How I ran Outline VPN on Vultr

4 min read

Outline is the simplest way to run and manage your own server.

Single command setting up on the server and the rest managing in going on Outline Manager GUI. Then you can create any number of access keys and use them on computers, phones and tablets — Outline app is available almost on each platform.

Yes, it is the easy, but the last time I spent a lot of time by missing one thing — VPS internal firewall.

Get the VPS

Let's imagine that you know how to create an account, choose the VPS configuration and OS. I believe you know what to do. Just get the server. You can use Vultr (ref link to say me thank you).

I have got the the nearest place with the cheap metal, no backups or etc. Ubuntu 20.04.4 on board. 6$ per month for the moment.

Let's skip the part where you trying to connect to your server.

Outline installing

Well, Outline Manager says that you need to run just a single command on the server. Okay, go:

sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh)"

You will be asked once to allow installing Docker.

> Verifying that Docker is installed .......... NOT INSTALLED > Would you like to install Docker? This will run 'curl https://get.docker.com/ | sh'. [Y/n] > Installing Docker ........................... OK > Verifying Docker installation OK ............... > Verifying that Docker daemon is running ..... OK > Setting PUBLIC_HOSTNAME to external IP ...... OK > Creating persistent state dir ............... OK > Generating secret key ....................... OK > Generating TLS certificate .................. OK > Generating SHA-256 certificate fingerprint .. OK > Writing config .............................. OK > Starting Shadowbox .......................... OK > Starting Watchtower ......................... OK > Waiting for Outline server to be healthy .... OK > Creating first user ......................... OK > Adding API URL to config .................... OK > Checking host firewall ...................... OK CONGRATULATIONS! Your Outline server is up and running. To manage your Outline server, please copy the following line (including curly brackets) into Step 2 of the Outline Manager interface: {"apiUrl":"https://111.11.111.111:1111/secretstring","certSha256":"anotheronelongsecret...string"} If you have connection problems, it may be that your router or cloud provider blocks inbound connections, even though your machine seems to allow them. Make sure to open the following ports on your firewall, router or cloud provider: - Management port 5555, for TCP - Access key port 22222, for TCP and UDP

You will be asked to copy JSON key to set up the server in management GUI.

But you also need to check these two ports. For example: 5555 and 22222 (management and access). And you can ignore this check until you get this error:

Unable to connect

Don't worry, I've already done enough.

This way you need to check firewall rules. If your provider does not block any ports and if company who cares your VPS also gives you full flexibility then you need to check internal VPS's firewall rules. And there is a solution.

Utility ufw — program for managing a netfilter firewall — should help you.

Mine status was:

[email protected]:~# ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6)

These lines mean that only 22 post is available to get connections.

Of course it was only for the security purposes by default (at least on Vultr). Many of your ports are being 'filtered'. This indicated that a firewall within your OS is blocking these ports. 

Then we need to expose two ports from the end of installing. Do you remember them?

Run ufw allow <port> for each port and check the result.

[email protected]:~# ufw allow 5555 Rule added Rule added (v6) [email protected]:~# ufw allow 22222 Rule added Rule added (v6)

Then your Outline Manager will be able to connect to the server.

Now you can create a key.