October 30: Outline Managers Meetup: Difference between revisions

This Meetup is part of the Outline Community Hub

• Date: October 30, 2024
• Time: 9:00am to 10:15 EST / 1:00pm to 2:15pm UTC. What time is it in my city?
• Who: Outline Team
• Where: A conferencing link will be sent via email once you register

What is it?

If you are a current user of Outline Manager, join us to: 

• Learn about updates and new developments you should be aware of.
• Get your questions answered by the Jigsaw team, as well as learn tips and best-practices.
• Network with other users of Outline Manager

This is also a great place for folks new to Outline Manager to familiarize themselves with the tool.  This meetup is part of the Outline Community Hub.

New to this type of technology?

Outline makes it easy to set up your own virtual private network (VPN) and share it with your network for safer, more resilient access to the internet.

Outline SDK is a cross-platform library and set of tools for app developers to easily reuse Outline’s advanced networking strategies to protect apps and VPNs against network-level interference.

Jigsaw is a unit within Google that explores threats to open societies and builds scalable technology solutions that protect participation in the global internet.

Notes

• Training and Education: Information sharing on different regions      
• Working on website for developers with all the material consolidated in one place.
• Encourage people to use our Mattermost channel on TCU server
• Reddit is open and public, so feel free to use mattermost for more private/sensitive questions.
• Mailinglist will be used ot send these type of announcements.
• Measure connectivity of outline. It is on reddit wiki, but encourage community members to do their own measurement. It will really help us and others using outline.
• Making outline more resilient:
• Presentating about how to deploy services about scale and resilience, and we will share that. Will shre that.
• Working on other features!
• How to serve web sockets. With the outline SDK make some changes, so you can consume new strategies in outline server. WE can receive and incorporate more contributions for sdk strategies.
• Changes to Outline will allow us to integrate intralogic
• This is the context of access.

SDK partnerships, training and financial support: we will put more material on our site. so this can be a resource to be used to.

Community members can share what they are doing around Outline.

How to setup without graphical UI: there are ways to do this.

• If you are a provider, people adding SDK to their apps, want to fallback to proxies if needed, but may not have capacity or experitise, so they will look for other organizers that provide servers. So we are going to do make a marketplace where you can offer servers to others, amybe a way to cover your costs.
• Asking the privacy and risks of outline: We use shadowsoxs, used by those in china. we have made several improvements. Our implementation is the most resilient one.

Only two ways it gets blocked: 1) censor instigates an allowlist. 2) traffic volume and analysis. This is not well understood yet. You could image ways to detect a VPN server. If million of folks are going to one server, you can assume its a VPN server. We need more research in that area. Mixing of proxies and tunnels, will help with this.

Outline is a low barrier to entry. If a censor finds out your server, they can figure out who is connecting to that server. Really just the IP addresses. There are ways to mitigate this. making sure your keys are safe. For people at risk, i recommend using Tor as it gives you anonymity. Outline is a not a privacy tool, its an access tool.

The best usecase: giving access to people. Enable them to access content. Its harder to detect than VPNs. If VPNs are criminalized, users are safer to use Outline. You can layers those things: Use tor browser while using an Outline server. The biggest issue is a server is compromised. Depends on the situation and the threat model. It can be helpful in hiding that you are using an a VPN

Strategies to Avoid Crating strong links between user:

• You can give different services to different people. You can maybe afford more servers.
• Servers are cheap and you can create them on demand. For example, you can just create a server for that trip! Or even a server for each person.
• Using a large service, there are many orgs in the community that are giving outline access.

Is there a guide on how to set up prefixes from the Outline Manager directly?

We don't have a way to set this up from outline manager yet. We weren't able to prioritize it. We havent been able to. We are small a team. Just on some background: because we are a small team, we have to prioritize things that only us can do. And leave it to community to solve challenges they can solve. Prefixes can be difficult, but providers can help in those cases. Making Outline more reisilient to blocking.

