************************************************
ok: [localhost]

TASK [set_fact] **************************************************************************
ok: [localhost]

TASK [Set the Streisand IPv4 address to the Ansible default: interface: eth0 address: 172.25.168.96] ***
ok: [localhost]

PLAY [Prepare the new server for Ansible] ************************************************

TASK [Install Python using a raw SSH command to enable the execution of Ansible modules] ***
changed: [localhost]
Do you have a fully qualified domain pointed at your Streisand server?

This is an optional question. If you have a domain that points to your
Streisand server, the installation scripts can request a Let's Encrypt
HTTPS certificate for you automatically.  If you do not provide one or
the request fails, a self-signed certificate will be used instead.

If you have just created a new cloud server in previous steps now is a
good time to point your fully qualified domain to your server's public
address. Make sure the fully qualified domain resolves to the correct IP
address before proceeding.

Please type your fully qualified domain below. Press enter to skip.
:
Which email address do you want to use as a contact for the Streisand
server's Let's Encrypt certificate?

This is an optional question. If you supply an email address Let's
Encrypt will send you important (but infrequent) notifications about
your certificate. These messages include any upcoming certificate
expirations, and important changes to the Let's Encrypt service.
The email provided will not be used for anything else or shared with the
Streisand developers.

Please type your contact email below. Press enter to skip.
: [email protected]
TASK [Set Streisand admin email] *********************************************************
ok: [localhost]

TASK [Enable Let's Encrypt role] *********************************************************
skipping: [localhost]

TASK [Disable Let's Encrypt role] ********************************************************
ok: [localhost]

PLAY [Collect diagnostics in case of error] **********************************************

TASK [diagnostics : Determine the git revision of the current Streisand clone] ***********
ok: [localhost]

TASK [diagnostics : Determine if there are untracked changes in the Streisand clone] *****
ok: [localhost]

TASK [diagnostics : Produce the diagnostics markdown file to share if there is an error] ***
changed: [localhost]

PLAY [Configure the Server and install required software] ********************************

TASK [Gathering Facts] *******************************************************************
ok: [localhost]

In case you experience the error provided below during installation

TASK [gpg : Refresh the Streisand GPG keyring with keyserver information] ***********************************************************************************

FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (10 retries left).
FAILED - RETRYING: Refresh the Streisand GPG keyring with keyserver information (9 retries left).

Do the following. Open “~/streisand/playbooks/roles/gpg/tasks/main.yml” file and look for line 89 and change the when filed to False

when: False

After that, update the OpenVPN Signing Key in “~/streisand/playbooks/roles/openvpn/files/openvpn_signing.key” and “~/streisand/playbooks/roles/test-client/files/openvpn_signing.key” with the latest one below. Backup the files and create new ones with the same name

