Outline VPN Cheatsheet

📋 Kopieren Sie alle Outline VPN Befehle Generieren Sie Outline VPN PDF Guide

Outline VPN ist eine Open-Source-VPN-Lösung, die von Jigsaw (ein Tochterunternehmen von Alphabet Inc.) entwickelt wurde, die die Benutzerfreundlichkeit, Sicherheit und Widerstand gegen Blockierung priorisiert. Im Shadowsocks Protokoll gebaut, bietet Outline eine einfache Möglichkeit, persönliche VPN-Server zu erstellen und zu verwalten, während sie starke Verschlüsselungs- und Obfuskationsmöglichkeiten bieten, die es für Netzwerkadministratoren schwierig machen, den VPN-Verkehr zu erkennen und zu blockieren.

Überblick

Architektur und Design Philosophie

Outline VPN besteht aus zwei Hauptkomponenten: dem Outline Manager für die Serververwaltung und dem Outline Client für Endbenutzer-Konnektivität. Das System ist mit Einfachheit und Sicherheit als Kernprinzipien konzipiert, so dass es Benutzern ohne umfangreiche technische Kenntnisse und unter Beibehaltung von unternehmenseigenen Sicherheitsstandards zugänglich ist.

Der Outline Manager ist eine Desktop-Anwendung, mit der Administratoren Outline-Server auf verschiedenen Cloud-Plattformen wie DigitalOcean, Google Cloud Platform, Amazon Web Services und Vultr bereitstellen und verwalten können. Der Manager behandelt Serverbereitstellung, Benutzer-Schlüsselerzeugung und Verkehrsüberwachung über eine intuitive grafische Schnittstelle.

Die Outline Client-Anwendungen sind für Windows-, macOS-, Linux-, iOS- und Android-Plattformen verfügbar. Diese Clients nutzen die generierten Zugangsschlüssel, um sichere Verbindungen zu Outline-Servern herzustellen, um verschlüsselte Tunnelings für alle Netzwerk-Verkehrs.

Schlüsselmerkmale

```bash

Core Outline VPN Capabilities

• Shadowsocks-based protocol for enhanced obfuscation
• Automatic server deployment on major cloud platforms
• Simple access key sharing system
• Cross-platform client applications
• Traffic monitoring and usage analytics
• Resistance to deep packet inspection (DPI)
• No logging policy and privacy-focused design
• Open-source transparency and auditability ```_

Serverinstallation und Setup

Automatische Serverinstallation

```bash

Install Outline server on Ubuntu/Debian

curl -sS https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh|bash

The installation script will:

1. Install Docker and Docker Compose

2. Download and run the Outline server container

3. Generate initial configuration

4. Display management API URL and certificate fingerprint

Verify installation

sudo docker ps|grep outline

Check server status

sudo docker logs outline-server

View server configuration

sudo cat /opt/outline/access.txt

Manual Docker installation (alternative method)

sudo docker run -d \ --name outline-server \ --restart unless-stopped \ -p 443:443/tcp \ -p 443:443/udp \ -p 8080:8080/tcp \ -v outline-data:/root/shadowbox/persisted-state \ quay.io/outline/shadowbox:stable

Configure firewall for Outline server

sudo ufw allow 443/tcp sudo ufw allow 443/udp sudo ufw allow 8080/tcp sudo ufw enable

Enable IP forwarding

echo 'net.ipv4.ip_forward=1'|sudo tee -a /etc/sysctl.conf echo 'net.ipv6.conf.all.forwarding=1'|sudo tee -a /etc/sysctl.conf sudo sysctl -p ```_

