{"id":13775919,"url":"https://github.com/samuelhbne/vpn-launchpad","last_synced_at":"2025-05-11T08:34:25.583Z","repository":{"id":162338042,"uuid":"101759159","full_name":"samuelhbne/vpn-launchpad","owner":"samuelhbne","description":"Build VPN server on AWS EC2 with QR code support. Build SOCKS/HTTP/DNS proxy locally. Support Ubuntu, OSX and Debian variants like Raspbian.","archived":false,"fork":false,"pushed_at":"2022-12-03T14:39:32.000Z","size":507,"stargazers_count":41,"open_issues_count":1,"forks_count":5,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-03T17:12:21.193Z","etag":null,"topics":["aws","brook","cloud","docker","l2tp","qrcode","raspberry-pi","shadowsocks","trojan","v2ray"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/samuelhbne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-08-29T12:34:14.000Z","updated_at":"2024-04-23T12:51:53.000Z","dependencies_parsed_at":"2024-01-07T22:47:41.239Z","dependency_job_id":"6b5a2ab1-a315-4945-bd0d-d46aea4a86c2","html_url":"https://github.com/samuelhbne/vpn-launchpad","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samuelhbne%2Fvpn-launchpad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samuelhbne%2Fvpn-launchpad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samuelhbne%2Fvpn-launchpad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/samuelhbne%2Fvpn-launchpad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/samuelhbne","download_url":"https://codeload.github.com/samuelhbne/vpn-launchpad/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225031371,"owners_count":17410053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","brook","cloud","docker","l2tp","qrcode","raspberry-pi","shadowsocks","trojan","v2ray"],"created_at":"2024-08-03T17:01:54.476Z","updated_at":"2024-11-17T11:30:34.926Z","avatar_url":"https://github.com/samuelhbne.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"d03d494700077f6a65092985c06bf8e8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"cb16466a31a167bb61f39e2a4a85f449\"\u003e\u003c/a\u003eShadowsocks"],"readme":"# VPN Launchpad\n\nEC2 VPN server builder with multiple VPN support including L2TP, Shadowsocks, V2ray, Brook and Trojan.\n\nWorks in Ubuntu(Xenial and above), Mac OSX(Yosemite and above) and Debian(Buster and above) variants including Raspbian. Running in Windows with dind (Docker in docker) container is possible, but not yet verified.\n\n![docker-build](https://github.com/samuelhbne/vpn-launchpad/workflows/docker-buildx-latest/badge.svg)\n\n## How it works\n\nCommand vlp creates EC2 instance with VPN services installed out of box. Command lproxy creates proxy (SOCKS/HTTP/DNS) container running locally on your PC, Mac or Raspberry Pi, which tunneling all traffic through the VPN server on EC2. AWS account ID/key are necessary.\n\n## Quick start on Ubuntu / Debian(Buster) / Raspbian\n\n### 1. Dependencies installation\n\n```console\n$ sudo apt-get update; sudo apt-get install docker.io git dnsutils curl whois\n...\n$ sudo usermod -aG docker `whoami`; exit\n```\n\nNote: It is necessary to log out current session and back to get docker group setting take effect.\n\nNote: For Raspberry Pi users, please update to Raspbian Buster before Docker installation as Docker version earlier than 18.09 is not supported any more.\n\n### 2. Initialize AWS credential and VPN server region\n\n```console\n$ git clone --recurse-submodules https://github.com/samuelhbne/vpn-launchpad.git\n$ cd vpn-launchpad\n$ ./vlp init\nAWS Access Key ID [None]: INPUT-YOUR-AWS-ID-HERE\nAWS Secret Access Key [None]: INPUT-YOUR-AWS-KEY-HERE\nDefault region name [ap-northeast-1]:\nDefault output format [json]:\nDone.\n$\n```\n\nNote: './vlp init' need to download docker image(about 100MB) during the 1st time execution. However hub.docker.com might be 'throttled' mysteriously in certain country. Please try './vlp --from-src init' instead to build the docker image from source in case './vlp init' stuck on downloading over 10 minutes without progress.\n\n### 3. Build VPN server on AWS\n\n```console\n$ ./vlp build --without-random --with-sslibev\n...\nShadowsocks-URI: ss://YWVzLTI1Ni1nY206U1NTTElCRVYtUEFTUw==@13.231.224.253:28388#VLP-shadowsocks\n...