- Account on the Digital Ocean
- SSH
- WireGuard VPN client
- Create or choose a team
- Create new project
- Open page with creating droplet:
- Choose region. Closest to you is the best option. Now ()
- Choose OS - Ubuntu. Version 20.04 (LTS) v64 is guaranteed to work.
- Droplet type - Basic
- CPU options - Regular >> 6$/month (1GB / 1 CPU, 10Gb SSD, 1 TB transfer)
- Authentication method - SSH >> Add new SSH or choose existing one
- Give any useful name for hostname
- Configure DigitalOcean firewall for using with Algo: LINK. To configure the DigitalOcean firewall, go to Networking, Firewalls, and choose Create Firewall
- Configure your Inbound Rules as follows:
- SSH - TCP - 22
- Custom - TCP - 4160
- Custom - UDP - 500
- Custom - UDP - 4500
- Custom - UDP - 51820
- Leave the Outbound Rules at their defaults.
- Under Apply to Droplets enter the tag of your droplet to apply this firewall to Algo VPN you create (Environment:Algo).
- Configure your Inbound Rules as follows:
- Connect to the droplet using ssh with IP of your droplet istead of 000.0.000.0:
ssh [email protected]
The very first time when you connect you’ll be asked if you’re sure you want to continue connecting. You can type yes and then press ENTER:
The authenticity of host '104.248.255.83 (104.248.255.83)' can't be established.
ED25519 key fingerprint is SHA256:sahj7FrFpuhE+hETvuilHWxgFfrhJMMRRyZtRMvyOJ4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
-
Run the following commands inside your VM to update its OS and install Algo VPN core prerequisites:
apt -y update apt -y upgrade apt install -y --no-install-recommends python3-virtualenv -
Reboot the VM by typing:
reboot -
Get the latest version of Algo VPN to the droplet and prepare to install:
git clone https://github.com/trailofbits/algo cd algo python3 -m virtualenv --python=/usr/bin/python3 .env source .env/bin/activate python3 -m pip install -U pip virtualenv python3 -m pip install -r requirements.txt -
Configure Algo:
- Open in Nano to edit the config.cfg file in the ~/algo directory:
nano config.cfg- Replace default users phone, laptop, and desktop with your own (at least two users)
users: - kolebakin-mac - kolebakin-phone- To improve your server's security posture, consider setting enabling the unattended_reboot option so it looks like this:
unattended_reboot: enabled: true time: 04:00 -
After saving the file and exiting the text editor, execute the following command in the ~/algo directory to install Algo software:
./algo- Answer to questions during installing:
- What provider would you like to use?
1. DigitalOcean - Name the vpn server - default Algo - or any you want
- Do you want macOS/iOS clients to enable "Connect On Demand" when connected to cellular networks?
y - Do you want macOS/iOS clients to enable "Connect On Demand" when connected to Wi-Fi?
y - Do you want to retain the keys (PKI)? (required to add users in the future, but less secure)
y - Do you want to enable DNS ad blocking on this VPN server?
y - Do you want each user to have their own account for SSH tunneling?
N - Enter your API token. The token must have read and write permissions (https://cloud.digitalocean.com/settings/api/tokens) - generate new or copy from token secret place
- What region should the server be located in? - Choose the region of droplet
- What provider would you like to use?
- Be patient during installation!! It will take about 10 minutes.
- When installation is done you will see message like this:
"msg": [ [ "\"# Congratulations! #\"", "\"# Your Algo server is running. #\"", "\"# Config files and certificates are in the ./configs/ directory. #\"", "\"# Go to https://whoer.net/ after connecting #\"", "\"# and ensure that all your traffic passes through the VPN. #\"", "\"# Local DNS resolver 100.24.117.23, fd10::8:7777 #\"", "" ], " \"# The p12 and SSH keys password for new users is KOTqMq1kc #\"\n", " \"# The CA key password is Mucqh9914I6a77gFA #\"\n", " \"# Shell access: ssh -F configs/100.99.240.100/ssh_config algo #\"\n" ]
- Answer to questions during installing:
-
Algo saves config files for all users in the folder:
~/algo/configs/{your-server-IP}/wireguardCheck the path of this folder, because IP of droplet and IP of the Algo server will be different. So, you can copy this file from VM to your Desktop it using this command in the Mac terminal:scp root@{your-droplet-IP}:/root/algo/configs/{your-algo-server-IP}/wireguard/{your-vpn-username}.conf ~/Desktop -
Go to the Wireguard. Click Import tunnel from file... Choose your configuration file and click Import. After it you can Activate your own VPN tunnel.
-
Check that Firewall (Networking/Firewall) is working for Droplet with Algo server!
-
To check that your vpn work properly:
- IP Address Test. Go to https://whoer.net/ to compare the IP Address information before and after activating the VPN connection. If there is no difference and the client IP is still exposed even after activating the VPN, then the test fails.
- DNS Leak Test. Once connected, you can head over to https://dnsleaktest.com/ and select Extended Test to make sure your DNS is not leaking. You should see your DNS provider as CloudFlare with the IP address and location of the server you have chosen using your VPN service. If the client’s original IP address and location are displayed in the DNS Leak Test then you have a leak and the test fails.
- WebRTC Test. Now, for a third and more general test, visit https://ipleak.net/ and check the Web RTC detection section to make sure the client’s IP address isn’t leaking.
- Internet Speed Test (Optional) Visit https://fast.com/ to check and compare your internet speed before and after activating VPN.