Can you link to how users can do prefixing?

It is the manager or providers responsiblity. https://www.reddit.com/r/outlinevpn/wiki/index/prefixing/

Resources shared:

• Advanced Deployments for Resilient and Scale: https://drive.google.com/file/d/1EBFMu7O8dpzwnyibGXTg8VgMBFaltIJW/view
• https://www.reddit.com/r/outlinevpn/wiki/index/
• https://wiki.digitalrights.community/index.php?title=Advanced_Outline_Deployments_for_Resilience_and_Scale

Deployment of Manager:

The biggest concern: How do we have a distributed set of deployment, avoiding having a central place where all the managers are done. We don't want a central server because it can be a risk: Are there any schemes to have a more distributed management of outline servers. Few questions associate with this: Since manager is the client side, it is also increases risks if we are not confident of the person deploying the servers. They are in the place where their computer can be raided. This makes difficult to understand how to make servers safely. Curious are there any strategies to handle this deployment.

It is not expected that end-users will create the server. The providers are usually outside of the country that is repressive. This need for central management we hear you but something that multiple providers have created solutions for. What they did is they run multiple servers and create a central server that uses API. You can move keys around if needed. Outline manager doesn't give you decentralize management, it is possible to do that. One thing would be cool if someone could build a reusable key management. Outline team doesn't have a lot of bandwidth, so we can't build it.

Is there anything on the roadmap for a configuration server. We are not agreeing every user having a manager installation. Is there a way for manager client to be installed that may have a key of its own, which avoids having to sign in to digital ocean, etc. Some server is managing the request to create the server.

Mobile Manager. Ideally will have web based. Issue is server doesn't have a domain name when you create a server, so you can't have a domain based certificate, which in turn blocks the website from accessing the server. You need a domain name, because it complicates user experience, b/c they now have to go to a thirdparty. For more large providers do have domain names. We are working on an outline server based on the

Caddy server platform, which seems promising. We can run a manager web app on that server that will be able to talk to it.

Maybe to be really specific, is there any possibility of the Manager software functionality effectively operating like a web server. Rather than the client having a web server available.  A server that manages other servers, that may have much more realistic firewall.

We are using outline for our organization. we are about maybe 6-10 people, it has been working amazing. we are trying to see if we can set it up for civil society countries where VPN is restricted or during specific times they are being restricted. In venezula, alot of VPNs were being blocked, we were evaluation Outline as alternative, for some orgs that are trying to find cheap solutions for VPNs. Are there any application for more users? Is there a limit? Is there a ceiling? What is the best way to reach out to you, if we have follow up questions?

Outline we work with some providers that had 1,000 users. It takes a while to breakdown, you can increase the size of your server. Stick to one machine and grow it as you go, and use IP assignment features without having to destroy the machine.

How does it work out during grey outs?

If they are blocking the network it becomes harder, you can't do much. There are situations in Iran where they disconnected local internet from the outside. so you only have the intranet available. What you can setup a multi-hop system. Youc an run a lcoal server that has access to the outside. Its complicated, but it can be done. You can still use it for some

On our side, we feel positive, working case study on how to use. We have 20 something mobile apps using outline. We use an external vendor> we want to build our own server

We developed Noticias sin Filtro, we are using it as our primary proxy Outline. We have been very successful deploying an Android Ios. There is no cases of censorship, and our aim with this, is to read Venezuela news, without having to think about how to download, etc VPN. What i think is more useful si that its very easy to setup, even for people that don't' have as much technical knowledge. That has been really helpful.

@Ben We did look at the different ways individuals and organizations have used the Outline technology to scale. Those findings are here: https://okthanks.com/blog/2024/4/9/growing-with-the-people

The Jigsaw team is great for developers. We worked with them from the beginning. Mobile apps SDK. Right now the information that can be found in the github has been very helpful and more than enough. to make it work with