Bereitstellung von Cloud Platform

```bash

DigitalOcean deployment script

!/bin/bash

DROPLET_NAME="outline-vpn-server" REGION="nyc3" SIZE="s-1vcpu-1gb" IMAGE="ubuntu-20-04-x64"

Create droplet

doctl compute droplet create $DROPLET_NAME \ --region $REGION \ --size $SIZE \ --image $IMAGE \ --ssh-keys $(doctl compute ssh-key list --format ID --no-header|tr '\n' ',') \ --wait

Get droplet IP

| DROPLET_IP=$(doctl compute droplet list --format Name,PublicIPv4 --no-header | grep $DROPLET_NAME | awk '\\{print $2\\}') |

Install Outline server

ssh root@$DROPLET_IP 'curl -sS https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh|bash'

AWS EC2 deployment with Terraform

cat > outline-server.tf ``<< 'EOF' provider "aws" \{ region = "us-east-1" \}

resource "aws_instance" "outline_server" \{ ami = "ami-0c02fb55956c7d316" # Ubuntu 20.04 LTS instance_type = "t3.micro" key_name = "your-key-pair"

vpc_security_group_ids = [aws_security_group.outline_sg.id]

user_data = <<-EOF #!/bin/bash curl -sS https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh|bash EOF

tags = \{ Name = "Outline VPN Server" \} \}

resource "aws_security_group" "outline_sg" \{ name_prefix = "outline-server-"

ingress \{ from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] \}

ingress \{ from_port = 443 to_port = 443 protocol = "udp" cidr_blocks = ["0.0.0.0/0"] \}

ingress \{ from_port = 8080 to_port = 8080 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] \}

ingress \{ from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] \}

egress \{ from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] \} \}

output "server_ip" \{ value = aws_instance.outline_server.public_ip \} EOF

Deploy with Terraform

terraform init terraform plan terraform apply ```_

Docker komponiert Setup

```yaml

docker-compose.yml for Outline server

version: '3.8'

services: outline-server: image: quay.io/outline/shadowbox:stable container_name: outline-server restart: unless-stopped ports: - "443:443/tcp" - "443:443/udp" - "8080:8080/tcp" volumes: - outline-data:/root/shadowbox/persisted-state - /etc/letsencrypt:/etc/letsencrypt:ro environment: - SB_API_PORT=8080 - SB_CERTIFICATE_FILE=/etc/letsencrypt/live/your-domain.com/fullchain.pem - SB_PRIVATE_KEY_FILE=/etc/letsencrypt/live/your-domain.com/privkey.pem networks: - outline-network

watchtower: image: containrrr/watchtower container_name: outline-watchtower restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock command: --interval 86400 outline-server networks: - outline-network

volumes: outline-data:

networks: outline-network: driver: bridge ```_

Outline Manager Konfiguration

Initial Setup und Serververbindung

```bash

Download Outline Manager

Windows: https://github.com/Jigsaw-Code/outline-client/releases/latest/download/Outline-Manager.exe

macOS: https://github.com/Jigsaw-Code/outline-client/releases/latest/download/Outline-Manager.dmg

Linux: https://github.com/Jigsaw-Code/outline-client/releases/latest/download/Outline-Manager.AppImage

Connect to existing server using management API

Format: https://server-ip:8080/management-api-url

Example connection string from server installation:

\{"apiUrl":"https://192.168.1.100:8080/management-api-url","certSha256":"certificate-fingerprint"\}

Verify server connection

curl -k -H "Content-Type: application/json" \ "https://your-server-ip:8080/management-api-url/server"

Get server information

curl -k -H "Content-Type: application/json" \ "https://your-server-ip:8080/management-api-url/server/info"

Example response:

\{

"name": "Outline Server",

"serverId": "server-id-123",

"metricsEnabled": true,

"createdTimestampMs": 1640995200000,

"version": "1.8.0",

"accessKeyDataLimit": null,

"portForNewAccessKeys": 443

\}

```_

Schlüsselverwaltung

```bash

Create new access key

curl -k -X POST \ -H "Content-Type: application/json" \ "https://your-server-ip:8080/management-api-url/access-keys"

Example response:

\{

"id": "0",

"name": "User 1",

"password": "password123",

"port": 443,

"method": "chacha20-ietf-poly1305",

"accessUrl": "ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpwYXNzd29yZDEyMw@192.168.1.100:443/?outline=1"

\}

List all access keys

curl -k -H "Content-Type: application/json" \ "https://your-server-ip:8080/management-api-url/access-keys"

Rename access key

curl -k -X PUT \ -H "Content-Type: application/json" \ -d '\{"name": "John Doe"\}' \ "https://your-server-ip:8080/management-api-url/access-keys/0/name"

Set data limit for access key (in bytes)

curl -k -X PUT \ -H "Content-Type: application/json" \ -d '\{"limit": \{"bytes": 10737418240\}\}' \ "https://your-server-ip:8080/management-api-url/access-keys/0/data-limit"

Remove data limit

curl -k -X DELETE \ "https://your-server-ip:8080/management-api-url/access-keys/0/data-limit"

Delete access key

curl -k -X DELETE \ "https://your-server-ip:8080/management-api-url/access-keys/0"

Get access key metrics

curl -k -H "Content-Type: application/json" \ "https://your-server-ip:8080/management-api-url/metrics/transfer"

Example metrics response:

\{

"bytesTransferredByUserId": \{

"0": 1073741824,

"1": 2147483648

\}

\}

