Install Outline VPN server to hide your internet activity.

I will use management port 42905 (TCP) and access key port 9817 (both TCP and UDP), but not specifing these ports during installation process will result in random ports which is a good solution.

Install server application

Check operating system version.

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.2 LTS
Release:	22.04
Codename:	jammy

Update package index.

$ sudo apt update

Upgrade system packages.

$ sudo apt upgrade

Install dynamically managed firewall.

$ sudo apt install firewalld

Open access key port.

$ sudo firewall-cmd --add-port=9817/tcp --zone=public
$ sudo firewall-cmd --add-port=9817/udp --zone=public

Open management port.

$ sudo firewall-cmd --add-port=42905/tcp --zone=public

Display current configuration.

$ sudo firewall-cmd --list-all --zone public
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: dhcpv6-client ssh
  ports: 9817/tcp 9817/udp 42905/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Store current configuration.

$ sudo firewall-cmd --runtime-to-permanent

Install docker.

$ sudo apt install docker.io

Execute Outline VPN installation script.

$ sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh) --api-port=42905 --keys-port=9817"
> Verifying that Docker is installed .......... OK
> Verifying that Docker daemon is running ..... OK
> Setting PUBLIC_HOSTNAME to external IP ...... OK
> Creating persistent state dir ............... OK
> Generating secret key ....................... OK
> Generating TLS certificate .................. OK
> Generating SHA-256 certificate fingerprint .. OK
> Writing config .............................. OK
> Starting Shadowbox .......................... OK
> Starting Watchtower ......................... OK
> Waiting for Outline server to be healthy .... OK
> Creating first user ......................... OK
> Adding API URL to config .................... OK
> Checking host firewall ...................... OK

CONGRATULATIONS! Your Outline server is up and running.

To manage your Outline server, please copy the following line (including curly
brackets) into Step 2 of the Outline Manager interface:

{"apiUrl":"https://46.101.244.51:42905/kO_0ZyU_LBjH2flrWUKPOA","certSha256":"E01A955F9FE8EADAD05C44F3597FB481E0019A41943E0A9A81288B23567A4975"}

If you have connection problems, it may be that your router or cloud provider
blocks inbound connections, even though your machine seems to allow them.

Make sure to open the following ports on your firewall, router or cloud provider:
- Management port 42905, for TCP
- Access key port 9817, for TCP and UDP

Server is ready.

Install manager application

Download manager application on desktop.

$ wget https://s3.amazonaws.com/outline-releases/manager/linux/stable/Outline-Manager.AppImage

Ensure that AppImage is executable.

$ chmod +x Outline-Manager.AppImage 

Ensure that application is inside the PATH.

$ sudo mv Outline-Manager.AppImage /usr/local/bin/

Start application and open set up Outline anywhere.

Provide connection data.

Inspect server settings.

Inspect dashboard.

Generate and share key to the client.

Install client application

Download client application on desktop.

$ wget https://s3.amazonaws.com/outline-releases/client/linux/stable/Outline-Client.AppImage

Ensure that AppImage is executable.

$ chmod +x Outline-Client.AppImage 

Ensure that application is inside the PATH.

$ sudo mv Outline-Client.AppImage /usr/local/bin/

Start application, add access key.

Connect to the server.

Additional notes

The only issue I have experienced with this solution is the hardcoded DNS see DNS & Pi-Hole? #486 and Pls stop hardcoding DNS resolver in client #568.