\nScan QR code above from Shadowsocks compatible mobile app to connect your mobile phone/tablet.\nDone.\n$\n```\n\n![QR code example](https://github.com/samuelhbne/vpn-launchpad/blob/master/images/qr.png)\n\n### 4. Connect from your mobile phone\n\nScan the QR code generated above from Shadowsocks compatible mobile app ([Shadowrocket](https://itunes.apple.com/au/app/shadowrocket/id932747118) for iOS or [Shadowsocks](https://github.com/shadowsocks/shadowsocks-android/releases) for Android etc.) to connect your mobile phone/tablet and enjoy.\n\n### 5. Build local proxy on Ubuntu / Debian(Buster) / Raspbian [optional]\n\nPlease jump to step 8 if PC/Mac browser connection is not your goal.\n\n```console\n$ ./lproxy build v2ray\n...\nSetting up local proxy daemon...\nDone.\n\nStarting up local proxy daemon...\nDone.\n\nWait 15s for local proxy initialisation...\nDone.\n\nLocal proxy is running.\n\nVPN sever address: 13.231.224.253\n\nChecking SOCKS5 proxy on 127.0.0.1:1080 TCP ...\ncurl -sSx socks5h://127.0.0.1:1080 https://checkip.amazonaws.com\n13.231.224.253\nSOCKS5 proxy check passed.\n\nChecking HTTP proxy on 127.0.0.1:8123 TCP ...\ncurl -sSx http://127.0.0.1:8123 https://checkip.amazonaws.com\n13.231.224.253\nHTTP proxy check passed.\n\nChecking DNS server on 127.0.0.1:65353 UDP ...\ndig +short @127.0.0.1 -p 65353 twitter.com\n104.244.42.1\n104.244.42.193\nChecking 104.244.42.1 IP owner ...\ndocker exec -it proxy-sslibev whois 104.244.42.1|grep OrgId\nOrgId:          TWITT\nDNS server check passed.\n\nDone.\n$\n```\n\nNote: './lproxy build' need to download docker image(about 90MB) during the 1st time execution. However hub.docker.com might be 'throttled' mysteriously in certain country. Please try './lproxy build --from-src' instead to build the docker image from source in case './lproxy build' stuck on downloading over 10 minutes without progress.\n\n### 6. Browser configuration [optional]\n\nNow modify connnection settings for [Firefox](https://support.mozilla.org/en-US/kb/connection-settings-firefox), [Safari](https://support.apple.com/en-au/guide/safari/set-up-a-proxy-server-ibrw1053/mac) or [Chrome](https://www.expressvpn.com/support/troubleshooting/google-chrome-no-proxy/) according to the proxy port settings given above.\n\n### 7. Stop and remove local proxy container from Pi box after surfing [optional]\n\n```console\n$ ./lproxy purge\nLocal proxy found. Purging...\nDone.\n$\n```\n\n### 8. Terminate VPN server instance from AWS after surfing\n\n```console\n$ ./vlp purge\n...\nWaiting Instance shutdown...\nDone.\n\nRemoving Security Group of vlp-bionic...\nSecurity Group Removed.\n\nDeleting SSH Key-Pair of vlp-bionic...\nDone.\n$\n```\n\nNote: Terminating VPN server instance from AWS after surfing is always recommended. It removes the potential trails from cloud to protect your privacy as well as reduces the cost for AWS service hiring in case you are not AWS free tier user.\n\n## Quick tour for getting AWS account ID and key\n\n1. Create an new AWS free account [here](https://aws.amazon.com/) if you don't have. I'm not affiliate.\n2. Login into [AWS IAM console](https://console.aws.amazon.com/iam/) with your account.\n3. Click \"User\" from left side then click \"Add user\" button on the top\n4. Input the \"User name\" and tick \"Programmatic access\" box below\n5. Click \"Next: Permissions\" button\n6. Click \"Create group\" button\n7. Fill \"Group name\" with \"vlpadmin\" and tick \"AmazonEC2FullAccess\" selection box which on the top of the policy list\n8. Click \"Create group\" blue button at the bottom right of the page.\n9. Tick the \"vlpadmin\" selection box in \"Add user to group\" page\n10. Click \"Next: Tags\", click \"Next: Review\" then click \"Create user\" button\n11. Click \"Show\" link\n12. Now you get the \"Access key ID\" and \"Secret access key\" that necessary for vpn-launchpad running\n\nFollow the [official AWS doc page](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for more details\n\n## Full command Usage\n\n### VPN server management\n\n```console\n$ ./vlp\nvlp [--from-src] \u003ccommand\u003e [options]\n  --from-src            -- Build dependency container from source rather than docker image downloading\n    init                -- Init aws account credential.