```_

Serverkonfiguration

```bash

Change server name

curl -k -X PUT \ -H "Content-Type: application/json" \ -d '\{"name": "Company VPN Server"\}' \ "https://your-server-ip:8080/management-api-url/server/name"

Set default port for new access keys

curl -k -X PUT \ -H "Content-Type: application/json" \ -d '\{"port": 8443\}' \ "https://your-server-ip:8080/management-api-url/server/port-for-new-access-keys"

Enable/disable metrics collection

curl -k -X PUT \ -H "Content-Type: application/json" \ -d '\{"metricsEnabled": true\}' \ "https://your-server-ip:8080/management-api-url/server/metrics-enabled"

Set server-wide data limit

curl -k -X PUT \ -H "Content-Type: application/json" \ -d '\{"limit": \{"bytes": 107374182400\}\}' \ "https://your-server-ip:8080/management-api-url/server/access-key-data-limit"

Get server configuration

curl -k -H "Content-Type: application/json" \ "https://your-server-ip:8080/management-api-url/server" ```_

Client Konfiguration und Nutzung

Windows Client Setup

```powershell

Download and install Outline Client for Windows

$OutlineClientUrl = "https://github.com/Jigsaw-Code/outline-client/releases/latest/download/Outline-Client.exe" $OutlineClientPath = "$env:TEMP\Outline-Client.exe"

Invoke-WebRequest -Uri $OutlineClientUrl -OutFile $OutlineClientPath Start-Process -FilePath $OutlineClientPath -Wait

Import access key via command line (if supported)

Note: Outline Client primarily uses GUI for key import

Access key format: ss://base64-encoded-config@server:port/?outline=1

Example access key:

ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpwYXNzd29yZDEyMw@192.168.1.100:443/?outline=1

Registry settings for Outline Client (advanced configuration)

$OutlineRegPath = "HKCU:\Software\Outline" if (!(Test-Path $OutlineRegPath)) \{ New-Item -Path $OutlineRegPath -Force \}

Set auto-connect on startup

Set-ItemProperty -Path $OutlineRegPath -Name "AutoConnect" -Value 1

Configure proxy settings

Set-ItemProperty -Path $OutlineRegPath -Name "ProxyMode" -Value "auto" ```_

macOS Client Setup

```bash

Download Outline Client for macOS

curl -L -o "Outline-Client.dmg" \ "https://github.com/Jigsaw-Code/outline-client/releases/latest/download/Outline-Client.dmg"

Mount and install

hdiutil mount Outline-Client.dmg cp -R "/Volumes/Outline Client/Outline Client.app" /Applications/ hdiutil unmount "/Volumes/Outline Client"

Launch Outline Client

open "/Applications/Outline Client.app"

Import access key via URL scheme (if supported)

open "ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpwYXNzd29yZDEyMw@192.168.1.100:443/?outline=1"

Configure system proxy settings

networksetup -setautoproxyurl "Wi-Fi" "http://127.0.0.1:1080/proxy.pac"

Check VPN connection status

scutil --nc list|grep -i outline ```_

Linux Client Setup

```bash

Download Outline Client AppImage

wget -O Outline-Client.AppImage \ "https://github.com/Jigsaw-Code/outline-client/releases/latest/download/Outline-Client.AppImage"

chmod +x Outline-Client.AppImage

Run Outline Client

./Outline-Client.AppImage

Alternative: Install via Snap

sudo snap install outline-client

Create desktop entry

cat >~/.local/share/applications/outline-client.desktop<< 'EOF' [Desktop Entry] Name=Outline Client Comment=Outline VPN Client Exec=/path/to/Outline-Client.AppImage Icon=outline-client Terminal=false Type=Application Categories=Network;Security; EOF

