How to Host Your Own VPN with Algo and Cloud Hosting – How-To Geek

Companies all over the world sell VPN services to secure your online activity, but can you really trust a VPN provider? If you want, you can create your own virtual private network with the open-source Algo software, and the cloud-hosting provider of your choice.

Regardless of what the privacy policy says or boasts about security audits on a company blog, theres nothing stopping a VPN from monitoring everything you do online. In the end, choosing a VPN serviceall comes down to trust.

If trusting faceless online services isnt your thing, one alternative is to run your own VPN server. This used to be a daunting task, but thanks to the open-source project Algo from security company Trail of Bits, creating your own VPN is now easy.

For $5 per month, you can run and control your own full-time VPN server. Even better, you can use Algo to set up and tear down VPN servers as you need them, and save money in the process.

To set-up Algo, you have to use the command line. If thats off-putting, dont worrywell walk you through every step.

These instructions might seem like a lot, but thats only because were explaining as much as we can. Once youve created a VPN with Algo a few times, it shouldnt take very long at all. Plus, you only have to set up Algos installation environment once. After that, you can create a new VPN server with a few keystrokes.

But can you trust that Algos scripts arent doing anything untoward? Well, the good news is Algos code is public on GitHub for anyone to look at. Plus, many security experts are interested in the Algo project, which makes misdeeds less likely.

RELATED: What Is a VPN, and Why Would I Need One?

A VPN is a good way to protect your online activityespecially on a public Wi-Fi network in an airport or coffee shop. A VPN makes web browsing more secure and stymies any malicious actors who might be on the same local Wi-Fi network. A VPN can also help if your ISP restricts certain kinds of traffic, like torrents.

But watch out, pirates! Downloading booty through your own VPN isnt a good idea, as the activity can more easily be traced back to you.

Also, if you wanna watch Netflix over your VPN, youll have to look elsewhereAlgo doesnt work with it. However, there are many commercial services that do support Netflix.

To get an Algo VPN server up and running, you need a Unix Bash shell. On a Mac or Linux system, you can use your Terminal program, but on Windows, youll have to activate the Subsystem for Linux. Hereshow to install and use the Linux Bash shell on Windows 10.

Youll also need an account at a cloud server hosting provider. Algo supports all of the following:

If youve never used any of these services, we recommend DigitalOcean, as its very user-friendly. Its also the service were using in this tutorial. The process will be a bit different if you use a different provider.

When your DigitalOcean account is ready to go, sign in, and then, from the primary dashboard, select API from the left rail under the Account heading.

On the next page, click Generate New Token. An access token is a long string of letters and numbers that permits access to account resources without a username and password. Youll need to name the new token. Generally, its a good idea to name it after the application youre using, such as algo or ian-algo (if your first name happens to be Ian).

After the new token is generated, copy and paste it into a text document on your desktop. Youll need it in a few minutes.

Back on your desktop, open a fresh terminal window, type cd(for change directory, which is what folders are called in the Unix world), and hit Enter. This will ensure youre working from the terminals home directory.

At this writing, Algo requires Python 3.6 or later. Type the following into your terminal program:

If you get a response likePython 3.6.9, youre good to go; if not, youll have to install Python 3.

To install Python 3 on Mac, you can use the Homebrew package manager. When Homebrews ready to go, type the following command in a Terminal window:

If youre using Ubuntu Linux or WSL on Windows, they should have Python 3 by default. If not, installation methods vary depending on your version of Linux. Search online for install Python 3 on [insert your version of Linux here] for instructions.

Next, you need to install Python3s Virtualenv to create an isolated Python environment for Algo. Type the following in Bash on a Mac:

On Ubuntu Linux and WSL, the command is the following:

Note that were tailoring this tutorial for Ubuntu and related distributions, but these instructions will also work for other versions of Linux with some minor alterations. If youre using CentOS, for example, youd substitute the instructions using apt with dnf.

Next, we need to download Algo with the wget command. Macs dont have wget installed by default, so to get it via Homebrew, type the following:

Now, lets download Algos files:

After wget finishes, there will be a compressed file called master.zip in your terminals home directory; lets check that with ls.

If you see master.zip in the list of files and folders that appears, youre good to go. If not, try running wget again.

Now, we need to unzip the file, so we type the following:

After thats done, hit ls again. You should now see a new folder in your home directory called algo-master.

Were almost ready for action, but first, we need to set up our isolated environment and install a few more dependencies. This time well work inside the algo-master folder.

