Hello, so I just set up Outline on my VPS via outline-server-multiarch since I have an AMD64 cpu using the setup script provided which ran with no errors.
Now, I want to use my own domain instead of IPs for my connections (eg outline.example.com), how do I do that? I would like to switch out both Management API and access keys to use a subdomain domain instead of IP. Thanks.
I don’t think this is directly supported by the Outline manager, but it’s easy to pull off. Once you have the VPS connected to your domain in your DNS records, just swap the IP address for the domain in the shadowsocks link. Keep the port after the colon. It’ll work fine.
I have a similar question, I used dynu ddns to create a domain name for my servers IP, th thing is thag I can choose a TTL for it and if it’s too low it updates the IP quickly but makes a lot more DNS queries, and if it’s too high it probably won’t solve the problem I’m having, my question is that if I choose TTL as low as possible therefore making more and more DNS queries, does that make the VPN easier to detect?
That worked! I also managed to figure out accessing the manager with my domain, I had to remove /?outline=1 part and it worked flawlessly. And I only needed to change the “Hostname” setting in the manager to automatically apply my domain to newly generated keys.
for anyone reading in the future, here’s what it looks like, assuming default port:
{"apiUrl":"https://outline.example.com:10807/APIKEY","certSha256":"CERT"}
these credentials are accessible from /opt/outline/access.txt
and for the access key: ss://[email protected]:32228/?outline=1
Detected by whom? Your ISP still see that for every X amount of bytes transferred there’s a corresponding traffic on the other way, that would easily clue them of you hosting a VPN server regardless of your protocol. Sites you visit still see your home IP anyway, they don’t really care that you have a DDNS pointing to your IP since it’s a normal scenario for anyone who either self-host or have a device that require such functionality.
For anyone who really cares, it will always be easy at the ISP level to determine that you’re using a VPN. The ports and traffic patterns give it away. You can run it over port 443, but VPNs have pretty distinguishable traffic patterns. This is how the China’s firewall actively identifies and blocks VPN connections, which they they have been able to do with Shadowsocks for a few years now.
Do you suggest any obfuscation methods to make it harder for them to piece it together? I already use prefixing and only allow 100 users on each VPS.
I already use port 443 and add a prefix to my keys as an obfuscation method and it has worked fine for a little more than a month and still working, I’m trying to improve it here and there everyday but unfortunately I feel like I’ve done everything I can and now I’m limited to outline’s features and tools. Would be nice to get a few new features and maybe even new protocols and obfuscation techniques.