How to Host Your Own VPN with Algo and Cloud Hosting

A digital illustration of a smartphone and laptop connected to a VPN.

Companies around the world are selling VPN services to secure your online business, but can you really trust a VPN provider? If you wish, you can create your own virtual private network with open-source Algo softwareand the cloud hosting provider of your choice.

VPN and trust

Regardless of what the privacy policy regarding security audits says or claims on a corporate blog, nothing prevents a VPN from monitoring everything you do online. At the end, choose a VPN service it all comes down to trust.

If you don’t trust faceless online services, an alternative is to run your own VPN server. Previously, this task was daunting, but thanks to the open source Algo project of the security society Trail of Bits, creating your own VPN is now easy.

For $ 5 a month, you can run and control your own full-time VPN server. Even better, you can use Algo to configure and destroy VPN servers as needed and save money in the process.

To configure Algo, you must use the command line. If it’s off-putting, don’t worry, we’ll walk you through each step.

These instructions may seem like a lot, but it’s only because we explain as much as possible. Once you’ve created a VPN with Algo multiple times, it shouldn’t take much time. In addition, you only need to configure the Algo installation environment once. After that, you can create a new VPN server with a few keys.

But can you believe that Algo scripts do nothing wrong? Well the good news is Algo code is public on GitHub for anyone to watch. In addition, many security experts are interested in the Algo project, which makes harm less likely.

RELATED: What is a VPN and why would I need it?

What Algo can (and cannot) do

A VPN is a good way to protect your online activity, especially on a public Wi-Fi network in an airport or a cafe. A VPN makes web browsing more secure and prevents any malicious actor who could be on the same local Wi-Fi network. A VPN can also help if your ISP restricts certain types of traffic, such as torrents.

But beware, pirates! Downloading loot through your own VPN is not a good idea, as activity can more easily be traced back to you.

Also, if you want to watch Netflix over your VPN, you’ll have to look elsewhere – Algo doesn’t work with it. However, there are many commercial services that support Netflix.

Prerequisites for Algo

To get a working Algo VPN server, you need a Unix Bash shell. On a Mac or Linux system, you can use your Terminal program, but on Windows, you will need to activate the subsystem for Linux. Here is how to install and use the Linux Bash shell on Windows 10.

You will also need an account with a cloud server host. Algo takes care of all of the following:

If you have never used one of these services, we recommend DigitalOcean because it is very user-friendly. This is also the service we use in this tutorial. The process will be a little different if you use another provider.

When your DigitalOcean account is ready, log in, then, in the main dashboard, select “API” in the left rail under “Account”.

On the next page, click “Generate a new token”. An access token is a long chain of letters and numbers that provides access to account resources without a user name and password. You will need to name the new token. Generally, it’s a good idea to name it after the application you’re using, such as “algo” or “ian-algo” (if your first name is Ian).

DigitalOcean “Applications and API” menu.

Once the new token is generated, copy and paste it into a text document on your desktop. You will need it in a few minutes.

Configuring your environment

Back on your desktop, open a new terminal window, type cd (to “change directory”, which is what folders are called in the Unix world), and press Enter. This will allow you to work from the personal directory of the terminal.

At the time of writing, Algo requires Python 3.6 or later. Type the following in your terminal program:

python3 –version

If you get a response like Python 3.6.9, you’re good to go; otherwise, you will need to install Python 3.

To install Python 3 on Mac, you can use the Homebrew Package Manager. When Homebrew is ready to start, type the following command in a terminal window:

install byth python3

If you are using Ubuntu Linux or WSL on Windows, they should have Python 3 by default. Otherwise, the installation methods vary depending on your version of Linux. Search online for “install Python 3 on [insert your version of Linux here]”For instructions.

Next, you need to install Virtualenv from Python3 to create an isolated Python environment for Algo. Type the following in Bash on a Mac:

python3 -m pip install –upgrade virtualenv

On Ubuntu Linux and WSL, the command is as follows:

sudo apt install -y python3-virtualenv

Note that we customize this tutorial for Ubuntu and the associated distributions, but these instructions will also work for other versions of Linux with some minor modifications. If you are using CentOS, for example, you should change the instructions to apt with dnf.

Next, we need to download Algo with the wget command. Macs haven’t installed wget by default, so to get it via Homebrew, type the following:

brew install wget
The wget utility in a terminal window.The wget utility recovering Algo installation files.

Now download the Algo files:

wget https://github.com/trailofbits/algo/archive/master.zip

Once wget is finished, there will be a compressed file called “master.zip” in the personal directory of your terminal; check this with ls.

If you see “master.zip” in the list of files and folders that appears, you are ready to go. Otherwise, try to run wget again.

Now we have to decompress the file, so we type the following:

unzip master.zip

After that, press ls again. You should now see a new folder in your home directory called “algo-master”.

We’re almost ready to act, but first, we need to configure our isolated environment and install a few other dependencies. This time, we will work in the “algo-master” folder.

Type the following to switch to the folder:

cd ~ / algo-master

Make sure you are there with this command:

pwd

It means “print the working directory” and it should show you something like / home / Bob / algo-master or / Users / Bob / algo-master. Now that we are in the right place, let’s prepare everything.

Copy and paste or type the command below on one line (do not press Enter until the end):

python3 -m virtualenv –python = “$ (command -v python3)” .env && source .env / bin / activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt

The Bash terminal operates in a terminal window.

This triggers a lot of actions in the Algo directory to prepare to run.

Next, you need to name your users for the VPN. If you don’t name them all now, you will either need to keep the security keys (which are less secure), or start a new server from scratch later.

In either case, type the following in the terminal:

nano config.cfg

An Algo configuration file in a terminal window.

This opens the user-friendly command line text editor, Nano. The Algo configuration file contains a lot of information, but we are only interested in the part that says “users”. All you have to do is delete the default usernames (phone, laptop, office) and type a name for each device you want on your VPN.

For example, if I create a VPN for myself, Bill and Mary, the configuration file might look like this:

users: – Ian_PC – Bill_Mac – Mary_PC – Ian_Android – Bill_iPhone – Mary_iPhone

Once you’ve named everyone, press Ctrl + O to save the file, then press Ctrl + X to exit.

We’re almost ready to take action, but Windows users need to take a detour first. WSL generally does not set the correct user permissions for the Algo folder, which confuses Ansible (the tool that Algo relies on to deploy a server).

On WSL, type the following to return to your home directory:

CD

Then type the following:

chmod 755 -R ~ / algo-master

To return to the Algo folder, type:

cd ~ / algo-master

Running Algo

Algo configuration files running in a terminal window.

And now is the moment of truth.

In the algo-master folder, enter the following in the terminal window:

./algo

The Algo configuration should start working. You’ll know it works when it asks you which cloud provider you want to use. In our case, we select the number (1) for DigitalOcean.

If Algo fails, there could be a number of reasons that we cannot foresee here. If the error indicates that your directory is “configurable in global writing”, follow the instructions above to modify the permissions.

If you get a different error, check the troubleshooting page in the Algo project repository on GitHub. You can also copy the error message and paste it into Google to find it. You should find a message on the forum that will help you, as it is unlikely that you will be the first person to receive this error.

Next, you will be asked for the access token that you previously copied from your DigitalOcean account. Copy and paste it into the terminal. You will not see anything because Bash does not display characters for password and security phrase entries. As long as you hit paste and then hit enter, it should be fine.

If that fails, you might have just messed up the dough, which everyone does in Bash. Just type the following to try again:

./algo

When Algo is running, answer the questions it asks. These are all fairly simple, like what you want to name your server (using “algo” in the name is a good idea).

Then it will ask you if you want to activate “Connect on Demand” for Mac and iOS devices. If you are not using any of these devices, type N for no. It will also ask you if you want to keep the PKI keys to add more users later; usually you also type N here.

That’s all! Algo will now take approximately 15 to 30 minutes to get your server up and running.

Use Algo

The WireGuard logo.

When Algo has completed its configuration, the terminal returns to a command line prompt, which means that the VPN is ready to operate. Like many commercial services, Algo uses the WireGuard VPN protocol, which is the hottest new feature in the VPN world. Indeed, it offers good security, higher speeds and is easier to use.

For example, what to do next, we will activate Algo on Windows. To configure other devices, you can refer to Algo repository on GitHub.

First, we will install the generic Windows desktop client from the WireGuard website. Then we have to feed the program our configuration file for the PC. Configuration files are stored deep in the algo-master folder at: ~ / algo-master / configs /[VPN server IP address]/ wireguard /.

There are two types of files for configuring VPN client devices: .CONF and .PNG. These are QR codes for devices like phones, which can scan QR codes. .CONF files (configuration) are text files for desktop WireGuard clients.

On Mac and Ubuntu, it shouldn’t be difficult to find the algo-master folder outside of the command line. On Mac, algo-master is located in the Home folder; just use Finder> Go> Home to get there. On Ubuntu, you can open Nautilus and it will be in the Home folder.

On Windows, however, WSL is separate from the rest of the operating system. For this reason, it is simply easier to copy the files with the command line.

Using our previous example, let’s say we want the “Mary-PC.conf” configuration file to be used on a Windows 10 PC. The command would look like this:

cp ~ / algo-master / configs /[VPN server IP address]/wireguard/Mary-PC.conf / mnt / c / Users /[your Windows user account name]/ Office /

Note the space between Mary-PC.conf and / mnt /; This is how Bash knows where the file to copy is located and where it is going. Case is also important, so be sure to type capital letters where specified.

It is natural under Windows to want to capitalize the C in the “C: ” drive, but in Bash not. Also, don’t forget to replace the bits in parentheses with the actual information from your PC.

For example, if your user folder is on the “D: ” drive, not on the “C: “, replace / mnt / c / with / mnt / d /.

Once the file is copied, open the WireGuard client for Windows. Click on “Import tunnels from a file”, then select your configuration file on the desktop. After that click on “Activate”.

In a few seconds, you will be connected to your own VPN!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.