Type the following to switch to the folder:

Make sure youre there with this command:

This stands for print working directory, and it should show you something like /home/Bob/algo-master or /Users/Bob/algo-master. Now that were in the right place, lets get everything ready.

Either copy and paste or type the command below on a single line (dont press Enter until the end):

This triggers a whole lot of action inside the Algo directory to prepare to run.

Next, you have to name your users for the VPN. If you dont name all of them now, youll either have to hold onto the security keys (which is less secure) or start a new server from scratch later on.

Either way, type the following in terminal:

This opens the user-friendly command-line text editor,Nano. The Algo config file has a lot of information in it, but were only interested in the part that says users. All you have to do is remove the default usernames (phone, laptop, desktop), and type a name for each device you want on your VPN.

For example, if Im creating a VPN for myself, Bill, and Mary, the config file might look like the following:

Once youve named everyone, press Ctrl+O to save the file, followed by Ctrl+X to exit.

Were almost ready for action, but first Windows folks need to take a little detour. WSL usually doesnt set the correct user permissions for the Algo folder, which upsets Ansible (the tool Algo relies on to deploy a server).

On WSL, type the following to go back to your home directory:

Then, type the following:

To go back to the Algo folder, type:

And now is the moment of truth.

From the algo-master folder, type the followingin the terminal window:

The Algo configuration should start running. Youll know its working when it asks which cloud provider youd like to use. In our case, we select the number (1) for DigitalOcean.

If Algo fails, it could be a number of reasons we cant possibly predict here. If the error says your directory is world write configurable, then follow the instructions above for changing permissions.

If you get a different error, check the troubleshooting page in the Algo project repository on GitHub. You can also copy the error message and paste it in Google to search for it. You should find a forum post that will help, as its unlikely youre the first person to receive that error.

Next, youll be asked for the access token you copied earlier from your DigitalOcean account. Copy and paste it into terminal. You wont see anything because Bash doesnt display characters for password- and security-phrase entries. As long as you hit paste, and then press Enter, though, it should be fine.

If it fails, you might have just messed up the paste, which everyone does in Bash. Just type the following to try again:

When Algo is running, answer the questions it asks. These are all pretty straightforward, like what you want to name your server (using algo in the name is a good idea).

Next, it will ask if you want to enable Connect on Demand for Mac and iOS devices. If youre not using any of those devices, type N for no. It will also ask if you want to keep the PKI keys to add more users later; generally, youll type N here, as well.

Thats it! Algo will now take about 15 to 30 minutes to get your server up and running.

When Algo finishes its setup, the terminal returns to a command-line prompt, which means the VPN is ready to go. Like a lot of commercial services, Algo uses the WireGuard VPN protocol, which is the hottest new thing in the world of VPNs. This is because it offers good security, greater speeds, and is easier to work with.

As an example of what to do next, well activate Algo on Windows. To set up other devices, you can refer to the Algo repository on GitHub.

First, well install the generic Windows desktop client from the WireGuard site. Next, we have to feed the program our config file for the PC. The configuration files are stored deep in the algo-master folder at: ~/algo-master/configs/[VPN server IP address]/wireguard/.

There are two types of files for configuring VPN client devices: .CONF and .PNG. The latter are QR codes for devices like phones, that can scan QR codes. The .CONF (configuration) files are text files for the desktop WireGuard clients.

On Mac and Ubuntu, it shouldnt be hard to find the algo-master folder outside of the command line. On Macs,algo-master is in the Home folder; just useFinder > Go > Home to get there. On Ubuntu, you can open Nautilus, and itll be in the Home folder.

On Windows, however, WSL is separate from the rest of the OS. For this reason, its just easier to copy the files over with the command line.

Using our previous example, lets say we want the Mary-PC.conf configuration file to use on a Windows 10 PC. The command would look something like this:

Note the space between Mary-PC.conf and /mnt/; thats how Bash knows where the file to be copied is located, and where its going. Case also matters, so make sure you type capitals where specified.

Its natural on Windows to want to capitalize the C in C: drive, but in Bash you dont. Also, dont forget toreplace the bits in brackets with the actual information for your PC.

For example, if your user folder is on the D: drive, not the C:, then replace /mnt/c/ with /mnt/d/.

Once the file is copied, open the WireGuard for Windows client. Click Import Tunnels From File, and then select your configuration file on the desktop. After thats done, click Activate.

In just a few seconds, youll be connected to your very own VPN!

See the original post here:
How to Host Your Own VPN with Algo and Cloud Hosting - How-To Geek

Related Post

Comments are closed.