- Like
- SHARE
- Digg
- Del
- Tumblr
- VKontakte
- Flattr
- Buffer
- Love This
- Save
- Odnoklassniki
- Meneame
- Blogger
- Amazon
- Yahoo Mail
- Gmail
- AOL
- Newsvine
- HackerNews
- Evernote
- MySpace
- Mail.ru
- Viadeo
- Line
- Comments
- Yummly
- SMS
- Viber
- Telegram
- JOIN
- Skype
- Facebook Messenger
- Kakao
- LiveJournal
- Yammer
- Edgar
- Fintel
- Mix
- Instapaper
- Copy Link
Companies all over the world sell VPN services to secure your online activity, but can you really trust a VPN provider? If you want, you can create your own virtual private network with the open-source Algo software, and the cloud-hosting provider of your choice.
VPNs and Trust
Regardless of what the privacy policy says or boasts about security audits on a company blog, thereās nothing stopping a VPN from monitoring everything you do online. In the end, choosing a VPN serviceĀ all comes down to trust.
If trusting faceless online services isnāt your thing, one alternative is to run your own VPN server. This used to be a daunting task, but thanks to the open-source project Algo from security company Trail of Bits, creating your own VPN is now easy.
For $5 per month, you can run and control your own full-time VPN server. Even better, you can use Algo to set up and tear down VPN servers as you need them, and save money in the process.
To set-up Algo, you have to use the command line. If thatās off-putting, donāt worryāweāll walk you through every step.
These instructions might seem like a lot, but thatās only because weāre explaining as much as we can. Once youāve created a VPN with Algo a few times, it shouldnāt take very long at all. Plus, you only have to set up Algoās installation environment once. After that, you can create a new VPN server with a few keystrokes.
But can you trust that Algoās scripts arenāt doing anything untoward? Well, the good news is Algoās code is public on GitHub for anyone to look at. Plus, many security experts are interested in the Algo project, which makes misdeeds less likely.
RELATED: What Is a VPN, and Why Would I Need One?
What Algo Can (and Canāt) Do
A VPN is a good way to protect your online activityāespecially on a public Wi-Fi network in an airport or coffee shop. A VPN makes web browsing more secure and stymies any malicious actors who might be on the same local Wi-Fi network.Ā A VPN can also help if your ISP restricts certain kinds of traffic, like torrents.
But watch out, pirates! Downloading booty through your own VPN isnāt a good idea, as the activity can more easily be traced back to you.
Also, if you wanna watch Netflix over your VPN, youāll have to look elsewhereāAlgo doesnāt work with it. However, there are many commercial services that do support Netflix.
Prerequisites for Algo
To get an Algo VPN server up and running, you need a Unix Bash shell. On a Mac or Linux system, you can use your Terminal program, but on Windows, youāll have to activate the Subsystem for Linux. HereāsĀ how to install and use the Linux Bash shell on Windows 10.
Youāll also need an account at a cloud server hosting provider. Algo supports all of the following:
- DigitalOcean
- Amazon Lightsail
- Amazon EC2
- Vultr
- Microsoft Azure
- Google Compute Engine
- Scaleway
- Hetzner Cloud
- It also installs to OpenStack and CloudStack instances.
If youāve never used any of these services, we recommend DigitalOcean, as itās very user-friendly. Itās also the service weāre using in this tutorial. The process will be a bit different if you use a different provider.
When your DigitalOcean account is ready to go, sign in, and then, from the primary dashboard, select āAPIā from the left rail under the āAccountā heading.
On the next page, click āGenerate New Token.ā An access token is a long string of letters and numbers that permits access to account resources without a username and password. Youāll need to name the new token. Generally, itās a good idea to name it after the application youāre using, such as āalgoā or āian-algoā (if your first name happens to be Ian).

After the new token is generated, copy and paste it into a text document on your desktop. Youāll need it in a few minutes.
Setting Up Your Environment
Back on your desktop, open a fresh terminal window, type cd
Ā (for āchange directory,ā which is what folders are called in the Unix world), and hit Enter. This will ensure youāre working from the terminalās home directory.
At this writing, Algo requires Python 3.6 or later. Type the following into your terminal program:
python3 --version
If you get a response likeĀ Python 3.6.9
, youāre good to go; if not, youāll have to install Python 3.
To install Python 3 on Mac, you can use the Homebrew package manager. When Homebrewās ready to go, type the following command in a Terminal window:
brew install python3
If youāre using Ubuntu Linux or WSL on Windows, they should have Python 3 by default. If not, installation methods vary depending on your version of Linux. Search online for āinstall Python 3 on [insert your version of Linux here]ā for instructions.
Next, you need to install Python3ās Virtualenv to create an isolated Python environment for Algo. Type the following in Bash on a Mac:
python3 -m pip install --upgrade virtualenv
On Ubuntu Linux and WSL, the command is the following:
sudo apt install -y python3-virtualenv
Note that weāre tailoring this tutorial for Ubuntu and related distributions, but these instructions will also work for other versions of Linux with some minor alterations. If youāre using CentOS, for example, youād substitute the instructions using apt
with dnf
.
Next, we need to download Algo with the wget
command. Macs donāt have wget
installed by default, so to get it via Homebrew, type the following:
brew install wget

Now, letās download Algoās files:
wget https://github.com/trailofbits/algo/archive/master.zip
After wget
finishes, there will be a compressed file called āmaster.zipā in your terminalās home directory; letās check that with ls
.
If you see āmaster.zipā in the list of files and folders that appears, youāre good to go. If not, try running wget
again.
