Advanced Outline Deployments for Resilience and Scale

From TCU Wiki
2023 VPN Village.png

This session is part of the 2023 VPN Village, a two-week virtual series of events focused on VPN user education and solidarity. The sessions held over the last week of November and first week of December will focus on regional user education, legal challenges to using VPNs, and using and scaling your own circumvention tools.

  • Date: Wednesday, November 29
  • Time: 8am EST / 1pm UTC (what time is it in my city?)
  • Who: Vinicius Fortuna
  • Location: BigBlueButton or Zoom (Link to the meeting will be shared with attendees the week of the event)

👉🏾 RSVP:

Advanced Outline Deployments for Resilience and Scale

In this session we will learn about ways to extend Outline and customize your deployment to make your service more resilient to blocking and scale better.

Speaker: Vinicius Fortuna, Lead Engineer for Internet Freedom at Google’s Jigsaw.

Vinicius Fortuna is the engineering lead of the team at Google’s Jigsaw that protects people’s ability to participate in the global internet. He has led the team through initiatives to prevent censorship via stronger internet standards and platforms, mitigate censorship via circumvention tools such as the Outline VPN and Intra, and expose censorship via measurements and data analysis.


Advanced outline.png

Connect with the Outline team on the TCU Mattermost!

Presentation Slides

The presentation slides overview:

  • Scaling: Approaches for supporting 100+ users with shared keys (static or dynamic) or automation
  • Server Metrics
  • Automation for Key Distribution
  • Advanced Outline Deployments: Using outline-ss-server
  • Censorship Resilience: Approaches for different censorship threats

--> If you are running an Outline server at home, you can consider using outline-ss-server directly:

Questions for the Participants

What ways have you extended the Outline server?

  • I have hosted Outline server on my home network using an off the shelf x86 mini PC (~$150 on Amazon). I am planning to try that on a Raspberry Pi too. I have tried the Prometheus metrics also. In my case, DigitalOcean/AWS/GC were blocked in Iran and I had to look for a VPS that worked. I ended up using Vultr and got an instance in Sweden. It can be helpful to have a per-country recommendation guide on which VPS to use for which country
  • I have seen people using IPBAN to prevent access to Iranian websites through VPN to prevent Ip leaks:
    • Ban IPs from areas that aren't your target users

What things have you wanted to build and you were not able?

  • Block incoming/outgoing traffic on a country basis. Get insights on why certain users could connect and others couldn't.