Algo VPN is an open-source software bundle or set of Ansible script that is used to set up a WireGuard and IPsec VPN. It was designed by Trail of Bits to make the VPN installation process simple yet secure. Algo VPN allows you to connect from any device including, Windows, Linux, OSX, Android, and iOS. Algo VPN supports many cloud provides including, Amazon, Google cloud, Vultr, DigitalOcean, Scalway, Linode and OpenStack.
In this tutorial, we will show you how to set up a VPN server with Algo VPN on Ubuntu 20.04 server.
Prerequisites
- A server running Ubuntu 20.04.
- A root password is configured the server.
Getting Started
First, update your system packages to the latest version using the following command:
apt-get update -yOnce all the packages are updated, install other dependencies with the following command:
apt-get install git apparmor build-essential python3-dev python3-pip python3-setuptools python3-virtualenv libffi-dev libssl-dev -yNext, you will need to disable the name resolution service for dnsmasq to work. You can disable it with the following command:
systemctl disable systemd-resolved
systemctl stop systemd-resolved
unlink /etc/resolv.conf
echo "nameserver 8.8.8.8" > /etc/resolv.confOnce you are finished, you can proceed to the next step.
Install and Configure Algo VPN
First, download the latest version of Algo VPN from the Git repository using the following command:
git clone https://github.com/trailofbits/algo.gitNext, change the directory to the downloaded directory and create a Python virtual environment with the following command:
cd algo
python3 -m virtualenv --python=/usr/bin/python3 .envNext, activate the Virtual environment with the following command:
source .env/bin/activateNext, install the required dependencies with the following command:
python3 -m pip install -U pip virtualenv
python3 -m pip install -r requirements.txtOnce all the dependencies are installed, install the Algo VPN by running the following command:
./algoYou will be asked to choose Cloud provider as shown below:
TASK [Set required ansible version as a fact] *************************************************************************************************
ok: [localhost] => (item=ansible==2.9.7)
TASK [Verify Python meets Algo VPN requirements] **********************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
TASK [Verify Ansible meets Algo VPN requirements] *********************************************************************************************
ok: [localhost] => {
"changed": false,
"msg": "All assertions passed"
}
[WARNING]: Found variable using reserved name: no_log
PLAY [Ask user for the input] *****************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [localhost]
[Cloud prompt]
What provider would you like to use?
1. DigitalOcean
2. Amazon Lightsail
3. Amazon EC2
4. Microsoft Azure
5. Google Compute Engine
6. Hetzner Cloud
7. Vultr
8. Scaleway
9. OpenStack (DreamCompute optimised)
10. CloudStack (Exoscale optimised)
11. Linode
12. Install to existing Ubuntu 18.04 or 20.04 server (for more advanced users)
Enter the number of your desired provider
:
12
Type 12 and hit Enter to setup Algo VPN on Ubuntu 20.04 server. You will be asked for several questions as shown below:
TASK [Set facts based on the input] ***************************************************************************************************************************************************************************************
ok: [localhost]
[Cellular On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to cellular networks?
[y/N]
:y
TASK [Cellular On Demand prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Wi-Fi On Demand prompt]
Do you want macOS/iOS IPsec clients to enable "Connect On Demand" when connected to Wi-Fi?
[y/N]
:y
TASK [Wi-Fi On Demand prompt] *********************************************************************************************************************************************************************************************
ok: [localhost]
[Trusted Wi-Fi networks prompt]
List the names of any trusted Wi-Fi networks where macOS/iOS IPsec clients should not use "Connect On Demand"
(e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
:HomeNet
TASK [Trusted Wi-Fi networks prompt] **************************************************************************************************************************************************************************************
ok: [localhost]
[Compatible ciphers prompt]
Do you want the VPN to support Windows 10 or Linux Desktop clients? (enables compatible ciphers and key exchange, less secure)
[y/N]
:y
TASK [Compatible ciphers prompt] ******************************************************************************************************************************************************************************************
ok: [localhost]
[Retain the CA key prompt]
Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]
:y
TASK [Retain the CA key prompt] *******************************************************************************************************************************************************************************************
ok: [localhost]
[DNS adblocking prompt]
Do you want to install an ad blocking DNS resolver on this VPN server?
[y/N]
:y
TASK [DNS adblocking prompt] **********************************************************************************************************************************************************************************************
ok: [localhost]
[SSH tunneling prompt]
Do you want each user to have their own account for SSH tunneling?
[y/N]
:N
Enter the IP address of your server: (or use localhost for local installation):
[localhost]
:
localhost
TASK [local : pause] **************************************************************************************************************************
ok: [localhost]
TASK [local : Set the facts] ******************************************************************************************************************
ok: [localhost]
[local : pause]
What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
[root]
:
root
Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
[45.58.38.120]
Once the installation has been completed successfully, you should get the following output:
TASK [debug] **********************************************************************************************************************************
ok: [localhost] => {
"msg": [
[
""# Congratulations! #"",
""# Your Algo server is running. #"",
""# Config files and certificates are in the ./configs/ directory. #"",
""# Go to https://whoer.net/ after connecting #"",
""# and ensure that all your traffic passes through the VPN. #"",
""# Local DNS resolver 172.18.7.104 #"",
""
],
" "# The p12 and SSH keys password for new users is 7OEfSUZt0 #"n",
" "# The CA key password is [email protected] #"n",
" "
]
}
PLAY RECAP ************************************************************************************************************************************
localhost : ok=125 changed=39 unreachable=0 failed=0 skipped=53 rescued=0 ignored=0
After the installation, you should see the configuration file for each VPN profile using the following command:
ls configs/your-server-ip/wireguard/You should see all the profile in the following output:
apple desktop.conf desktop.png laptop.conf laptop.png phone.conf phone.png user1.conf user1.png
You can use any of the above files on your client device to connect to the Algo VPN server.
Conclusion
Congratulations! you have successfully installed and configured Algo VPN on Ubuntu 20.04 server. You can now configure your Windows, Linux or Android device to connect to the Algo VPN server.
About Hitesh Jethva
Over 8 years of experience as a Linux system administrator. My skills include a depth knowledge of Redhat/Centos, Ubuntu Nginx and Apache, Mysql, Subversion, Linux, Ubuntu, web hosting, web server, Squid proxy, NFS, FTP, DNS, Samba, LDAP, OpenVPN, Haproxy, Amazon web services, WHMCS, OpenStack Cloud, Postfix Mail Server, Security etc.