Configure system-wide proxy (Ubuntu/Debian)

gsettings set org.gnome.system.proxy mode 'auto' gsettings set org.gnome.system.proxy autoconfig-url 'http://127.0.0.1:1080/proxy.pac'

Configure iptables for VPN traffic (advanced)

sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 1080 sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 1080 ```_

Mobile Client Konfiguration

```bash

iOS Configuration

1. Download Outline app from App Store

2. Tap "Add Server" or "+"

3. Scan QR code or paste access key

4. Tap "Connect"

Generate QR code for access key (server-side)

qrencode -t PNG -o access-key-qr.png \ "ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpwYXNzd29yZDEyMw@192.168.1.100:443/?outline=1"

Android Configuration

1. Download Outline app from Google Play Store

2. Tap "Add Server"

3. Scan QR code or manually enter access key

4. Tap "Connect"

Android ADB commands for automation (requires root)

adb shell am start -a android.intent.action.VIEW \ -d "ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTpwYXNzd29yZDEyMw@192.168.1.100:443/?outline=1" \ org.outline.android.client ```_

Erweiterte Konfiguration

Individuelle Schatten Konfiguration

```bash

Manual Shadowsocks server configuration

cat >`` /etc/shadowsocks-libev/config.json << 'EOF' \\{ "server": "0.0.0.0", "server_port": 443, "password": "your-strong-password", "timeout": 300, "method": "chacha20-ietf-poly1305", "fast_open": false, "workers": 1, "prefer_ipv6": false, "no_delay": true, "reuse_port": true, "mode": "tcp_and_udp" \\} EOF

Install Shadowsocks-libev

sudo apt update sudo apt install shadowsocks-libev

Start Shadowsocks server

sudo systemctl enable shadowsocks-libev sudo systemctl start shadowsocks-libev

Configure multiple ports for load balancing

cat > /etc/shadowsocks-libev/multi-port.json << 'EOF' \\{ "server": "0.0.0.0", "port_password": \\{ "443": "password1", "8443": "password2", "9443": "password3" \\}, "timeout": 300, "method": "chacha20-ietf-poly1305", "fast_open": false \\} EOF

Advanced obfuscation with simple-obfs

sudo apt install simple-obfs

cat > /etc/shadowsocks-libev/obfs-config.json << 'EOF' \\{ "server": "0.0.0.0", "server_port": 443, "password": "your-password", "timeout": 300, "method": "chacha20-ietf-poly1305", "plugin": "obfs-server", "plugin_opts": "obfs=tls;obfs-host=www.google.com" \\} EOF ```_

Lastausgleich und hohe Verfügbarkeit

```bash

HAProxy configuration for multiple Outline servers

cat > /etc/haproxy/haproxy.cfg << 'EOF' global daemon maxconn 4096

defaults mode tcp timeout connect 5000ms timeout client 50000ms timeout server 50000ms

frontend outline_frontend bind *:443 default_backend outline_servers

backend outline_servers balance roundrobin server outline1 192.168.1.101:443 check server outline2 192.168.1.102:443 check server outline3 192.168.1.103:443 check EOF

Start HAProxy

sudo systemctl enable haproxy sudo systemctl start haproxy

Nginx stream proxy for load balancing

cat > /etc/nginx/nginx.conf << 'EOF' events \\{ worker_connections 1024; \\}

stream \\{ upstream outline_backend \\{ server 192.168.1.101:443; server 192.168.1.102:443; server 192.168.1.103:443; \\}

server \\\\{
    listen 443;
    proxy_pass outline_backend;
    proxy_timeout 1s;
    proxy_responses 1;
\\\\}

\\} EOF

Keepalived for high availability

cat > /etc/keepalived/keepalived.conf << 'EOF' vrrp_script chk_outline \\{ script "/usr/local/bin/check_outline.sh" interval 2 weight -2 fall 3 rise 2 \\}

vrrp_instance VI_1 \\{ state MASTER interface eth0 virtual_router_id 51 priority 101 advert_int 1 authentication \\{ auth_type PASS auth_pass outline123 \\} virtual_ipaddress \\{ 192.168.1.100 \\} track_script \\{ chk_outline \\} \\} EOF

Health check script

cat > /usr/local/bin/check_outline.sh << 'EOF'

!/bin/bash

curl -k --connect-timeout 5 https://localhost:8080/management-api-url/server >/dev/null 2>&1 exit $? EOF

chmod +x /usr/local/bin/check_outline.sh ```_

Sicherheitshärten

