It’s no secret that we at BitLaunch are massive fans of VPN technology. What we’re less enthusiastic, about, however, is the predatory industry that has sprung up around it. If you search for a VPN today, you’ll be faced with options from hundreds of providers with misleading claims, sponsored reviews, and scummy payment practices.
The result is that it’s very hard to determine whether you can trust your VPN provider. Most promise that they won’t log your activity, but that’s all they’re really giving – their word. Lack of visibility, accountability and user control makes them difficult to recommend to the truly security and privacy-conscious.
Instead, we’re advocates for users setting up their own VPNs on infrastructure that they control. Algo VPN is one route to achieve that goal, but what exactly is it? How does it work, and why would you choose it over a regular install of WireGuard or OpenVPN? We’ll be answering these questions today.
What is Algo VPN?
Algo VPN is an open-source collection of scripts that helps non-technical users deploy a personal VPN. With very few pre-requisites, users can deploy a WireGuard or IKEv2/IPSEC private network on a cloud server at no additional cost.
AlgoVPN was created by Trail of Bits, a security auditor founded in 2012 that has supported Facebook, DARPA, Airbnb, Google, and more. It released Algo in 2016 in a bid to increase the ease of use of deploying a secure VPN server.
Unlike OpenVPN, Algo does not require the end-user to have any client software to utilize it. Because it allows the use of IKEv2, users can simply add their VPN details to their operating system’s settings and get started. There are plenty of other Algo VPN pros and cons listed in our full review, but for now suffice it to say that although Algo VPN’s connection speeds can be slower than the competition, its setup speed and transparency are top-notch.
How does Algo VPN work?
Algo VPN uses a set of lightweight ansible scripts to install and configure an IPSEC or WireGuard VPN, a local DNS that blocks ads, and a HTTP proxy. The scripts walk the user through the setup process in a user-friendly way, allowing you to choose which cloud provider you’ll be utilizing, whether you’d like to retain your PKI keys, and whether each user should have their own account for SSH tunneling.
Algo starts the ansible deployment, its scripts performing the following tasks in this order:
1. Installs requirements
2. Adds the server to an inventory group
3. Installs unattended upgrades
4. Configures unattended upgrades
5. Configures periodic upgrades
6. Disables the MOTD on login
7. Checks fallback resolvers are set
8. Configures loopback for services
9. Enables systemd services
10. Installs tools
11. Configures iptables
12. Tunes sysctl for VPN use
13. Installs dnscrypt proxy
14. Configures dnscrypt
15. Creates and adblock script and adds it to cron
16. Updates the DNS to use adblock hosts
17. Checks required WireGuard directories exists and installs WireGuard
18. Installs WireGuard
19. Generates WireGuard private keys and saves them
20. Generates the WireGuard public keys and saves them
21. Generates WireGuard configs and QR codes for clients
22. Installs and configures strongSwan
23. Disables unneeded strongSwan plugins
24. Builds the strongSwan CA pair + client P12’s and copies the keys to the swansong directory
25. Registers P12 payload content
26. Builds mobile configurations and client IPsec config files
27. Ensures that sshd\_config file is properly configured
28. Checks that SSH tunneling is properly congifured
29. Builds private and public SSH keys
30. Builds the client SSH config and creates authorized keys files
31. Gets a list of active users and deletes users that don’t exists
32. Dumps the config file
33. Creates a symlink
After it has finished building your VPN, and provided you chose to keep your PKI keys, Algo spits out a P12 and password and CA key. This is less secure, but allows you to create additional users even after the setup is complete.
As you can see, AlgoVPN saves you a lot of work while maintaining security and ease of use. Though not as simple as the one-click VPN setups provided by BitLaunch and other VPS providers, its transparency and publicly verifiable security make it an excellent choice for hosting your own VPS server.
If you'd like to deploy an Algo VPN on a VPS server, you can sign up to BitLaunch today for additional privacy. We won't ask for your name or your credit card details – just a username and password.