Silence censorship. Automate the effect.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Nick Gnazzo 38733e53a2 Adds certbot deploy hook to reload nginx after renewal (#1688) 3 days ago
.github Update all Github repository links. (#983) 2 years ago
deploy Rename vars.yml (#1536) 8 months ago
documentation Add IncludeSec audit report to repo. (#1526) 9 months ago
global_vars ad-blocking via dnsmasq; disable cloudflared in CI 2 months ago
inventories Update venv builder for upstream module changes, more compatibility (#1140) 1 year ago
library Ansible 2.8.4; update to digital_ocean_droplet module; vendor Algo's patched version 3 months ago
playbooks Adds certbot deploy hook to reload nginx after renewal (#1688) 3 days ago
tests [Temporary] workaround for v2ray/core insecure redirect issue (#1651) 2 months ago
util Ansible 2.8.4; update to digital_ocean_droplet module; vendor Algo's patched version 3 months ago
.gitignore Change install instructions to use virtualenv './venv' (#1347) 1 year ago
.travis.yml ad-blocking via dnsmasq; disable cloudflared in CI 2 months ago
Advanced installation.md Split README.md into smaller, easier-to-read pieces (#1520) 9 months ago
CONTRIBUTING.md Fix CONTRIBUTING.md typo (#1377) 1 year ago
Features.md Split README.md into smaller, easier-to-read pieces (#1520) 9 months ago
Installation.md Small documentation fix caused by block quotes (#1534) 8 months ago
LICENSE Feature: DNS-over-HTTPS option implemented with cloudflared (default: yes) (#1591) 4 months ago
README-chs.md Upgrade digitalocean module 3 months ago
README-fr.md Fix typo: certifcate -> certificate (#1497) 11 months ago
README-ru.md Upgrade digitalocean module 3 months ago
README.md Adding V2ray Support for Shadowsocks (#1508) 6 months ago
Services.md Make V2ray-plugin optional (#1585) 4 months ago
Vagrantfile Rename vars.yml (#1536) 8 months ago
Vagrantfile.remotetest Add new remote-test Vagrantfile, docs on usage. (#734) 2 years ago
ansible.cfg Ansible 2.8.4; update to digital_ocean_droplet module; vendor Algo's patched version 3 months ago
logo.jpg Add the logo to the repository. 4 years ago
requirements.txt Ansible 2.8.4; update to digital_ocean_droplet module; vendor Algo's patched version 3 months ago
streisand Rename vars.yml (#1536) 8 months ago

README.md

Streisand

Automate the effect


English, Français, 简体中文, Русский | Mirror


Build Status Twitter

Streisand

Silence censorship. Automate the effect.

The Internet can be a little unfair. It’s way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough. Or is it?

If you have an account with a cloud computing provider, Streisand can set up a new node with many censorship-resistant VPN services nearly automatically. You’ll need a little experience with a Unix command-line. (But without Streisand, it could take days for a skilled Unix administrator to configure these services securely!) At the end, you’ll have a private website with software and instructions.

Here’s what a sample Streisand server looks like.

There’s a list of supported cloud providers; experts may be able to use Streisand to install on many other cloud providers.

VPN services

One type of tool that people use to avoid network censorship is a Virtual Private Network (VPN). There are many kinds of VPNs.

Not all network censorship is alike; in some places, it changes from day to day. Streisand provides many different VPN services to try. (You don’t have to install them all, though.)

Some Streisand services include add-ons for further censorship and throttling resistance:

See also:

Cloud providers

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Digital Ocean
  • Google Compute Engine (GCE)
  • Linode
  • Rackspace

Other providers

We recommend using one of the above providers. If you are an expert and can set up a fresh Ubuntu 16.04 server elsewhere, there are “localhost” and “existing remote server” installation methods. For more information, see the advanced installation instructions.

Installation

You need command-line access to a Unix system. You can use Linux, BSD, or macOS; on Windows 10, the Windows Subsystem for Linux (WSL) counts as Linux.

Once you’re ready, see the full installation instructions.

Things we want to do better

Aside from a good deal of cleanup, we could really use:

  • Easier setup.
  • Faster adoption of new censorship-avoidance tools

We’re looking for help with both.

If there is something that you think Streisand should do, or if you find a bug in its documentation or execution, please file a report on the Issue Tracker.

Core Contributors

Acknowledgements

Jason A. Donenfeld deserves a lot of credit for being brave enough to reimagine what a modern VPN should look like and for coming up with something as good as WireGuard. He has our sincere thanks for all of his patient help and high-quality feedback.

We are grateful to Trevor Smith for his massive contributions. He suggested the Gateway approach, provided tons of invaluable feedback, made everything look better, and developed the HTML template that served as the inspiration to take things to the next level before Streisand’s public release.

Huge thanks to Paul Wouters of The Libreswan Project for his generous help troubleshooting the L2TP/IPsec setup.

Starcadian’s ‘Sunset Blood’ album was played on repeat approximately 300 times during the first few months of work on the project in early 2014.