Companies around the world sell VPN services to secure your online activities, but can you really trust a VPN provider? If you want, you can create your own virtual private network with Algo open-source software, and your preferred cloud hosting provider.
VPN and Trusteeship
If trusting online-faced services is not your thing, one alternative is running your own VPN server. This used to be a daunting task, but thanks to the open-source Algo project from the security company Trail of Bits, making your own VPN is now easy.
For $ 5 per month, you can run and control your own full-time VPN server. Even better, you can use Algo to organize and destroy VPN servers according to your needs, and save money in the process.
To set up Algo, you must use the command line. If that’s wrong, don’t worry – we’ll guide you through each step.
These instructions may seem like a lot, but that is only because we explain as much as we can. After you have created VPN with Algo several times, it shouldn’t take long. Plus, you only need to set the Algo installation environment once. After that, you can create a new VPN server with a few keystrokes.
But can you believe that the Algo script doesn’t do anything you don’t want? Well, the good news is that the Algo code is public on GitHub for anyone to see. Plus, many security experts are interested in the Algo project, which makes mistakes less likely.
What Algo Can (and can’t) Do
VPN is a good way to protect your online activities – especially on public Wi-Fi networks at airports or coffee shops. VPNs make web browsing more secure and any malicious actors who may be on the same local Wi-Fi network. VPNs can also help if your ISP limits certain types of traffic, such as torrents.
But be careful, pirate! Downloading booty via your own VPN is not a good idea, because its activities can be traced back to you more easily.
Also, if you want to watch Netflix through your VPN, I all have to look elsewhere – Algo doesn’t work with it. However, there are many commercial services that support Netflix.
Prerequisites for Algo
To get and run an Algo VPN server, you need a Unix Bash shell. On Mac or Linux systems, you can use your Terminal program, but on Windows, you all need to activate the Subsystem for Linux. Here’s how to install and use the Linux Bash shell on Windows 10.
You will also need an account at a cloud server hosting provider. Algo supports all of the following:
- Amazon Lightsail
- Amazon EC2
- Microsoft Azure
- Google Compute Engine
- Hetzner Cloud
- It also installs to OpenStack and CloudStack instances.
If you have never used one of these services, we recommend DigitalOcean, because it is very user-friendly. This is also a service that we use in this tutorial. The process will be a little different if you use a different provider.
When your DigitalOcean account is ready to sign in, sign in, and then, from the main dashboard, select “API” from the left rail under the “Account” heading.
On the next page, click “Generate New Token.” An access token is a long series of letters and numbers that allows access to account resources without a user name and password. You must give a new token name. In general, it’s best to name after the application you are using, such as “algo” or “ian-algo” (if your first name is Ian).
DigitalOcean “Application and API” menu.
After the new token is created, copy and paste it into a text document on your desktop. You will need it in a few minutes.
Setting Up Your Environment
Return to your desktop, open a new terminal window, type cd (for “directory changes,” called folders in the Unix world), and press Enter. This will ensure that you are working from the terminal’s home directory.
As of this writing, Algo requires Python 3.6 or newer. Type the following into your terminal program:
If you get a response like Python 3.6.9, you can do it; if not, you have to install Python 3.
To install Python 3 on a Mac, you can use the Homebrew package manager. When Homebrew is ready to leave, type the following command in the Terminal window:
brew install python3
If you use Ubuntu Linux or WSL on Windows, the default is Python 3. Otherwise, the installation method varies depending on your version of Linux. Search online for “install Python 3 in [enter your Linux version here]” for instructions.
Next, you need to install Virtualenv Python3 to create an isolated Python environment for Algo. Type the following in Bash on Mac:
python3 -m pip install --upgrade virtualenv
On Ubuntu Linux and WSL, the commands are as follows:
sudo apt install -y python3-virtualenv
Note that we are adjusting this tutorial for Ubuntu and related distributions, but this instruction will also work for other Linux versions with a few minor changes. If you use CentOS, for example, I will replace the instructions using apt with dnf.
Next, we need to download Algo with the wget command. Macs don’t have wget installed by default, so to get it via Homebrew, type the following:
brew install wget
The wget utility takes the Algo installation file.
Now, let’s download the Algo file:
After wget is finished, there will be a compressed file called “master.zip” in your terminal’s home directory; let’s check with ls.
If you see “master.zip” in the list of files and folders that appear, you can do that. If not, try running wget again.
Now, we need to unzip the file, so we type the following:
After it’s finished, press again. Now you will see a new folder in your home directory called “algo-master.”
We are almost ready to act, but first, we need to manage our isolated environment and install a few more dependencies. This time we will work in the “algo-master” folder.
