streisand
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
Top Related Projects
Set up a personal VPN in the cloud
OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Quick Overview
Streisand is an open-source project that sets up a new server running multiple VPN services and protocols, including OpenConnect, OpenVPN, WireGuard, and Shadowsocks. It's designed to create a personal VPN server quickly and securely, with the goal of bypassing censorship and ensuring privacy.
Pros
- Easy to set up, with automated installation scripts
- Supports multiple VPN protocols, offering flexibility and redundancy
- Includes built-in security features and best practices
- Provides detailed instructions for connecting to each service
Cons
- Requires some technical knowledge to set up and maintain
- May be overkill for users who only need a single VPN protocol
- Regular updates needed to maintain security and functionality
- Potential legal issues in countries with strict internet censorship
Getting Started
- Ensure you have a supported operating system (Ubuntu 20.04 or 22.04).
- Clone the Streisand repository:
git clone https://github.com/StreisandEffect/streisand.git && cd streisand
- Run the installation script:
./streisand
- Follow the prompts to configure your server and choose which services to install.
- Once complete, access the generated instructions to connect to your new VPN services.
Note: Always ensure you comply with local laws and regulations when setting up and using VPN services.
Competitor Comparisons
Set up a personal VPN in the cloud
Pros of Algo
- Simpler setup process with fewer dependencies
- Focuses on WireGuard, offering better performance and security
- More actively maintained with regular updates
Cons of Algo
- Supports fewer VPN protocols compared to Streisand
- Less flexible in terms of server options and customization
- Smaller community and fewer available resources
Code Comparison
Algo (setup.sh):
#!/usr/bin/env bash
set -e
set -u
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
Streisand (streisand):
#!/usr/bin/env bash
# Streisand provisioning script
set -e
if [ "${EUID}" -eq 0 ]; then
echo "Please do not run this script as root."
Both projects use bash scripts for setup, but Algo's approach is more streamlined and focused on essential components. Streisand's script includes additional checks and a broader scope, reflecting its more comprehensive feature set.
Algo is designed for simplicity and ease of use, prioritizing modern protocols like WireGuard. Streisand offers a wider range of VPN options and server configurations but may be more complex to set up and maintain. Choose Algo for a straightforward, performance-focused solution, or Streisand for greater flexibility and protocol variety.
OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
Pros of openvpn-install
- Simpler and more focused, designed specifically for OpenVPN setup
- Faster installation process due to its streamlined nature
- Easier to understand and modify for users familiar with OpenVPN
Cons of openvpn-install
- Limited to OpenVPN only, while Streisand offers multiple VPN protocols
- Lacks the extensive security features and additional services provided by Streisand
- May require more manual configuration for advanced setups
Code Comparison
Streisand (playbook example):
- name: Install OpenVPN
apt:
name: openvpn
state: present
- name: Configure OpenVPN
template:
src: openvpn-server.conf.j2
dest: /etc/openvpn/server.conf
openvpn-install (script excerpt):
apt-get update
apt-get install openvpn easy-rsa -y
cp -r /usr/share/easy-rsa/ /etc/openvpn
cd /etc/openvpn/easy-rsa
The Streisand project uses Ansible playbooks for configuration management, while openvpn-install relies on a bash script for direct installation and setup. Streisand's approach allows for more complex and modular configurations, while openvpn-install offers a more straightforward, single-purpose solution.