$ vim ~/streisand/playbooks/roles/openvpn/files/openvpn_signing.key


-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBE45PsIBCAC2K2LRZPQIUmJlCDKcncfR6vok2wowDpGpHZffvEEoUj/DoocR
LLpPHR5RB1zMWIs2IjF8vOtXMCBguDgtEvQTh6p6DM3D1fTnYp3pPlQyyzAuC81v
CQo44h09R4Nh2e38oMRVztmAnacC4g5aiSEamrZ4PbWdAdPc4uZdCPOGmUDJw8 q
aAYvL/8pM7YqEu05FqE aNcG02K mDhA2bqRLLKoLEFpeMSO6vV8BrE7Vw1Rs1PM
VLDJt9HdXmC6vP WWqDuj7/qfRb2wwlSIp5 aFyRHOUNyFKnWZYIObeV3 Y6oG6h
gmBtU1673mHDqVy26TwfjpJeudMKHVCrKXVXABEBAAG0QVNhbXVsaSBTZXBww6Ru
ZW4gKE9wZW5WUE4gVGVjaG5vbG9naWVzLCBJbmMpIDxzYW11bGlAb3BlbnZwbi5u
ZXQ iQE BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCU B6sAUJ
C0rWWQAKCRCObai04VjFaU2sB/9eB1ZhA7u0o1XsiJpKcoEmcFS9EmYt RjeplJP
0ewYoGFOGbEupvBdhqg1tqBxFw046kAbbBxwxU6NCSSPsIRR7FMLzF7JbRmlJXJc
Frl2WZaAL9wwoGucpGhWITUaipCXOcAY74WYWIx01mx0RxK8uRIq8lhsC4LUzAmg
yA5H nbF7A7FLtl9EUpnpqhnOC44ANlTSDo0whcrUoGaTvaepJrecypzQupMKYvd
cnraVXjTIr11CEXD8TS56sm9A3LPZTWD7jytUeRCh0kdixFI7ax1tkqDYtELfWg8
0YRWmT30o/k5hMZKWF5uwddbebfPB3EVHUtxzrnsxHReEVZBiQFVBBMBCAA/AhsD
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBDDr9Oc8zmPu4STdJ45tqLThWMVp
BQJfH7LvBQkaTHWtAAoJEI5tqLThWMVpwLkH/19yyUYxqoh2M53G7YZ/Uo3ihHYN
Nt4fAx6uRA0DHnrGD83EH1oNO6yQ15UazKXOlLKix E3UN8rSP3eaZRoXusNpFZQ
o4CZ060fx5TJQk7d8N6mGpmLaf7rIZ9cjR9dtX3IY/c9PTryxPiJPkThg4GaZj0S
U3cpmWicK4EiRAhmPnNf1bI8qgdaEQTE8mnOFGTHmdwjKmg69P4r1AVO6GGTiPUl
2avInNDyQcDywRStmSYt1uXI0gTQGpO6tsqcu3GzO6I1qPGlssnKJEcRTYy3/SX 
6kD4QS5qnpWGaUjmTfNp1QNCgMkyEtXxG/Aj HO3AAUW1rLLEYLOSCQGB4SJARwE
EAEIAAYFAlVDl7cACgkQKwRyzuXQlJnMfQf9GhhvvpZzOSMqOSqlOwilr6Xoq H 
o4IyIc5UR7TlcxhuSu4PDmHXmINU3Qlm2SkmEMCjFvnqiQRPz2CEwgWPOOo5pGJ5
Y5aTXLJ 7CpFI2/vB6J2xFyq54gNxRnix n1 9OV90YowmzSMAgGdxo akx5WIAM
2zPIcN7/CoUDmXWBovvTqCwb/i2YrdiCpQwY76umTk5g8GwY8Rx371hqd469Z/Jq
iIAAW4RF7oT HjjGjpl9H5J/5Wr6SzPJ4I01UNdRJk/L p sGRAO6SUtuc3DWaMb
Yh9rQwuPO9NJJNIBF81j0WT2sA8/8GKm14ga4aL mApyjLW/xzr5WNR/WIkBHAQQ
AQgABgUCVm262gAKCRBBCW2ponOmIW PCAC4mTQ3lB1Q4TEBqMYmFAakNg4ZofBf
 dDDqoVdYz5SkgS7U62mXBRudzt2ww1esjnqN3snUtMl2S0yCNWDV1ut9xKedR8i
h1bs90vWOSTt13FXfgZuP6LksFq nhVSXKPkFgunFXJykUELYv/1gWxgCnDrlSh4