```bash

Firewall configuration with iptables

!/bin/bash

Flush existing rules

iptables -F iptables -X iptables -t nat -F iptables -t nat -X

Default policies

iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT

Allow loopback

iptables -A INPUT -i lo -j ACCEPT

Allow established connections

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow SSH (change port as needed)

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Allow Outline VPN

iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p udp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -s 192.168.1.0/24 -j ACCEPT

Enable NAT for VPN clients

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -o tun+ -j ACCEPT

Rate limiting for SSH

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

Save rules

iptables-save > /etc/iptables/rules.v4

Fail2ban configuration for additional security

cat > /etc/fail2ban/jail.local << 'EOF' [DEFAULT] bantime = 3600 findtime = 600 maxretry = 3

[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log

[outline-api] enabled = true port = 8080 filter = outline-api logpath = /var/log/outline/access.log maxretry = 5 EOF

Create custom filter for Outline API

cat > /etc/fail2ban/filter.d/outline-api.conf << 'EOF' [Definition] failregex = ^ - - [.] "." 40[13] .*$ ignoreregex = EOF

SSL/TLS certificate with Let's Encrypt

sudo apt install certbot

Generate certificate

sudo certbot certonly --standalone -d your-domain.com

Configure automatic renewal

echo "0 12 * * * /usr/bin/certbot renew --quiet"|sudo crontab -

Update Outline server to use SSL certificate

sudo docker exec outline-server \ sh -c 'echo "SB_CERTIFICATE_FILE=/etc/letsencrypt/live/your-domain.com/fullchain.pem" >> /opt/outline/environment' sudo docker exec outline-server \ sh -c 'echo "SB_PRIVATE_KEY_FILE=/etc/letsencrypt/live/your-domain.com/privkey.pem" >> /opt/outline/environment'

sudo docker restart outline-server ```_

Überwachung und Fehlerbehebung

Serverüberwachung

```bash

Monitor Outline server logs

sudo docker logs -f outline-server

Monitor system resources

htop iotop nethogs

Check network connections

sudo netstat -tulpn|grep :443 sudo ss -tulpn|grep :443

Monitor bandwidth usage

vnstat -i eth0 iftop -i eth0

Custom monitoring script

cat > /usr/local/bin/outline-monitor.sh << 'EOF'

!/bin/bash

LOG_FILE="/var/log/outline-monitor.log" API_URL="https://localhost:8080/management-api-url"

Function to log with timestamp

log_message() \\{ echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE \\}

Check server health

check_server_health() \\{ if curl -k -s "$API_URL/server" >/dev/null 2>&1; then log_message "Server health check: OK" return 0 else log_message "Server health check: FAILED" return 1 fi \\}

Check Docker container status

check_container_status() \\{ if docker ps|grep -q outline-server; then log_message "Container status: Running" return 0 else log_message "Container status: Not running" return 1 fi \\}

Get transfer metrics

get_transfer_metrics() \\{ METRICS=$(curl -k -s "$API_URL/metrics/transfer" 2>/dev/null) if [ $? -eq 0 ]; then log_message "Transfer metrics: $METRICS" else log_message "Failed to retrieve transfer metrics" fi \\}

Main monitoring loop

main() \\{ log_message "Starting Outline monitoring"

if ! check_container_status; then
    log_message "Attempting to restart Outline server"
    docker restart outline-server
    sleep 10
fi

if check_server_health; then
    get_transfer_metrics
else
    log_message "Server health check failed, investigating..."
    docker logs --tail 50 outline-server >> $LOG_FILE
fi

\\}

main EOF

chmod +x /usr/local/bin/outline-monitor.sh

Add to crontab for regular monitoring

echo "*/5 * * * * /usr/local/bin/outline-monitor.sh"|crontab - ```_

Leistungsoptimierung

```bash

Optimize TCP settings for VPN performance

cat > /etc/sysctl.d/99-outline-performance.conf << 'EOF'

TCP optimization

net.core.rmem_max = 134217728 net.core.wmem_max = 134217728 net.ipv4.tcp_rmem = 4096 87380 134217728 net.ipv4.tcp_wmem = 4096 65536 134217728 net.ipv4.tcp_congestion_control = bbr net.core.default_qdisc = fq