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Pros of setup-ipsec-vpn
- Simpler setup process, focusing solely on IPsec/L2TP and IKEv2 VPN protocols
- Lighter weight and faster to deploy
- More frequent updates and active maintenance
Cons of setup-ipsec-vpn
- Limited to IPsec/L2TP and IKEv2 protocols, less versatile than Streisand
- Fewer additional features and services compared to Streisand's comprehensive suite
- Less extensive documentation and user guides
Code Comparison
setup-ipsec-vpn:
wget https://git.io/vpnsetup -O vpnsetup.sh
sudo sh vpnsetup.sh
Streisand:
git clone https://github.com/StreisandEffect/streisand.git
cd streisand
./streisand
setup-ipsec-vpn offers a more straightforward installation process with a single script, while Streisand requires cloning the repository and running a dedicated setup script. This reflects the difference in complexity and scope between the two projects.
setup-ipsec-vpn is ideal for users seeking a quick and simple IPsec VPN setup, while Streisand caters to those who need a more comprehensive suite of privacy tools and protocols. The choice between them depends on the user's specific requirements and technical expertise.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Streisand
English, Français, ç®ä½ä¸æ, Ð ÑÑÑкий | Mirror
Streisand
Silence censorship. Automate the effect.
The Internet can be a little unfair. It's way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough. Or is it?
If you have an account with a cloud computing provider, Streisand can set up a new node with many censorship-resistant VPN services nearly automatically. You'll need a little experience with a Unix command-line. (But without Streisand, it could take days for a skilled Unix administrator to configure these services securely!) At the end, you'll have a private website with software and instructions.
Here's what a sample Streisand server looks like.
There's a list of supported cloud providers; experts may be able to use Streisand to install on many other cloud providers.
VPN services
One type of tool that people use to avoid network censorship is a Virtual Private Network (VPN). There are many kinds of VPNs.
Not all network censorship is alike; in some places, it changes from day to day. Streisand provides many different VPN services to try. (You don't have to install them all, though.)
Some Streisand services include add-ons for further censorship and throttling resistance:
- OpenSSH
- Tinyproxy may be used as an HTTP proxy.
- OpenConnect / Cisco AnyConnect
- This protocol is widely used by multi-national corporations, and might not be blocked.
- OpenVPN
- Stunnel add-on available.
- Shadowsocks,
- The V2ray-plugin is installed to provide robust traffic evasion on hostile networks (especially those implementing quality of service (QOS) throttling).
- A private Tor bridge relay
- Obfsproxy with obfs4 available as an add-on.
- WireGuard, a modern high-performance protocol.
See also:
Cloud providers
- Amazon Web Services (AWS)
- Microsoft Azure
- Digital Ocean
- Google Compute Engine (GCE)
- Linode
- Rackspace
Other providers
We recommend using one of the above providers. If you are an expert and can set up a fresh Ubuntu 16.04 server elsewhere, there are "localhost" and "existing remote server" installation methods. For more information, see the advanced installation instructions.
Installation
You need command-line access to a Unix system. You can use Linux, BSD, or macOS; on Windows 10, the Windows Subsystem for Linux (WSL) counts as Linux.
Once you're ready, see the full installation instructions.
Things we want to do better
Aside from a good deal of cleanup, we could really use:
- Easier setup.
- Faster adoption of new censorship-avoidance tools
We're looking for help with both.
If there is something that you think Streisand should do, or if you find a bug in its documentation or execution, please file a report on the Issue Tracker.
Core Contributors
- Jay Carlson (@nopdotcom)
- Nick Clarke (@nickolasclarke)
- Joshua Lund (@jlund)
- Ali Makki (@alimakki)
- Daniel McCarney (@cpu)
- Corban Raun (@CorbanR)
Acknowledgements
Jason A. Donenfeld deserves a lot of credit for being brave enough to reimagine what a modern VPN should look like and for coming up with something as good as WireGuard. He has our sincere thanks for all of his patient help and high-quality feedback.
We are grateful to Trevor Smith for his massive contributions. He suggested the Gateway approach, provided tons of invaluable feedback, made everything look better, and developed the HTML template that served as the inspiration to take things to the next level before Streisand's public release.
Huge thanks to Paul Wouters of The Libreswan Project for his generous help troubleshooting the L2TP/IPsec setup.
Starcadian's 'Sunset Blood' album was played on repeat approximately 300 times during the first few months of work on the project in early 2014.
Top Related Projects
Set up a personal VPN in the cloud
OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot