Chuyển đến nội dung chính

How to Host Your Own VPN with Algo and Cloud Hosting

A digital illustration of a smartphone and laptop connected to a VPN.

Companies all over the world sell VPN services to secure your online activity, but can you really trust a VPN provider? If you want, you can create your own virtual private network with the open-source Algo software, and the cloud-hosting provider of your choice.

VPNs and Trust

Regardless of what the privacy policy says or boasts about security audits on a company blog, there's nothing stopping a VPN from monitoring everything you do online. In the end, choosing a VPN service all comes down to trust.

If trusting faceless online services isn't your thing, one alternative is to run your own VPN server. This used to be a daunting task, but thanks to the open-source project Algo from security company Trail of Bits, creating your own VPN is now easy.

For $5 per month, you can run and control your own full-time VPN server. Even better, you can use Algo to set up and tear down VPN servers as you need them, and save money in the process.

To set-up Algo, you have to use the command line. If that's off-putting, don't worry—we'll walk you through every step.

These instructions might seem like a lot, but that's only because we're explaining as much as we can. Once you've created a VPN with Algo a few times, it shouldn't take very long at all. Plus, you only have to set up Algo's installation environment once. After that, you can create a new VPN server with a few keystrokes.

But can you trust that Algo's scripts aren't doing anything untoward? Well, the good news is Algo's code is public on GitHub for anyone to look at. Plus, many security experts are interested in the Algo project, which makes misdeeds less likely.

RELATED: What Is a VPN, and Why Would I Need One?

What Algo Can (and Can't) Do

A VPN is a good way to protect your online activity—especially on a public Wi-Fi network in an airport or coffee shop. A VPN makes web browsing more secure and stymies any malicious actors who might be on the same local Wi-Fi network.  A VPN can also help if your ISP restricts certain kinds of traffic, like torrents.

But watch out, pirates! Downloading booty through your own VPN isn't a good idea, as the activity can more easily be traced back to you.

Also, if you wanna watch Netflix over your VPN, you'll have to look elsewhere—Algo doesn't work with it. However, there are many commercial services that do support Netflix.

Prerequisites for Algo

To get an Algo VPN server up and running, you need a Unix Bash shell. On a Mac or Linux system, you can use your Terminal program, but on Windows, you'll have to activate the Subsystem for Linux. Here's how to install and use the Linux Bash shell on Windows 10.

You'll also need an account at a cloud server hosting provider. Algo supports all of the following:

If you've never used any of these services, we recommend DigitalOcean, as it's very user-friendly. It's also the service we're using in this tutorial. The process will be a bit different if you use a different provider.

When your DigitalOcean account is ready to go, sign in, and then, from the primary dashboard, select "API" from the left rail under the "Account" heading.

On the next page, click "Generate New Token." An access token is a long string of letters and numbers that permits access to account resources without a username and password. You'll need to name the new token. Generally, it's a good idea to name it after the application you're using, such as "algo" or "ian-algo" (if your first name happens to be Ian).

The "Tokens/Keys" tab in the "Applications and API" menu on DigitalOcean.
DigitalOcean's "Applications and API" menu.

After the new token is generated, copy and paste it into a text document on your desktop. You'll need it in a few minutes.

Setting Up Your Environment

Back on your desktop, open a fresh terminal window, type cd (for "change directory," which is what folders are called in the Unix world), and hit Enter. This will ensure you're working from the terminal's home directory.

At this writing, Algo requires Python 3.6 or later. Type the following into your terminal program:

python3 --version

If you get a response like Python 3.6.9, you're good to go; if not, you'll have to install Python 3.

To install Python 3 on Mac, you can use the Homebrew package manager. When Homebrew's ready to go, type the following command in a Terminal window:

brew install python3

If you're using Ubuntu Linux or WSL on Windows, they should have Python 3 by default. If not, installation methods vary depending on your version of Linux. Search online for "install Python 3 on [insert your version of Linux here]" for instructions.

Next, you need to install Python3's Virtualenv to create an isolated Python environment for Algo. Type the following in Bash on a Mac:

python3 -m pip install --upgrade virtualenv

On Ubuntu Linux and WSL, the command is the following:

sudo apt install -y python3-virtualenv

Note that we're tailoring this tutorial for Ubuntu and related distributions, but these instructions will also work for other versions of Linux with some minor alterations. If you're using CentOS, for example, you'd substitute the instructions using apt with dnf.

Next, we need to download Algo with the wget command. Macs don't have wget installed by default, so to get it via Homebrew, type the following:

brew install wget
The wget utility in a terminal window.
The wget utility grabbing the Algo installation files.

Now, let's download Algo's files:

wget https://github.com/trailofbits/algo/archive/master.zip

After wget finishes, there will be a compressed file called "master.zip" in your terminal's home directory; let's check that with ls.

If you see "master.zip" in the list of files and folders that appears, you're good to go. If not, try running wget again.

Now, we need to unzip the file, so we type the following:

unzip master.zip

After that's done, hit ls again. You should now see a new folder in your home directory called "algo-master."

We're almost ready for action, but first, we need to set up our isolated environment and install a few more dependencies. This time we'll work inside the "algo-master" folder.

Type the following to switch to the folder:

cd ~/algo-master

Make sure you're there with this command:

pwd

This stands for "print working directory," and it should show you something like /home/Bob/algo-master or /Users/Bob/algo-master. Now that we're in the right place, let's get everything ready.

Either copy and paste or type the command below on a single line (don't press Enter until the end):

python3 -m virtualenv --python="$(command -v python3)" .env && source .env/bin/activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt

The Bash terminal working in a terminal window.

This triggers a whole lot of action inside the Algo directory to prepare to run.

Next, you have to name your users for the VPN. If you don't name all of them now, you'll either have to hold onto the security keys (which is less secure) or start a new server from scratch later on.

Either way, type the following in terminal:

nano config.cfg

An Algo configuration file in a terminal window.

This opens the user-friendly command-line text editor, Nano. The Algo config file has a lot of information in it, but we're only interested in the part that says "users." All you have to do is remove the default usernames (phone, laptop, desktop), and type a name for each device you want on your VPN.

For example, if I'm creating a VPN for myself, Bill, and Mary, the config file might look like the following:

users: - Ian_PC - Bill_Mac - Mary_PC - Ian_Android - Bill_iPhone - Mary_iPhone

Once you've named everyone, press Ctrl+O to save the file, followed by Ctrl+X to exit.

We're almost ready for action, but first Windows folks need to take a little detour. WSL usually doesn't set the correct user permissions for the Algo folder, which upsets Ansible (the tool Algo relies on to deploy a server).

On WSL, type the following to go back to your home directory:

cd

Then, type the following:

chmod 755 -R ~/algo-master

To go back to the Algo folder, type:

cd ~/algo-master

Running Algo

Algo setup files running in a terminal window.

And now is the moment of truth.

From the algo-master folder, type the following in the terminal window:

./algo

The Algo configuration should start running. You'll know it's working when it asks which cloud provider you'd like to use. In our case, we select the number (1) for DigitalOcean.

If Algo fails, it could be a number of reasons we can't possibly predict here. If the error says your directory is "world write configurable," then follow the instructions above for changing permissions.

If you get a different error, check the troubleshooting page in the Algo project repository on GitHub. You can also copy the error message and paste it in Google to search for it. You should find a forum post that will help, as it's unlikely you're the first person to receive that error.

Next, you'll be asked for the access token you copied earlier from your DigitalOcean account. Copy and paste it into terminal. You won't see anything because Bash doesn't display characters for password- and security-phrase entries. As long as you hit paste, and then press Enter, though, it should be fine.

If it fails, you might have just messed up the paste, which everyone does in Bash. Just type the following to try again:

./algo

When Algo is running, answer the questions it asks. These are all pretty straightforward, like what you want to name your server (using "algo" in the name is a good idea).

Next, it will ask if you want to enable "Connect on Demand" for Mac and iOS devices. If you're not using any of those devices, type N for no. It will also ask if you want to keep the PKI keys to add more users later; generally, you'll type N here, as well.

That's it! Algo will now take about 15 to 30 minutes to get your server up and running.

Using Algo

The WireGuard logo.

When Algo finishes its setup, the terminal returns to a command-line prompt, which means the VPN is ready to go. Like a lot of commercial services, Algo uses the WireGuard VPN protocol, which is the hottest new thing in the world of VPNs. This is because it offers good security, greater speeds, and is easier to work with.

As an example of what to do next, we'll activate Algo on Windows. To set up other devices, you can refer to the Algo repository on GitHub.

First, we'll install the generic Windows desktop client from the WireGuard site. Next, we have to feed the program our config file for the PC. The configuration files are stored deep in the algo-master folder at: ~/algo-master/configs/[VPN server IP address]/wireguard/.

There are two types of files for configuring VPN client devices: .CONF and .PNG. The latter are QR codes for devices like phones, that can scan QR codes. The .CONF (configuration) files are text files for the desktop WireGuard clients.

On Mac and Ubuntu, it shouldn't be hard to find the algo-master folder outside of the command line.  On Macs, algo-master is in the Home folder; just use Finder > Go > Home to get there. On Ubuntu, you can open Nautilus, and it'll be in the Home folder.

On Windows, however, WSL is separate from the rest of the OS. For this reason, it's just easier to copy the files over with the command line.

Using our previous example, let's say we want the "Mary-PC.conf" configuration file to use on a Windows 10 PC. The command would look something like this:

cp ~/algo-master/configs/[VPN server IP address]/wireguard/Mary-PC.conf /mnt/c/Users/[your Windows user account name]/Desktop/

Note the space between Mary-PC.conf and /mnt/; that's how Bash knows where the file to be copied is located, and where it's going. Case also matters, so make sure you type capitals where specified.

It's natural on Windows to want to capitalize the C in "C:" drive, but in Bash you don't. Also, don't forget to replace the bits in brackets with the actual information for your PC.

For example, if your user folder is on the "D:" drive, not the "C:," then replace /mnt/c/ with /mnt/d/.

Once the file is copied, open the WireGuard for Windows client. Click "Import Tunnels From File," and then select your configuration file on the desktop. After that's done, click "Activate."

In just a few seconds, you'll be connected to your very own VPN!

See details

Nhận xét

Popular Posts

Nicaraguan National Pleads Guilty to Conspiring to Distribute Cocaine and Marijuana on the Darknet

SACRAMENTO, Calif. — Eddy Steven Sandoval Lopez, 23, a Nicaraguan national residing in Sacramento, pleaded guilty today to conspiracy to distribute controlled substances, U.S. Attorney McGregor W. Scott announced. According to court documents, Sandoval Lopez distributed cocaine and marijuana on a darknet site, Dream Market, using the vendor accounts “CokeWave,” “SafeDealsDirect,” and “HerbanFarmer.” The Dream Market allowed individuals to sell narcotics and other illegal goods and services. In return for his cocaine and marijuana sales, Sandoval Lopez received $97,891 in bitcoin from his customers. This case is the product of an investigation by the Northern California Illicit Digital Economy Task Force (NCIDE), composed of agents from Homeland Security Investigations, the Federal Bureau of Investigation, the U.S. Postal Inspection Service, and the Drug Enforcement Administration. The NCIDE Task Force is a joint federal task force focused on targeting all forms of darknet and cryptocur...

E-Commerce Company Pleads Guilty To Antitrust Charge

Gennex Media and its President Sentenced for Conspiracy To Fix Prices of Promotional Products Sold Online Gennex Media LLC (aka Brandnex.com and PMGOA) pleaded guilty and was sentenced today for conspiring to fix prices for customized promotional products sold online to customers in the United States.   Gennex Media’s president, Akil Kurji, was also sentenced today for his role in the conspiracy. According to the felony charges filed on Nov. 1, 2018, and the plea agreement filed today in the U.S. District Court for the Southern District of Texas in Houston, Gennex Media, its president, Akil Kurji, and their co-conspirators agreed to fix the prices of customized promotional products sold online from May 2014 until at least June 2016.   The customized promotional products subject to the conspiracy included wristbands, lanyards, temporary tattoos, and buttons.   The defendants and their co-conspirators used social media platforms and encrypted messaging applications, such a...

Episode 177 - FSI2015 and Summer Plans

05/31/2015 It's Sunday, May 31st, 2015 and welcome to Episode 177 of TechTalk4Teachers, I'm Tom Grissom. Welcome to Episode 177 of the TechTalk4Teachers podcast, the show about teaching and learning with technology. I am starting out solo this month but we do have a pre-recorded segment with Cindy about our summer plans.  I am back from the #FSI2015 Conference and reflecting back on some of the approaches we take for teaching and learning. We end with our Technology Picks of the Week. Click on the Player to listen to this podcast Your browser does not support the audio element. If player does not work in your browser  Right Click Here to Download MP3 (38 minutes 55 seconds)  In this episode... I am freshly back from the Faculty Summer Institute 2015 Conference and share some of my thoughts about the conference. Cindy and I recorded a segment earlier this month about our summer plans that we share and we end with our Technology Picks of the Week. Show Notes Faculty ...