\n    build               -- Build VPN server.\n      --from-src        -- Build VPN server from source rather than docker image downloading\n      --with-brook      -- Build VPN server with Brook services installed\n      --with-l2tp       -- Build VPN server with L2TP services installed\n      --with-v2ray      -- Build VPN server with V2Ray services installed\n      --with-trojan     -- Build VPN server with Trojan services installed\n      --with-sslibev    -- Build VPN server with Shadowsocks services installed\n      --with-random     -- Build VPN server with VPN passwords randomisation.\n      --without-random  -- Build VPN server without VPN passwords randomisation.\n    status              -- Check VPN server status.\n      --with-qrcode     -- Print Shadowsocks and V2Ray connection QR Code.\n    purge               -- Destory VPN server instance.\n    random              -- Randomise VPN passwords.\n    ssh                 -- SSH login into VPN server instance.\n```\n\n### Local proxy management\n\n```console\n$ ./lproxy\nlproxy \u003ccommand\u003e [options]\n  build            -- Build local proxy container.\n    --from-src     -- Build local proxy container from source rather than docker image downloading.\n      brook        -- Build local proxy container that connect to VPN server via Brook connector\n      sslibev      -- Build local proxy container that connect to VPN server via Shadowsocks connector\n      trojan       -- Build local proxy container that connect to VPN server via Trojan connector\n      v2ray        -- Build local proxy container that connect to VPN server via V2ray connector\n  status           -- Check local proxy container status.\n  purge            -- Destory local proxy container.\n```\n\nNote: Please build VPN server before local proxy building.\n\nNote: Component depency fetching from golang.org is necessary during the progress of building v2ray/brook with '--from-src' switch. However, golang.org access might be blocked in cetain country hence lead to the consequent building failure. Please remove '--from-src' switch (which means build from docker hub images fetching) if that is your case.\n\n## VPN server configuration\n\n### Password, encryption method and listening port configuration for Shadowsocks server\n\n```console\n$ cat server-sslibev/server-sslibev.env\nSGTCP=\"28388\"\nSGUDP=\"28388\"\nSSPORT=\"28388\"\nSSPASS=\"SSSLIBEV-PASS\"\nSSMTHD=\"aes-256-gcm\"\n$\n```\n\nNOTE: Please ensure SGTCP/SGUDP and SSPORT are the same value to guarantee that AWS enabled the specific TCP/UDP port for incoming connection which server-sslibev service listened.\n\nNOTE: Please run './vlp purge; ./vlp build' to get the new Shadowsocks server configuration applied.\n\nCredits to [shadowsocks-libev](https://github.com/shadowsocks/shadowsocks-libev)\n\n### UUID, V2RAYAID, V2RAYLEVEL configuration for V2Ray server\n\n```console\n$ cat server-v2ray/server-v2ray.env\nSGTCP=\"10086\"\nV2RAYPORT=\"10086\"\nV2RAYUUID=\"2633f6b5-0032-4f9e-ae1d-c21d9010cd27\"\nV2RAYLEVEL=\"1\"\nV2RAYAID=\"64\"\n$\n```\n\nNOTE: Please ensure SGTCP/SGUDP and V2RAYPORT are the same value to guarantee that AWS enabled the specific TCP/UDP port for incoming connection which server-v2ray service listened.\n\nNOTE: Please run './vlp purge; ./vlp build' to get the new V2Ray server configuration applied.\n\nCredits to [V2Ray](https://github.com/V2Ray/v2ray-core)\n\n### Fake domain, Duckdns domain, Duckdns token, Trojan password configuration for Trojan server\n\n```console\n$ cat server-trojan/server-trojan.env\nSGTCP=\"443:8443\"\nTRJPORT=\"443\"\nTRJPASS=\"TROJAN_PASSWORD\"\nTRJFAKEDOMAIN=\"www.microsoft.com\"\nDUCKDNSTOKEN=\"6ad424a4-1cc3-4cf7-87ec-0f61ce2c9416\"\nDUCKDNSDOMAIN=\"myduckdomain\"\nDUCKSUBDOMAINS=\"wildcard\"\n$\n```\n\nNOTE: You need to register a free domain name on duckdns.org first.\n\nNOTE: Please replace DUCKDNSTOKEN with the token obtained from the top of your duckdns.org home page after login.\n\nNOTE: Please replace DUCKDNSDOMAIN with the domain name you registered on duckdns.org.\n\nNOTE: Please run './vlp purge; ./vlp build' to get the new Trojan server configuration applied.