A brief guide to setting up a secure and high-speed VPN in China with Outline

Many people in China rely on overseas VPN services to access foreign websites. These services tend to be expensive and have questionable accessibility and speed in China.

A more economical solution is to rent a VPS server and install proxy services by yourself. Jigsaw, a subsidiary of Google, provides a useful tool – Outline, which provides a visual interface that allows non-technical users to easily install and manage VPN services.

Features of Outline

Outline is safe .

Outline uses 256-bit AEAD Chacha2020 IETF Poly 1305 encryption algorithm to encrypt the communication between your device and Outline server. The AEAD encryption algorithm ensures confidentiality, integrity, and authenticity, demonstrating superior performance on modern hardware.

Outline does not log on the server. So even if someone breaks into your server, he can't see what you have visited.

Outline supports almost all operating systems.

It supports Android, Windows, Chrome OS, iOS, macOS, and Linux. These clients all provide a graphical interface. It will also continue to maintain these clients to ensure their security and compatibility.

Outline encrypts all traffic.

On desktop systems, Outline creates a virtual NIC. After running, Outline will direct all your traffic (except LAN) to the remote server. In terms of experience, it is more like a VPN than a proxy. At this point, other proxy clients cannot achieve it.

The website for the Outline project is: https://getoutline.org/ .

You can also visit its mirror page: https://s3.amazonaws.com/outline-vpn/index.html .

buy server

Outline recommends you to use the DigitalOcean service by default, but its speed in China is not ideal.

I'm currently using Bandwagon's CN2-GIA server. The server is located in the United States, but the access speed and stability in China are very high, and the packet loss rate is extremely low.

There are two types of low-cost CN2-GIA servers, click the link below to enter the purchase page.

DC9 CN2 GIA : $39.99/year, 512MB memory, 10GB SSD hard disk, 300GB monthly traffic, 1Gbps bandwidth;

DC6 CN2 GIA-E : $49.99/year, 512MB memory, 10GB SSD hard drive, 500GB monthly traffic, 1Gbps bandwidth.

Both servers are in limited supply. It often takes several months to order, and usually it will show that it is out of stock. Therefore, it is recommended to pay attention to the "BandwagonHostNews" Telegram channel, and order immediately after receiving the reminder: https://t.me/BandwagonHostNews

configure server

After ordering, select My Services in the Services column of Client Area. Find your server and click "KiWiVM Control Panel" on the right.

First, we need to install the new operating system. Click "Install New OS" and select the latest Ubuntu system. At the time of writing this article, the latest version is "Ubuntu 18.04". After ticking, select "Reload".

At this point you will get your "password" and "port number". You need to record these two pieces of information along with your server "IP address", because you will need this information later.

Next you need to log in to your VPS. You can install the Termius app on macOS, Android, and iOS, or use the Hyperapp app on iOS (for a fee).

When logging in, you need to enter the server's "IP address", "password" and "port number". Write root as the user name. After logging in, execute the update command first.

 sudo apt-get update

This command is used to check for updates. The next command is to install the update.

 sudo apt-get upgrade

You will be asked if you are sure to install. Reply "Y" and press Enter.

• If asked whether to keep the existing files or install new files, always choose to install new files.
• Select Yes if you are asked if you want to automatically restart during installation.
• If asked about language, press Enter with the default English selection.

Install the Outline service on the server

After the installation is complete, install Outline Manager on your computer and run it.

Outline Manager download address: macOS ; Windows ; Linux .

To add a new server, select "Set up Outline anywhere".

Execute this command on the VPS:

 sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh)"

Advanced users can also specify the port number of the api and key, for example:

 sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh)" \install_server.sh --keys- port=1209 --api-port=2383

Among them, key-port is the key port, and it is reported that reducing the number of bits can avoid interference.

• If asked to install docker, reply Y and press Enter.
• If the system prompts an error running the curl command, then curl may not be installed on your system. Execute the following command to install curl.

 sudo apt-get install curl

After the installation is complete, a string of characters similar to this will be displayed on the screen:

 {"apiUrl":"https://?????","certSha256":"?????"}

Copy this text, paste it into the "Paste your installation output here." text box in the Outline Manager and click "Done".

At the same time, it is recommended to save this character in a safe place so that it can be used when the computer system is replaced in the future.

At this point, the deployment on the server side has been completed. The following operations can be completed in the visual interface.

Distribute and manage keys

Click "Add new key" in the Outline Manager. Name the new key and click the share icon on the right. Find a character starting with "ss://" under "Copy your access key:". Save this character in a safe place.

Install and start the Outline client on the computer/mobile phone.

Outline client download link: macOS ; Windows ; iOS ; Android ; Linux ; Chrome OS .

It should be noted that the macOS client may not be available for download in the Mac App Store in China. In addition, the installation of the Android client above depends on the Google Play Store service.

You can also use the Shadowsocks client instead.

Shadowsocks client download address: Android ; Windows .

Copy the characters starting with "ss://", click "+" in the client, and press the keyboard shortcut "Ctrl+V" or "command+V". Click "Add Server".

As an administrator, you can add or delete a key in the Manager at any time. In the case of multiple users, you can set a different key for each and distribute each key to different people. And as an administrator, you can check everyone's data usage status, and you can also terminate the usage permission of a certain key at any time.

Install and enable BBR congestion control technology

At this point, Outline is ready to use, but speed and stability will still be affected by traffic jams. This effect can be reduced by enabling the BBR algorithm on the server side.

Detailed instructions and step-by-step explanations can be found in this article of imtx. Here is just a brief explanation.

Load the BBR module for the new kernel:

 sudo modprobe tcp_bbr

echo "tcp_bbr" | sudo tee -a /etc/modules-load.d/modules.conf

After loading, execute the sysctl net.ipv4.tcp_available_congestion_control command, and you can see that BBR appears in the output.

Next, enable it officially:

 echo "net.core.default_qdisc=fq" | sudo tee -a /etc/sysctl.conf

echo "net.ipv4.tcp_congestion_control=bbr" | sudo tee -a /etc/sysctl.conf

sudo sysctl -p

After executing these instructions, use sysctl net.ipv4.tcp_congestion_control to verify, and the returned result is:

 net.ipv4.tcp_congestion_control = bbr

Future updates and maintenance

• You should regularly log in to the VPS and install updates as per the steps listed above.
• You may reinstall the system or reinstall Outline Manger on your computer in the future. Will this cause you to lose administrative rights, or lose server key information? Don't worry, as long as you save {"apiUrl":" https:// ?????","certSha256":"?????"} this string of characters, you just need to run it on the new computer environment Manager, paste this string of characters into the text box of "Paste your installation output here." and click "Done".