Now, we need to unzip the file, so we type the following:
unzip master.zip
After thatās done, hit ls
again. You should now see a new folder in your home directory called āalgo-master.ā
Weāre almost ready for action, but first, we need to set up our isolated environment and install a few more dependencies. This time weāll work inside the āalgo-masterā folder.
Type the following to switch to the folder:
cd ~/algo-master
Make sure youāre there with this command:
pwd
This stands for āprint working directory,ā and it should show you something like /home/Bob/algo-master
or /Users/Bob/algo-master
. Now that weāre in the right place, letās get everything ready.
Either copy and paste or type the command below on a single line (donāt press Enter until the end):
python3 -m virtualenv --python="$(command -v python3)" .env && source .env/bin/activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt
This triggers a whole lot of action inside the Algo directory to prepare to run.
Next, you have to name your users for the VPN. If you donāt name all of them now, youāll either have to hold onto the security keys (which is less secure) or start a new server from scratch later on.
Either way, type the following in terminal:
nano config.cfg
This opens the user-friendly command-line text editor,Ā Nano. The Algo config file has a lot of information in it, but weāre only interested in the part that says āusers.ā All you have to do is remove the default usernames (phone, laptop, desktop), and type a name for each device you want on your VPN.
For example, if Iām creating a VPN for myself, Bill, and Mary, the config file might look like the following:
users:
- Ian_PC
- Bill_Mac
- Mary_PC
- Ian_Android
- Bill_iPhone
- Mary_iPhone
Once youāve named everyone, press Ctrl+O to save the file, followed by Ctrl+X to exit.
Weāre almost ready for action, but first Windows folks need to take a little detour. WSL usually doesnāt set the correct user permissions for the Algo folder, which upsets Ansible (the tool Algo relies on to deploy a server).
On WSL, type the following to go back to your home directory:
cd
Then, type the following:
chmod 755 -R ~/algo-master
To go back to the Algo folder, type:
cd ~/algo-master
Running Algo
And now is the moment of truth.
From the algo-master
folder, type the followingĀ in the terminal window:
./algo
The Algo configuration should start running. Youāll know itās working when it asks which cloud provider youād like to use. In our case, we select the number (1) for DigitalOcean.
If Algo fails, it could be a number of reasons we canāt possibly predict here. If the error says your directory is āworld write configurable,ā then follow the instructions above for changing permissions.
If you get a different error, check the troubleshooting page in the Algo project repository on GitHub. You can also copy the error message and paste it in Google to search for it. You should find a forum post that will help, as itās unlikely youāre the first person to receive that error.
Next, youāll be asked for the access token you copied earlier from your DigitalOcean account. Copy and paste it into terminal. You wonāt see anything because Bash doesnāt display characters for password- and security-phrase entries. As long as you hit paste, and then press Enter, though, it should be fine.
If it fails, you might have just messed up the paste, which everyone does in Bash. Just type the following to try again:
./algo
When Algo is running, answer the questions it asks. These are all pretty straightforward, like what you want to name your server (using āalgoā in the name is a good idea).
Next, it will ask if you want to enable āConnect on Demandā for Mac and iOS devices. If youāre not using any of those devices, type N for no. It will also ask if you want to keep the PKI keys to add more users later; generally, youāll type N here, as well.
Thatās it! Algo will now take about 15 to 30 minutes to get your server up and running.
Using Algo
When Algo finishes its setup, the terminal returns to a command-line prompt, which means the VPN is ready to go. Like a lot of commercial services, Algo uses the WireGuard VPN protocol, which is the hottest new thing in the world of VPNs. This is because it offers good security, greater speeds, and is easier to work with.
As an example of what to do next, weāll activate Algo on Windows. To set up other devices, you can refer to the Algo repository on GitHub.
First, weāll install the generic Windows desktop client from the WireGuard site. Next, we have to feed the program our config file for the PC. The configuration files are stored deep in the algo-master folder at: ~/algo-master/configs/[VPN server IP address]/wireguard/
.
There are two types of files for configuring VPN client devices: .CONF and .PNG. The latter are QR codes for devices like phones, that can scan QR codes. The .CONF (configuration) files are text files for the desktop WireGuard clients.
On Mac and Ubuntu, it shouldnāt be hard to find the algo-master
folder outside of the command line.Ā On Macs,Ā algo-master
is in the Home folder; just useĀ Finder > Go > Home to get there. On Ubuntu, you can open Nautilus, and itāll be in the Home folder.
On Windows, however, WSL is separate from the rest of the OS. For this reason, itās just easier to copy the files over with the command line.
Using our previous example, letās say we want the āMary-PC.confā configuration file to use on a Windows 10 PC. The command would look something like this:
cp ~/algo-master/configs/[VPN server IP address]/wireguard/Mary-PC.conf /mnt/c/Users/[your Windows user account name]/Desktop/
Note the space between Mary-PC.conf
and /mnt/
; thatās how Bash knows where the file to be copied is located, and where itās going. Case also matters, so make sure you type capitals where specified.
Itās natural on Windows to want to capitalize the C in āC:ā drive, but in Bash you donāt. Also, donāt forget toĀ replace the bits in brackets with the actual information for your PC.
For example, if your user folder is on the āD:ā drive, not the āC:,ā then replace /mnt/c/
with /mnt/d/
.
Once the file is copied, open the WireGuard for Windows client. Click āImport Tunnels From File,ā and then select your configuration file on the desktop. After thatās done, click āActivate.ā
In just a few seconds, youāll be connected to your very own VPN!