Network buffer optimization

net.core.netdev_max_backlog = 5000 net.core.netdev_budget = 600

Connection tracking optimization

net.netfilter.nf_conntrack_max = 1048576 net.netfilter.nf_conntrack_tcp_timeout_established = 7200

IP forwarding and routing

net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 EOF

Apply settings

sudo sysctl -p /etc/sysctl.d/99-outline-performance.conf

Docker container resource limits

sudo docker update --memory=1g --cpus=2 outline-server

Optimize Shadowsocks configuration for performance

cat > /opt/outline/shadowsocks-optimized.json << 'EOF' \\{ "server": "0.0.0.0", "server_port": 443, "password": "your-password", "timeout": 300, "method": "chacha20-ietf-poly1305", "fast_open": true, "workers": 4, "prefer_ipv6": false, "no_delay": true, "reuse_port": true, "mode": "tcp_and_udp" \\} EOF ```_

Probleme bei der Fehlerbehebung

```bash

Connection issues troubleshooting

1. Check server accessibility

ping your-server-ip telnet your-server-ip 443

2. Verify DNS resolution

nslookup your-domain.com dig your-domain.com

3. Check firewall rules

sudo iptables -L -n sudo ufw status

4. Test port connectivity

nc -zv your-server-ip 443 nc -zuv your-server-ip 443

Client connection debugging

Enable debug logging in Outline client

# Windows: %APPDATA%\Outline\logs\

macOS: ~/Library/Logs/Outline/

Linux: ~/.config/Outline/logs/

Server-side debugging

sudo docker exec -it outline-server /bin/bash cat /var/log/shadowbox.log

Network troubleshooting

Check routing table

ip route show route -n

Monitor network traffic

sudo tcpdump -i any port 443 sudo tcpdump -i any host your-client-ip

Check for packet loss

mtr your-server-ip

Bandwidth testing

iperf3 -s # On server iperf3 -c your-server-ip # On client

Certificate issues

openssl s_client -connect your-server-ip:443 -servername your-domain.com openssl x509 -in /etc/letsencrypt/live/your-domain.com/fullchain.pem -text -noout

Reset Outline server configuration

sudo docker stop outline-server sudo docker rm outline-server sudo rm -rf /opt/outline/

Reinstall using installation script