38bJZZzsYSfTuUGHPjQK9KGJPetoHKQVZNpM7EM0vLm FJwLrAzQTyVJyRiCV2ob
K5 CV3vgVkjU97STrcunVOwNqXzRH1YwzBRchnPxni0winSqos6oItTIOPDo3fDb
 JKv01fKpDX0xdKvpf5s4q484zZEKn /myHREagIwSaDZjLn1ZxfZZXWiQEcBBAB
CAAGBQJWeTLoAAoJEAwrK2U6ZdPRpxMH/1PxVwuyW4mKrpN34mI1QWnVBEWV8L4f
G0ejHrpZDWJw40Sqn/BThalqVJjt/SDzbBvyesjycd BmOjPIk10JIK89CNthfFd
ya4xPSxz6E5MbX/w1FPc4axhVqNUpy02rbbvl072tsd1m b0WMfq/ HbIU9Jm2ei
dEPdpp5OAJ3LZVam88IfvBRWgDp3NT37L1ZGoDsQXMlc4EP89vtxqH9Pc/wz66G2
WAK0h47WxnFXpwe5D3zY1Ysn FaUqJBSQgPE0HBAqh8lOGW67CcrqUZ9iJ/H8CpR
RhPOusKU4BDyUs1WmCA0u11VG4155g1Kbkm0TiPATFmKRmy9enFS09GJARwEEAEI
AAYFAlablJAACgkQULcymFDhYzLzrAf/ZYB9b Q/khDFbebl5vQMJ1olD5Phaynk
uL5tz8Jv 9QUIC9i/Jgj0U79JlbYdZ798E53ZQcPwixiAOW8kzrjOv3jXHCjpzNO
Tr9zKLxObTAoM53OEoB3xFMXm/LsTWnOjZDa3iRk8/toK3mhzPzqFYtVEyVSkWUI
3Lt/f8L52AeDenMAzoZWm5G7L0iZb3kYOau1hHA0lho4WE2EvIfkCXz aA47s4Mc
V3AZvmBaOk1iFVdUdAq5vNqpq9jvaGjojkhLEngTqtkAhoAcHbqu9yN1DzR6RovU
b6/cnlbES57nOd3C2EN6dKWWcVDDQbeBhP3vy fuDQiIkDjXeyMY5YkBHAQQAQgA
BgUCVr4ugQAKCRCoyBY CMzgYuXVB/9vao9PJD1tRPTtN0x 2Gr2VIXB5963Ghs4
NB2YrRpfl8FSHs8k6E4SASWMHxxPSy1ZvEZhCN4D/IzTOQBHoj8qlvO7ulVE3CfJ
OgwNrVMkq9muOk8HiexUweQpHnWVhtVSZkRSd0lXUntqVcGKo6Z98tnOqjGk2ngo
Ha01hMHuG 3argEq3NZNDEOjfbOTYFD4x1SVTS0 nM1btuMmVOuthno pURjcI5i
sIqA6sUdWKyil3UaV2ZvKDOBLyWJxjOKDB10cnCXd9y8O8wqnHX9uUf87JmGV1Xp
A84aWdOlh4 v8yMFxKYkPsDZBmUXeHuKkOodZ2H7ri67UQe6ia9wiQEcBBABCAAG
BQJYngo0AAoJECh/J03GgfleH4sH/1rt4VvZ YkqhDDylxo/YKlThqZQEeTTxLNu
wokx0rUxIp/5UG2JybJyBgnW/znHKnJa8XHKetyscWY3bDbNFXURyl8VWCGEcxMt
vw2EuQciWg9HyYMkQBl KRt QM/77kCLXMJZ3SyX1t0/vUSIq0VbRnt6gouUDr03
a6r7jhTOwR1qjYYn0ZmtaEkydBN3 qOfea49h1PfJagJUl8/jUk9C3KW1vV9KEtE
GbfcypCpDFibiMmwRoEzd6Anun/Et30CqgJ/zIXFZ9IIs2N/2RiAS4uVA8Wtc6pg
VdO0FcW9UxYVnQRgSk je1pu8glQzYJDHLHbwnUyt03aKXHb1kGJAT4EEwECACgF
Ak45PsICGwMFCQWjmoAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEI5tqLTh
WMVpSMkH/27eO9gHJ/FTLEk46RS8OOUmO9ZBycfzovkLvx1WNWGp14gzT2f3uBED
80sxW2lGSbE30GRhgDGQMfE/vCZrJ5SMjfA2olc9 FNPHZfP7FBnPXnxYTM2bbGz
BhRA/7YHj0lk8sPE ALS3kqgflEkJrLFkcxr3H8teudthxMQFaXG4burFjR6vTrx
knyYPlYMJc8XtQ6f6jHEysg693JyVmu0ShSe46XPIuTRv6CpAJxpDEyROiU2kKI5