\n\nCredits to [Trojan](https://github.com/trojan-gfw/trojan)\n\n### Username, password and pre-shared secret configuration for Softether L2TP server\n\n```console\n$ cat server-softether/server-softether.env\n...\nPSK=YOUR-SHARED-SECRET\nUSERS=user0:pass0;user1:pass1;\n...\n$\n```\n\nNOTE: Please run './vlp purge \u0026\u0026 ./vlp build' to get the new L2TP server configuration applied.\n\nCredits to [Tomohisa Kusano](https://github.com/siomiz/SoftEtherVPN) and [SoftEtherVPN](https://github.com/SoftEtherVPN/SoftEtherVPN)\n\n## Local proxy configuration\n\n### SOCKS/HTTP/DNS port for local proxy\n\n```console\n$ cat proxy-sslibev/proxy-sslibev.env\nSOCKSPORT=\"1080\"\nHTTPPORT=\"8123\"\nDNSPORT=\"65353\"\n$\n```\n\nNOTE: Please run './lproxy build' to get the new Shadowsocks client configuration applied.\n\nCredits to [shadowsocks-libev](https://github.com/shadowsocks/shadowsocks-libev)\n\n## Before running\n\nDocker installation is necessary for running vlp and lproxy. curl and dig will be used by 'lproxy status' for connection test and diagnosis but not compulsory.\n\n### Dependencies installation for Ubuntu / Debian(Buster) / Raspbian\n\n```console\n$ sudo apt-get update; sudo apt-get install docker.io git dnsutils curl whois\n...\n$ sudo usermod -aG docker `whoami`; exit\n```\n\n### Docker installation for Mac OSX\n\n\u003chttps://store.docker.com/editions/community/docker-ce-desktop-mac\u003e\n\n## Connect to the VPN server via Shadowsocks/V2Ray/Trojan protocol from mobile devices\n\nBoth \"vlp build\" and \"vlp status --with-qrcode\" spit QR codes (for Shadowsocks, V2Ray and Trojan) to facilitate the connection from mobile devices via QR supported app like [Shadowrocket](https://itunes.apple.com/au/app/shadowrocket/id932747118) for iOS, or [Shadowsocks](https://github.com/shadowsocks/shadowsocks-android/releases), [v2rayNG](https://play.google.com/store/apps/details?id=com.v2ray.ang) and [Igniter](https://github.com/trojan-gfw/igniter/releases) (QR code scanning is unavailable so far) for Android. Simply scanning the QR code from these apps will create a new connection entry. Connect to it and Enjoy.\n![QR code example](https://github.com/samuelhbne/vpn-launchpad/blob/master/images/qr.png)\n\nAll credits to [qrcode-terminal](https://www.npmjs.com/package/qrcode-terminal)\n\n## Connect to the VPN server via L2TP\n\n\u003chttps://www.softether.org/4-docs/2-howto/9.L2TPIPsec_Setup_Guide_for_SoftEther_VPN_Server\u003e\n\n## Cleaning Before upgrading\n\nImage/container names may changed after upgrading. Please do the following before upgrading:\n\n1. purge VPN server(s) and local proxy container you previously created via 'vlp' and 'lproxy';\n2. Stop and remove existing vpnlaunchpad and lproxy containers;\n3. Remove existing vpnlaunchpad and lproxy images.\n\nPlease follow the instructions here to do the cleaning:\n\n```console\n$ ./vlp purge\n...\n$ ./lproxy purge\n...\n$ docker stop `docker ps -a|grep samuelhbne|awk '{print $1}'`\n$ docker rm `docker ps -a|grep samuelhbne|awk '{print $1}'`\n$ docker rmi `docker images |grep samuelhbne|awk '{print $3}'`\n```\n\n## Running in dind (Docker in Docker) container\n\nIt is possible to run vpn-launchpad in dind container if Ubuntu is not your option. The following instructions will start a dind container with necessary local proxy port mappings, install package dependencies inside the container, create a non-root user with docker service access, and start vlp/lproxy consiquently.\n\n```console\n$ docker run --privileged --name vlpdind -p 1080:1080 -p 8123:8123 -p 65353:65353 -d docker:stable-dind\n$ docker exec -it vlpdind sh\n/ # apk add bash shadow git curl bind-tools whois\n/ # adduser -s /bin/bash -D vlp\n/ # usermod -aG root vlp\n/ # su - vlp\n72d645e47cb2:~$ git clone https://github.com/samuelhbne/vpn-launchpad\n72d645e47cb2:~$ cd vpn-launchpad/\n72d645e47cb2:~/vpn-launchpad$ ./vlp init\n72d645e47cb2:~/vpn-launchpad$ ./vlp build --without-random --with-v2ray\n72d645e47cb2:~/vpn-launchpad$ ./lproxy build v2ray\n...\n```\n\n## FAQ\n\n[Frequently Asked Questions](FAQ.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamuelhbne%2Fvpn-launchpad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsamuelhbne%2Fvpn-launchpad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsamuelhbne%2Fvpn-launchpad/lists"}