```_

Automatisierung und Schrift

Automatisierte Bereitstellung Script

```bash

!/bin/bash

Automated Outline VPN deployment script

set -e

Configuration variables

SERVER_NAME="Outline VPN Server" DOMAIN_NAME="" EMAIL="" CLOUD_PROVIDER="digitalocean" # digitalocean, aws, gcp, vultr REGION="nyc3" SIZE="s-1vcpu-1gb"

Colors for output

RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color

Logging function

log() \\{ echo -e "$\\{GREEN\\}[$(date +'%Y-%m-%d %H:%M:%S')]$\\{NC\\} $1" \\}

error() \\{ echo -e "$\\{RED\\}[ERROR]$\\{NC\\} $1" >&2 exit 1 \\}

warning() \\{ echo -e "$\\{YELLOW\\}[WARNING]$\\{NC\\} $1" \\}

Check prerequisites

check_prerequisites() \\{ log "Checking prerequisites..."

# Check if running as root
if [[ $EUID -eq 0 ]]; then
    error "This script should not be run as root"
fi

# Check required commands
for cmd in curl docker docker-compose; do
    if ! command -v $cmd &> /dev/null; then
        error "$cmd is required but not installed"
    fi
done

log "Prerequisites check passed"

\\}

Install Docker if not present

install_docker() \\{ if ! command -v docker &> /dev/null; then log "Installing Docker..." curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh sudo usermod -aG docker $USER rm get-docker.sh log "Docker installed successfully" fi \\}

Deploy Outline server

deploy_outline() \\{ log "Deploying Outline server..."

# Create outline directory
sudo mkdir -p /opt/outline
cd /opt/outline

# Download and run installation script
curl -sS https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh|sudo bash

# Wait for server to start
sleep 30

# Check if server is running
if sudo docker ps|grep -q outline-server; then
    log "Outline server deployed successfully"
else
    error "Failed to deploy Outline server"
fi

\\}

Configure SSL certificate

configure_ssl() \\{ if [[ -n "$DOMAIN_NAME" && -n "$EMAIL" ]]; then log "Configuring SSL certificate for $DOMAIN_NAME..."

    # Install certbot
    sudo apt update
    sudo apt install -y certbot

    # Stop outline server temporarily
    sudo docker stop outline-server

    # Generate certificate
    sudo certbot certonly --standalone -d $DOMAIN_NAME --email $EMAIL --agree-tos --non-interactive

    # Update outline configuration
    sudo docker exec outline-server \
        sh -c "echo 'SB_CERTIFICATE_FILE=/etc/letsencrypt/live/$DOMAIN_NAME/fullchain.pem' >> /opt/outline/environment"
    sudo docker exec outline-server \
        sh -c "echo 'SB_PRIVATE_KEY_FILE=/etc/letsencrypt/live/$DOMAIN_NAME/privkey.pem' >> /opt/outline/environment"

    # Restart outline server
    sudo docker start outline-server

    # Setup auto-renewal
    echo "0 12 * * * /usr/bin/certbot renew --quiet && docker restart outline-server"|sudo crontab -

    log "SSL certificate configured successfully"
else
    warning "Domain name or email not provided, skipping SSL configuration"
fi

\\}

Create access keys

create_access_keys() \\{ log "Creating initial access keys..."

# Wait for API to be ready
sleep 10

# Get API URL from server
API_URL=$(sudo cat /opt/outline/access.txt|grep -o 'https://[^"]*')

if [[ -n "$API_URL" ]]; then
    # Create 3 initial access keys
    for i in \\\\{1..3\\\\}; do
        RESPONSE=$(curl -k -X POST -H "Content-Type: application/json" "$API_URL/access-keys" 2>/dev/null)
        if [[ $? -eq 0 ]]; then

| KEY_ID=$(echo $RESPONSE | grep -o '"id":"[^"]' | cut -d'"' -f4) | | ACCESS_URL=$(echo $RESPONSE | grep -o '"accessUrl":"[^"]' | cut -d'"' -f4) |

            # Rename the key
            curl -k -X PUT -H "Content-Type: application/json" \
                -d "\\\\{\"name\": \"User $i\"\\\\}" \
                "$API_URL/access-keys/$KEY_ID/name" 2>/dev/null

            log "Created access key for User $i: $ACCESS_URL"
        fi
    done
else
    error "Failed to get API URL"
fi

\\}

Setup monitoring

setup_monitoring() \\{ log "Setting up monitoring..."

# Create monitoring script
sudo tee /usr/local/bin/outline-health-check.sh > /dev/null << 'EOF'

!/bin/bash

API_URL=$(cat /opt/outline/access.txt|grep -o 'https://[^"]*') if curl -k -s "$API_URL/server" >/dev/null 2>&1; then echo "$(date): Outline server is healthy" else echo "$(date): Outline server health check failed" docker restart outline-server fi EOF

sudo chmod +x /usr/local/bin/outline-health-check.sh

# Add to crontab
echo "*/5 * * * * /usr/local/bin/outline-health-check.sh >> /var/log/outline-health.log 2>&1"|sudo crontab -

log "Monitoring setup completed"

\\}

Main deployment function

main() \\{ log "Starting Outline VPN deployment..."

check_prerequisites
install_docker
deploy_outline
configure_ssl
create_access_keys
setup_monitoring

log "Outline VPN deployment completed successfully!"
log "Server management information:"
sudo cat /opt/outline/access.txt

\\}

Parse command line arguments

while [[ $# -gt 0 ]]; do case $1 in -d|--domain) DOMAIN_NAME="$2" shift 2 ;; -e|--email) EMAIL="$2" shift 2 ;; -h|--help) echo "Usage: $0 [OPTIONS]" echo "Options:" echo " -d, --domain DOMAIN Domain name for SSL certificate" echo " -e, --email EMAIL Email for Let's Encrypt" echo " -h, --help Show this help message" exit 0 ;; *) error "Unknown option: $1" ;; esac done

Run main function

main ```_

Bulk User Management

```bash

!/bin/bash

Bulk user management script for Outline VPN

API_URL=$(cat /opt/outline/access.txt|grep -o 'https://[^"]*') USERS_FILE="users.csv"

