Nomad is a streamlined VPN setup automation tool designed to establish secure and efficient connections between internal and external networks. It supports two tunneling methods: tinyfecVPN and EasyTier.
- Server Setup: Automates the configuration of two servers—one in the internal network and one in the external network.
- OS Hardening: Implements essential security practices to harden the operating system.
- SSH Hardening: Enhances SSH configuration for increased security.
- Firewall Configuration: Configures firewall rules to protect servers and secure network traffic.
- 3x-UI Panel Installation: Installs and sets up the 3x-UI panel for simplified VPN management.
- Tunnel Configuration: Configures a VPN tunnel using one of the supported methods for optimized performance.
- Two Servers: One server must be located in the internal network and the other in the external network.
Nomad simplifies complex configurations, making it an ideal tool for secure and efficient VPN setups.
git clone https://github.com/0xAFz/nomad.git
cd nomad/
cp .env.example .env
<your-favorite-editor> .env
cp inventory/sample.yml inventory/hosts.yml
<your-favorite-editor> inventory/hosts.yml
# Review and change parameters under ``inventory/group_vars``
<your-favorite-editor> inventory/group_vars/all/all.yml
<your-favorite-editor> inventory/group_vars/all/preparing.yml
<your-favorite-editor> inventory/group_vars/all/fec.yml
<your-favorite-editor> inventory/group_vars/all/easytier.yml
<your-favorite-editor> inventory/group_vars/all/xui.yml
chmod +x nomad.sh
./nomad.sh
- Check tun interfaces
ip addr
# Excepted result:
3: nomad-fec: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.22.22.1 peer 10.22.22.2/32 scope global nomad-fec
valid_lft forever preferred_lft forever
inet6 fe80::906c:9f4e:59f:1522/64 scope link stable-privacy
valid_lft forever preferred_lft forever
4: nomad-easytier: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1380 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet 10.44.44.1/24 scope global nomad-easytier
valid_lft forever preferred_lft forever
- Check Services Status
systemctl status nomad-fec # (if enabled)
systemctl status nomad-easytier # (if enabled)
- Check FEC tunnel ping from internal network (if enabled)
ping 10.22.22.2
- Check EasyTier tunnel ping from internal network (if enabled)
ping 10.44.44.2
- Open 3x-UI panel in your browser and add your inbounds
# Replace $YOUR_PUBLIC_IP with your servers public IP and $XUI_PORT with port you set in ``inventory/group_vars/all/xui.yml``
http://$YOUR_PUBLIC_IP:$XUI_PORT
# Example
http://192.168.1.100:2053