GfjPOUzQLQn9UbZZQxZm2jjN8tod07ogX8IQOtT8sJ8 sXVkTt9bOoYkAJpIXfAQ
U/k7uvvo7FlktdS4k9BqIZpJ4Vq0XvGJAhwEEAECAAYFAlOHUyAACgkQpIWg7VG4
t8T1hg/8DDj9/KwjHTmbLstWaXypOXRzDMUMM9TMZAVD8darxsPqgFtWA6Bv431q
DAQnKPKI8RSi90VOOSv5LfDB8j20tHRH6hs1LVEfuQr7zfxuYh0MfqqiqtPv1BT7
3Oxa2ETNoLi LyzViM/E2bcTlygUrNM/h5T8T2YYWF7gbFtdhd991KCIsOUHKsOG
uVEo6lEvdgDZVs5SCnmsKgKAUKWD nK8O7pW2K/wxPKJGwiLaJh9w1gHu0Sx4d8C
pm 7iwzhAvJzoSFvVGkGAjbNsQze32Bn9yw85D0qLEMAOis6jDIzTcU3UODkl41j
 TKn W9Sv Ldyz5WchmGtdZF Gf20pFWRfPEso0NKFJ7PIcRPH38 wCNo2hg6lYq
 0xDnrGNjoHpmPCsiw82v/Zh05xhfb0bmIpRlB6wmA6OKvauRk8sMUHJ 4yk7Orq
upSWtzBc Rut89Zhba5IFm92uY3utAh EYnxoQEwTxgkfG6qZbhOlOPedHI/6gYx
Gwn1KsTl S00lttsYPpsACNq9u MCztKunbzoAMT6L3NBxItPAxR6u clPFglOId
Ks AO E2eqinhAJ2s1SXNRhshXTz3eF1edBRorvXiy0XfZoXG26s7LSUKyghzWtD
Pa91aVhyzEmgst3wX0xPvJNPadXrQF49lIPYlhMAHkEs1MS4Z1iJAhwEEAECAAYF
AlYmU4wACgkQBOrlbTWPQ08eVQ//RSzf93kYYsmUIMEGKzQDnEVSMitRD6IFeIme
dKF2VluG7nkmo7B3Q6GPsOPYEDVFJ5 ZoY/0gN5O64IA0PE 1w772mz1khifGpQ8
VeB9dcOpnclDJ6S/IYnuinUPvHoGo4JkaXAb0Yjrzp4iJjT4Fv2YmxZAFdCqMYp9
zR0QAcZSl mG6nAzhiC75BeIuLPlMDAPWRQkUL1tskB4Iu4ubX XZkq45VUBDAz2
14dTaA8y4/jhiNA61uCyLF5Xzx3h5qeO4Z64KMbVbwQ9GyDZjYETss1VWx2KseW6
1wbJKekDG4OnzCDHDqV31z2vrsaAtCsSM8IXgP9dl/WKd9oZODOFQggBJX2UM7nH
jv645noDQ3bW07DPC4WIItDxPWj7ocQs1caFAh3HEMnJvqX5yaXRHqNCT/2iRfgF
 TZJvygJuA28hhPV2RnuOesaTzFy2Ghd6iOqpXM8zzjfaDhs9BgE7wiB3jccwE08
UVVKkPYM1FpSJ4XupjHoShHi9POsMY2iD/QOAAOO HxeFGzSSJ3LMp1A5xi05rYx
UUceNIMJPpESxAbx9Suzb6wGp7HRjoBecFkHrIx4SFv0A3ZCN39TZYtMl eEBo61
qRrJgyWGRNb GIutWWpEMmzmq kDE 6qmsuDL4zZ6bF4AP//WtJPYeadQPCdFdv8
CWES182JAhwEEAEIAAYFAliZedsACgkQBZ5sZt7zN5ewYw//QJaLcPEyM5YuKccW
SNTDVAGjwB3TTy SbG3Ref1b6Jie7B4bYOdRYU2gzMeitv85q2mTeHUV2YAHOisq
LQhsXMp2 CYM9Is2/Qd2cX24y8geKhGxGdkViG2mnVMYhwprUHsJfP8EHDZOikin
r9UGYJn1lmD9LGEaRWBM11o 6a WKUk1MjmNBJydBlrGK4cr4PeoR7BEqQd7lTIq
iu3bVhY8VR5gObVwQjHW tmMvgUHpB78Z ZuOe24XDy7JPBJ5IJPKddYIp134sB3
WHiD6WuVWJeNLajBwal/zgLZJ20nNoS7TVOwcTV MIEXEQDfFwcyu1FT/gyjrmbW
7BuKspP7Gv0T3oTDGHjWfNAIB5FUa9NqzUq4s9B5Gj/i63AcdRcC3pm0lxlC7mmY
CsQIw7ZO5DV tZlaBqJQ4lb77P/PpbIEzc yRBjHjV9N6 0KOg81jnZWloSNqcCi
tenrpoRmz7zLldE4sLG04j7dRAl//ihonEEgczuiOstGNUKxuXTrDadJ7y8/WjtM
L8gq2MlbYIDhwBfB315WqsYNQdQ7vrRWQ88FakVsIIXR jKF4qP96VJ3Hj U2gMI
awxAVtDblMY6x Vh t6asXdnnJyhpzohWnSlRjCHlFpZ OmzGGMT/TZwtSKnsg1L
rPg3YFWAl4kwWCp9uHf3iCDIzP6JAhwEEAEIAAYFAll3XHsACgkQ2zYzDZ7HxlVA
5g/ MKtdZNJBsZzt30Xrf27x7YcPnU9u99Cha2pOigv76hrADKAugwV64yq52p v
WPcZLbeqGydxKzfNH4SKZ1QrjDFE9ynK1LbpjEZOnka61qxdBAeekBDImdtBbBVY
75faCr5Zge814Aw1/4m/y3Ua7s9I2PHGUHQaUTZiA2mU3Dex3YjaGH2ZdatmEo4q
iBBslHdiddukfzc30WCQtz1dDKs1UIuwsCNm527vwEajkn QjdWggtVAHAr6EfLY
l0JnGL2sgngtduFhhUssuZ8nT RVCTR9O19og2ahumRMYAzaIIKDQx r/yjEGLRT
thlSRsY2jkkpY2qfJ4ygID1PRbx4Jg7FL915il4F9l5BtKEXQr3ESs9iXYJvDe7l
/2bmULQAzK41jMkVmw8dWrk/gmTSVLMoNFopdCKcUA8 PTOTh5Nk7KFWzLXe9yiP
BZ2KgTFjq8dQZeu2aeiF0VrAIe6GlmAIfM9ojOkWRiK8iP xShY260 qXsGHr2Tl
T2ePaGeFI3sdV roVie4OcwiDP61ZF7mgXjS p PV5BrYvEiKHNy/OZnJ 8icEqN
N BhfCwkv5Zon/pck9i0FsX8H0DqpxQhEO9nyhQ/6t85SGiggYPKcOq34Siy0Chb
z2x6nmkTD9UL3//OPHQdGoTPW8CoEYnblBpaJBAc9d1x2 mJAjMEEAEKAB0WIQQZ
GDXtDq7GNipHOpJcG46CuAMPygUCWRyzUQAKCRBcG46CuAMPyu6wEACmGB3L7nkV
tWXzghepHxtRb95eATbUcDSKp5UkHFFVAABsvavUy1WsHQdIgcoByxNUcDiJ3E0p
uyRMOd1Tbp16RYZeBXLht6o1qYji2sMR 7ju9BpHBooBTyWXPDx97bUGeOSwLdo3
pKsuk30jeLD/rYqS63k0d5dk2Tfxgek1FPKGwZWCGF2WJnfI4eDN3YnAt4gKlIeL
GjvdXcfQ2ZCNp4WW9Uzh6MrXvBvzUAmCNopEM2B4zHbnvXc7fEHCdH mMCVblCiM
kbMbIEjO3YInahT2E0F7LeQjBarpQjTgz5dFSJqXawuMM2A051Cn3/1D3A88ecpa
cN2hqwsmoQ269xt 4wsNjFxf7p8j5aCD4lvBFv7A6f6RbbCkDpT1ilcVRqficT3H
1mWMVMCEfOhliZeBWGyXz3ZCzCNPxFWsPAF5QYAiTIEEKFdbWTUv/GF9/6uPv/c 
DT2NuGJ3/6BL7dsSJq/u0FZ28RIYvGpWDGB8EDuoMG02jLbPAETLTTlT8F2p8YN0
nv/65oUXY/vYNJGuR4 yU7zFunkASbac6VwQfmelc81AUh0k v7j6/f1vF  YQR1
 oeuXUMthYCpiTtGhWOvZZ/yTNwXw83HIYSoyjnJVWYxLZ4di56rR5UozRhHyQwD
Us3pMHa9RazC2yNU01biRBaQ4uoHMSthB4kCMwQQAQoAHRYhBNwe38uA0tosjq6u
IkljV0IYaftsBQJZLKjfAAoJEEljV0IYaftsScMP/0b32LbZJl27X37cfHkwr5v7
XHkqkpYPmmiFpmMmnnfk2GqWmOT09Sjy5uAdMxCNz0Z Lp15NMS33 73me 7u83R
Qg8ecycxOQETq 1tFzy3gBeqIByJKSCJRSjStBlkks3reLoOmWbKGyaE9eHG40z7
4gMKnTv2Su6koVH0aMK0Q4kjdGUO7lec5EMfg2H2oI5m/PW/uSxxJHot5bk e2UH
2zafxpcsFeI6DcBZPiPof5r5m/xGGDA6ZkehtBNnP4aAwEDdpzLJ5CBVDrTyszkn
i15BoAZPWtMnVPI6xnrZ/ae0B7T8/1THluHXb0hZTOhdmDEHEjYRIte3oXPkTkke
BGB2uqx327nwo2brETs3rtdbkvOGIFtbsoxVCnM0qKBOswkvkFX/6ijNFBpi1ekR
ejOxaJvuhpt4ttGrABO8Beh/CpjUbmzYtTgU4CztL/ aIMEG0DDfZipG/lpsktvP
It/RU4OVK6dDaLeEmAX4jYtPwAOLhGZ43xwclMnNgeSIT3CAYXMXWNFe3PPQ2A/H
jA9U40kO1SMbu7IQJJ2kZWS7/rQEQzBbYfpWcD9fy4 sKTFgLJDBRXhla553sz97
KiyaTH0t zb5dkUv619BRhLrmkbQiriy0n9a7p3upUAoGFNp3eAO/qG2JLMw/Ayv
RNK zKVfI6cu3wj6gBVliQEzBBABCAAdFiEE i7gS9aI2i6nUmgujfzQ7qCqWiAF
AlxWtEcACgkQjfzQ7qCqWiCIGQf/bjV3okhvC8RZr6o qd pOcwjEjEGQy gP898
gq50yVcq2ZKeqZWMqk7UFnUr/CPToUpJ7Or3jbgc4Fv8lP4UGifts 7AurCVfyP9
ABXeAO5EPKcCWeKEmmulMBAntyCv kUg wC1bGX CbLpIVfz4ipkGsHUrdsNDTPJ
a3dZwT8IokX BPqW4x5ZNug2ay7dw1hGPBT96AeSLC/KYtyVynRCISfSOVD0MUgq
T3It0nKm0GgX6700ZxXgk6z/ApFniQjq1sF/Y3r3Acp6n r3kvzBgw7j4 o/EtQK
yXq5jHeNlKIRZK7 TkmmHmCVDY1sRC6XIRINERXlq8WEFUxBRLkBDQROOT7CAQgA
6D4GOTxadvt9tvAEMNRqUuwgSAVSGytIsPlVVgHy06rt2OyFySn/cvB RKyZTMS1
cxfEhsNQ43W9sJBdmVAN7sTu5jkoU1bKLj5QnAsyuz6ip9525TMPFD6 ir/o0aX7
aiWp3q9P9z 49v9E9mk52CgSSoUQ5MxFXPQNnADLPJgRYGvAMQI1sS2p58ws8hpQ
ZTNm9RzzQj4xgvoDNF7 60hZwGdnafJ1nRK9YpEnSU6zr17oqgVV4TlBfOZNeSPN
JtH143cAObaPQSMuem3/NHiEXyziXgct1F1Kfju0B29qGw1 BaY5 JAPxu2e7wOI
yIkx3wilWxlf/MIltJQKFwARAQABiQElBBgBAgAPAhsMBQJT4HruBQkLStanAAoJ
EI5tqLThWMVpYygIAKtajtTPqp556oANXzAJTjZlsDYlbKeWk5F13MUeQSB1ELZA
1Df0/hybke9lfl3kHTm9DQRSBpUq u9FD0Cg5GKGsYwjFJzYfBi7npKBhZyhADQe
bSk0lkuF0wJewVRZ1t6h6xcTqTGj982Bw3h40zt5AUFEdRiBUcXHGNP9Nwx/u7vV
w3Ccu5z64/LrDSnrM1FhZ/KLoEsctM KHWG CNcq1WhOfjPnmF7pEp RH2cZ7mzG
KPHNbvuAqsK8QgTJ3FuRaMw80oRCHsO4S/zdUXXRX1Qp5lxnpIBCoRsRJr/Ez1Wd
hEJRD9MKIO 7IvEQMmqDidI5FK J4OqMUv 0EpmJATwEGAEIACYCGwwWIQQw6/Tn
PM5j7uEk3SeObai04VjFaQUCXx zTwUJGkx2DQAKCRCObai04VjFaeXdB/0eH/mN
40u2RhftN0Ntj5cB3ILpK7tR8cPkQrlvyZAmwVkTUY7LDZ/Rqmc809B26qF3M2Lz
8cC66PrFY9f3y/uWc1QRqKg9GjZM85AS2BRzT LMycuRiYq1S V1p2xQglgKv3q 
lrgzQDJ4QCszdCZVl0lufAqKlOuCcisBnTdLacjM/88pZh1ukzwvKm97yQjWpfFm
HLKKA/RgtbR/qINmdUsXoDS1ZYDMyzHbZ6x8YJOZsPzgPBS9uqN8AwMHz4AGgmEi
/eD5PDgVMzburMXNLNxFFLT6cVUCULTozKBfTp/bncEOHf4l OG3Vgwe1RVdxU3c
VHxVxJNKrv1//EX/
=qIrL
-----END PGP PUBLIC KEY BLOCK-----

This is a fix after an issue was raised in this GitHub Page. You can review it.

At the same breath, in case you want Wireguard installed, its packages are part of standard repositories so you will have to comment lines 7 through 13 of “~/streisand/playbooks/roles/wireguard/tasks/install.yml” file as illustrated below.

---
- name: Determine the running kernel release
  command: uname -r
  register: kernel_release

#- name: Add the WireGuard PPA
#  apt_repository:
#    repo: 'ppa:wireguard/wireguard'
#  register: wireguard_add_apt_repository
#  until: not wireguard_add_apt_repository.failed
#  retries: "{{ apt_repository_retries }}"
#  delay: "{{ apt_repository_delay }}"

- name: Install the WireGuard packages
  apt:
    package:
      - linux-headers-{{ kernel_release.stdout }}
      - linux-headers-generic
      - wireguard-dkms
      - wireguard-tools

Or else, you will get this error

TASK [wireguard : Add the WireGuard PPA] *****************************************************************************************************************************************************************
FAILED - RETRYING: Add the WireGuard PPA (10 retries left).
FAILED - RETRYING: Add the WireGuard PPA (9 retries left).
FAILED - RETRYING: Add the WireGuard PPA (8 retries left).

Then re-run the ./streisand command once again.

$ ./streisand

When everything is over, you will see the final TASK message as:

TASK [streisand-gateway : Success!] ***********************************************************************
[streisand-gateway : Success!]
Server setup is complete. The `vagrant-dev.html` instructions file in the generated-docs folder is ready to give to friends, family members, and fellow activists. Press Enter to continue.:

Step 5: Configure your clients

Once Streisand completes installation, you will find complete instructions to setup clients in “~/streisand/generated-docs” directory. Especially in “vagrant-dev.html” file. Below the file, you will also find how to login to your streisand instance where you will get the same documentation.

Login by pointing your browser to https://IP-or-FQDN of your server. You will get a login prompt. Enter the username and password found at the bottom the file

And you will be ushered into the documentation page. Therein you will find various ways that you can connect to your Streisand Gateway server using various clients.

References: Streisand GitHub Page

Concluding Remarks

Once you connect to your Streisand Gateway server, your IP is protected and you can access restricted content found in other countries. Get naughty this festive season by installing Streisand which incoporates Ansible in its installation and see the results that you will get. As you celebrate with the ones you care about, we continue to appreciate your relentless support and we wish you a marvelous time. Do not forget to keep safe.

Other guides that pop your eyes include:

Install and Configure Pritunl VPN server on Ubuntu

Connect To VPN Server with Cisco AnyConnect from Linux Terminal

The Necessity of Installing a VPN both on Computer and Smartphone

Install and Configure OpenVPN Server on RHEL 8 / CentOS 8

Algo VPN – Setup a personal IPSEC VPN in the Cloud