Create users from CSV file

CSV format: username,data_limit_gb

create_users_from_csv() \\{ if [[ ! -f "$USERS_FILE" ]]; then echo "Users file not found: $USERS_FILE" exit 1 fi

while IFS=',' read -r username data_limit_gb; do
    # Skip header line
    if [[ "$username" == "username" ]]; then
        continue
    fi

    echo "Creating user: $username"

    # Create access key
    RESPONSE=$(curl -k -X POST -H "Content-Type: application/json" "$API_URL/access-keys" 2>/dev/null)

| KEY_ID=$(echo $RESPONSE | grep -o '"id":"[^"]' | cut -d'"' -f4) | | ACCESS_URL=$(echo $RESPONSE | grep -o '"accessUrl":"[^"]' | cut -d'"' -f4) |

    # Set username
    curl -k -X PUT -H "Content-Type: application/json" \
        -d "\\\\{\"name\": \"$username\"\\\\}" \
        "$API_URL/access-keys/$KEY_ID/name" 2>/dev/null

    # Set data limit if specified
    if [[ -n "$data_limit_gb" && "$data_limit_gb" != "unlimited" ]]; then
        DATA_LIMIT_BYTES=$((data_limit_gb * 1024 * 1024 * 1024))
        curl -k -X PUT -H "Content-Type: application/json" \
            -d "\\\\{\"limit\": \\\\{\"bytes\": $DATA_LIMIT_BYTES\\\\}\\\\}" \
            "$API_URL/access-keys/$KEY_ID/data-limit" 2>/dev/null
    fi

    echo "User $username created with key ID: $KEY_ID"
    echo "Access URL: $ACCESS_URL"
    echo "---"

done < "$USERS_FILE"

\\}

Generate usage report

generate_usage_report() \\{ echo "Generating usage report..."

# Get all access keys
KEYS=$(curl -k -s "$API_URL/access-keys" 2>/dev/null)

# Get transfer metrics
METRICS=$(curl -k -s "$API_URL/metrics/transfer" 2>/dev/null)

echo "User Usage Report - $(date)"
echo "================================"
printf "%-20s %-10s %-15s\n" "Username" "Key ID" "Data Used (MB)"
echo "--------------------------------"

# Parse and display usage for each user

| echo "$KEYS" | jq -r '.accessKeys[] | "(.id) | (.name)"' | while IFS=' | ' read -r key_id username; do | BYTES_USED=$(echo "$METRICS"|jq -r ".bytesTransferredByUserId.\"$key_id\" // 0") MB_USED=$((BYTES_USED / 1024 / 1024)) printf "%-20s %-10s %-15s\n" "$username" "$key_id" "$MB_USED" done \\}

Backup access keys

backup_access_keys() \\{ BACKUP_FILE="outline-backup-$(date +%Y%m%d-%H%M%S).json"

echo "Creating backup: $BACKUP_FILE"

# Get all access keys and server info
KEYS=$(curl -k -s "$API_URL/access-keys" 2>/dev/null)
SERVER_INFO=$(curl -k -s "$API_URL/server" 2>/dev/null)

# Create backup JSON
jq -n \
    --argjson keys "$KEYS" \
    --argjson server "$SERVER_INFO" \
    '\\\\{
        "backup_date": now|strftime("%Y-%m-%d %H:%M:%S"),
        "server_info": $server,
        "access_keys": $keys
    \\\\}' > "$BACKUP_FILE"

echo "Backup created: $BACKUP_FILE"

\\}

Show usage

show_usage() \\{ echo "Usage: $0 [COMMAND]" echo "Commands:" echo " create-users Create users from CSV file" echo " usage-report Generate usage report" echo " backup Backup access keys" echo " help Show this help message" \\}

Main script logic

case "$1" in create-users) create_users_from_csv ;; usage-report) generate_usage_report ;; backup) backup_access_keys ;; | help | --help | -h) | show_usage ;; *) echo "Unknown command: $1" show_usage exit 1 ;; esac ```_

Ressourcen

• [Offizielle Website des VPN](_LINK_5___ -%20Outline%20Server%20GitHub%20Repository
• Outline Client GitHub Repository
• (LINK5)
• Jigsaw (Google) Offizielle Website