Join Scott Simpson for an in-depth discussion in this video Installing and using Algo, part of Browsing the Web Securely.
- [Instructor] Algo is a set of scripts that configure a system to act as a vpn server, using the IPSEC standard. This is something you could do manually, following many steps very carefully, but the GitHub user Trail of Bits, put together some helpful ansible scripts to do a lot of the boring work for you. As the documentation mentions, this product is under active development, so it's not a finished product. That means you may need to do some troubleshooting to get it working on your server, and you'll need to follow the directions carefully for whichever platform you end up needing to support.
In this video, I'll set up an Ubuntu server at Digital Ocean, where I can get a basic server for $5 a month. Algo needs a Linus or Mac server to host the software, and this server could be a cloud solution like Digital Ocean, Linode, AWS, or Azure. Or it could be a server in your house or business. Algo can set up a server two ways, by installing directly on the server, or by setting up a brand new server on it's own, using an API key for a cloud service. Because the setup script needs a Mac or Linux system, I'm going to install it directly on a brand new Linux server.
This is something you can do with a terminal app from any platform. If you have a Mac or Linux machine locally, you could also use it to deploy with an API key. But that approach doesn't work from Windows, so I'll use a method that will work from any platform. Wherever your server is located is where the traffic from your vpn will exit onto the internet. I'll go through the installation as outlined on the Algo GitHub site, and I'll install the resulting profiles on my iPhone and here on my Mac. Be sure to take a look at the other options if you have different needs.
This chapter will use a little bit of Linux command line work, so if you're new to that, you might want to check out our Learning Linux Command Line course, and Understanding SHH for some background there. Or if you're just interested in seeing how it works, sit back and watch. I have signed up for Digital Ocean and signed into my account, so now I'll choose, create droplet. For the distribution I'll choose the current longterm support version of Ubuntu, 16.04.2, and I'll choose the smallest size available, which is $5 a month.
That gives me 512 MB of RAM, 20GB of disc and a Terrabyte of monthly transfer. And for the region, I'll choose London. I'll scroll down and choose a host name for my system, I'll call it, my algo server, and then I'll press create. Once the droplet's been created, I'll be emailed some credentials to access it. I need to connect to the server remotely, so I'll copy the IP address, and switch to a terminal.
If you're using Windows, you could use the free putty software. I'll write ssh, and then my user name, which in this case is root, at the IP address. This is the first time I'm connecting to this IP address, so I'll accept the key by typing yes. And then I'll paste in my password. And I'm connected. The first time that I log in as root, Digital Ocean requires that I change my password, so I'll do that by pasting my current password and then setting a new one.
Then I'll clear the screen. We're ready to start following the installation steps on Algo's GitHub page. Step one is to set up an account on a cloud hosting provider. Though, because we're installing directly, we can skip this part. I already have a server, and we're not going to let Algo set up yet another server. Step two is to download Algo. The easiest way to do that is to scroll to the top here, click on clone or download, and copy the repository URL. Then I'll move back to my server and type git clone, and paste the upository URL.
Now I have a copy of the software on my system. I'll move into that folder and we can take a look around. Step three is to install some dependencies. And I'll copy this snippet here, what it will do is update the list of packages that the system knows about and then install some software development tools, including build essential, some tools for ssl, and some Python tools. I'll paste that at my command line here, and press enter. Once that's installed, we're ready for the next step.
That's to install some more dependencies using Python. I'll copy this snippet and paste it here in the command line. I'll clear the screen and then let's see what the next step is. That's to open the file config.cfg and specify some users. Here at the terminal, I'll write nano, config.cfg and instead of creating the users Dan and Jack, I'll create one user with my user name.
As the file says, credentials will be generated for each user that you list here, one per line. I'll save the file with control O, enter and then I'll exit nano with control X. And the final step is to start the deployment. To do that, I'll run ./algo. So I'll write that here. ./algo and asked which provider I'd like to use. These first four options will go out and set up a brand new instance on one of these cloud platforms, so what I want to do is, use option five here, to install to the existing server.
I'll write five and press enter. I'm prompted for the IP address of my server, but because I'm using a local installation, I'll write local host, the system tells me I can ignore this prompt if I'm deploying to local host, so I'll press enter, and here I'll put in the public IP address of the server. I can get that from my dashboard, and I'll paste it here. Was this server deployed by Algo previously? No. The next two prompts ask if I want to enable Apple clients to connect on demand on a cellular network? Yes, and on a wi-fi network, then I can add names of wi-fi networks that are trusted, where the on demand vpn won't trigger, but I'll leave that blank for now.
Then I'm asked if I want to try and block adds while surfing? That sounds handy, I'll say yes. And do I want each user to have their own account for ssh tunneling? Not right now, we won't be going over that in this video. And do I want to apply operating system security enhancements? Because this changes the way that ssh works, I'm going to say no. Do I want to support Windows 10 clients? This requires some additional information, and for now, I'll say no. If I plan to add users in the future, I need to retain the CA, or certificate authority key, but I don't plan to add any users, so I'll choose no, and then Algo starts setting up the server, when the process finishes, I'm shown a little message, it tells me the that the configuration files and certificates are in the configs directory.
And it gives me a password that I may need to use later. So I'll write that down. Let's take a look at where these configurations are. I'll write cd configs to move into the configs directory, and let's see what's there. I see that I have a folder here with the IP address of my system, so let's move inside there, and take a look around. Here are my configuration files for different platforms. But how do we get these out to our clients? Well, on a Mac or Linux machine, we can copy them pretty easily.
Let's make a note of this path here. I'll copy it starting at Algo. And then I'll disconnect from my server. Here on my local machine, I'll create a folder to hold these configurations with mkdir, algo-files. And then I'll write scp for secure copy. And type my user name at my IP address, and then I'll write a colon, which represents the users home folder, and paste the path. Then I'll add slash and a star to specify all the files in that folder, and I'll tell scp to copy all those into the Algo files folder.
I'll paste in my password, and here come the configurations. I'll open up this folder, here's the mobile config file that I need to send to my mobile device. You could send this in various ways, you could email it or send it through a message, or use a platform specific feature, like AirDrop. I've opened up AirDrop, and there's my phone. I'll drag the mobile config file onto it.
Here on my iPhone, I'm prompted to install that profile, so I'll choose install and then I'll enter the device password, I'm given some warnings here, but I'm okay with these, so I'll choose install. And then I'll choose install again. Now the profile has been installed. I'll choose done, and here under settings, general, in the profiles and device management section, I can see that that configuration profile is here. I also see that I've been connected to the vpn.
Back in the settings app, here at the top, I can choose vpn, here's my Algo vpn. and if I choose the blue information button, I can find out some more information. When I'm done using this, I can turn off connect on demand. If I needed to distribute these files to other clients, I could do that as well. Back here at the terminal, I'll reconnect to my server with ssh, my user name at my IP address. The service that Algo starts up is called strongswan, and we can see it's status with system ctl status strongswan, and if we wanted to, we could enable it or disable it to determine whether it starts on boot.
And we can start and stop it here too, if we want to temporarily change whether it's running.
- Selecting a VPN provider
- Installing a VPN
- Setting up your own personal VPN
- Browsing the internet with Tor