Type the following to switch to the folder:
Make sure you are there with this command:
This stands for “print working directory,” and it will show something like / home / Bob / algo-master or / Users / Bob / algo-master. Now that we are in the right place, let’s prepare everything.
Copy and paste or type the command below in one line (don’t press Enter until the end):
python3 -m virtualenv --python="$(command -v python3)" .env && source .env/bin/activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt
This triggers many actions in the Algo directory to get ready to run.
Next, you must provide your username for the VPN. If you don’t name everything now, you have to hold the security key (which is less secure) or start a new server from the beginning.
Whatever happens, type the following in the terminal:
This opens a user-friendly command-line text editor, Nano. The Algo configuration file has a lot of information in it, but we are only interested in the part that says “user.” All you have to do is delete the default username (phone, laptop, desktop), and type the name for each device you want on your VPN.
For example, if I create a VPN for myself, Bill, and Mary, the configuration file might look like this:
After you name everyone, press Ctrl + O to save the file, followed by Ctrl + X to exit.
We are almost ready to take action, but Windows people must first take a small detour. WSL usually does not set the correct user permission for the Algo folder, which messes up Ansible (the Algo tool relies on deploying servers).
On WSL, type the following to return to your home directory:
Then, type the following:
chmod 755 -R ~/algo-master
To return to the Algo folder, type:
And now is the moment of truth.
From the algo-master folder, type the following in the terminal window:
Algo configuration will start running. You will know it works when asking which cloud provider I want to use. In our case, we chose number (1) for DigitalOcean.
If Algo fails, that could be some reason we can’t predict it here. If the error says your directory is “world-writable,” then follow the instructions above to change permissions.
If you get a different error, check the troubleshooting page in the Algo project repository on GitHub. You can also copy the error message and paste it on Google to search for it. You should find a forum post that will help, because it might be the first person to receive the error.
Next, you will be asked for an access token that you copied earlier from your DigitalOcean account. Copy and paste it into the terminal. You won’t see anything because Bash doesn’t display characters for password and security entry. As long as you press paste, and then press Enter, it should be fine.
If it fails, you might have just screwed up the paste, which everyone did at Bash. Just type the following to try again:
When Algo is running, answer the questions he is asking. This is all very easy, like what you want to name your server (using “algo” in the name is a good idea).
Next, it will ask if you want to enable “Connect on Demand” for Mac and iOS devices. If you don’t use one of these devices, type N for no. It will also ask if you want to save the PKI key to add more users later; generally, all types of N are here, too.
There she is! Algo will now take around 15 to 30 minutes to run and run your server.
When Algo completes its settings, the terminal returns to the command line prompt, which means VPN is ready to use. Like many commercial services, Algo uses the WireGuard VPN protocol, which is the hottest new thing in the VPN world. This is because it offers good security, higher speed, and is easier to do.
As an example of what to do next, we will activate Algo on Windows. To manage other devices, you can refer to the Algo repository on GitHub.
First, we will install a generic Windows desktop client from the WireGuard website. Next, we must feed our configuration file program for the PC. The configuration file is stored remotely in the algo-master folder at: ~ / algo-master / configs / [VPN server IP address] / wireguard /.
There are two types of files for configuring VPN client devices: .CONF and .PNG. The latter is a QR code for devices such as mobile phones, which can scan QR codes. The .CONF (configuration) file is a text file for the WireGuard desktop client.
On Mac and Ubuntu, it shouldn’t be difficult to find an algo-master folder outside the command line. On a Mac, the master is in the Home folder; just use Finder> Go> Home to get there. In Ubuntu, you can open Nautilus, and it will be in the Home folder.
On Windows, however, WSL is separate from the rest of the OS. For this reason, it’s only easier to copy these files with the command line.
Using our previous example, let’s say we want the “Mary-PC.conf” configuration file to be used on a Windows 10 PC. The command will look like this:
cp ~/algo-master/configs/[VPN server IP address]/wireguard/Mary-PC.conf /mnt/c/Users/[your Windows user account name]/Desktop/
Note the distance between Mary-PC.conf and / mnt /; that’s how Bash knows where the files to be copied are, and where they’re going. Letters are also important, so make sure you type capital letters in the specified places.
It’s normal for Windows to want to use capital C on the “C: \” drive, but not on your Bash. Also, don’t forget to replace the bits in parentheses with the actual information for your PC.
For example, if your user folder is on the “D: \” drive, not “C: \,” then replace / mnt / c / with / mnt / d /.
After the file is copied, open the WireGuard client for Windows. Click “Import Tunnels From File,” then select your configuration file on the desktop. When finished, click “Activate.”
In just a few seconds, you will be connected to your own VPN!