As a quick refresher, a VPN encrypts your data before it leaves your device, then that data stays encrypted while it travels through your local network and internet service provider (ISP) until it’s eventually decrypted by the VPN server. In this case, you’ll be installing VPN software onto a web service.
Commercial VPNs are easier to set up and while this project isn’t terribly complicated, you do need to be somewhat technically inclined to do it. Since a poorly set up VPN is useless, I’d recommend sticking with a commercial option from a well-known company, like Private Internet Access, SlickVPN, NordVPN,Hideman, or Tunnelbear if you’re not comfortable setting this up for yourself. For the rest of us comfortable with a little command line usage, let’s get going.
What You Get
Namely, you’ll get a free VPN out of this. That means a secure, encrypted connection between your computer or mobile device and the internet at large. If you’re annoyed that your ISP can see everything you do online or you want a secure connection to the internet when you’re out at coffee shops, then you want to use a VPN.
We’ve highlighted many public VPN providers over the years, including most recentlyPrivate Internet Access, but one general catch with any provider is that it’s hard to tell how loyal they’ll be at keeping your private data private. So, the next logical step is to make your own. There are a few different projects out there for doing so, but I settled on Algo because it seems to be the simplest of the bunch. It installs VPN software on one of several different cloud competing services and you can connect to it from any computer you have.
There are a few other options out there, including Streisand, which takes the VPN idea a step further by also integrating a Tor bridge and a few other privacy-focused features. Streisand is great, but it’s overkill for most of us. However, if you’re more interested in the extra privacy and security features in Streisand, the first set up process for both is also nearly identical, so the first step in this guide will get you through the confusing part of setting up the Amazon EC2 service. After that, follow the Streisand instructions for your operating system.
Finally, before we get started here, Algo does not anonymize your web browsing, nor does it protect you from legal or government entities getting your data. A government could theoretically ask the hosting provider, Amazon in this case, for your billing information. That means your traffic could be traced back to you. They can do this with any commercial VPN providers too, of course. However, at least the VPN portion of this is entirely in your own care. It’s also relatively disposable, so you can set up or destroy this sucker pretty quickly once you get the hang of the process.
Regardless, Algo secures and encrypts your connection, which is plenty for most of us. If you’re uncomfortable shelling out the cash to an anonymous, random VPN provider, this is the best solution.
There are some limitations here though. First off, you get 750 hours per month, which should be more than enough for one device, but might add up if you have multiple devices. Second, you’re limited to 15GB of bandwidth per month, if you download a lot of large files, this may not be enough. Third, after the year is up, the price switches over to an hourly rate. Still, most people shouldn’t expect to pay more than $10-$11/month.
If this unpredictability is annoying and you’d rather skip the free year in favor of something more reliably priced, I suggest using DigitalOcean’s $5/month tier instead. DigitalOcean’s set up is considerably easier too. Create a new Droplet with the default settings, then click the API tab and generate a new token. You’ll need that number during the Algo installation process. After that, you can just skip down to the Algo step below.
But, we all love free, so let’s continue on with Amazon:
Head to the Amazon Web Services site and create a free account. You can link your current Amazon account to your web services account if you want.
Once you’re logged in, Click Services > IAM. It’s located under the Security, Identity, & Compliance tab.
Click the Users tab on the left.
Click Add User.
Create a user name, then click the box next to Programmatic Access. Then click Next.
Click Attach existing policies directly.
Type in “admin” to search through the policies. Find “AdministratorAccess” and click the checkbox next to that. Click Next when you’re done.
On the final screen, click the Download CSV button. This file includes a couple numbers and access keys you’ll need during the Algo set up process. Click Close and you’re all set.
Now, your little free tier service is up and running on Amazon. It’s time to install Algo.
Step Two: Download and Install Algo
Next up, we’ll install Algo. You’ll do this using the command line on your Windows, Mac, or Linux computer at home. If you’re on Linux or Mac, go ahead and skip down to part two below. If you’re on Windows, continue on.
Part One: Windows Users (Mac Users Can Skip This Step)
Windows users will need to install the Windows Subsystem for Linux for Algo to work, which is only available on Windows 10. Here’s what you need to do:
Click Update & Security, then click For Developers.
Set the Developers mode option to enabled.
After everything installs, click Control Panel, then select Programs.
Click Turn Windows features on or off.
Scroll down and then the box next to Windows Subsystem for Linux, then click OK. Windows will install the software, then reboot.
Now, you have the Linux Bash installed. Click the Start menu and type in “Bash.” You’ll be asked a few more questions. Answer those, then Windows will install another set of software. Finally, once that’s complete, you’ll be at the command line. Type this in, then press enter:
Once that’s complete, type in: git clone && cd algo and press Enter. Once that’s done, skip down to step five on Part Two below.
Part Two: Install Algo
On Mac you can install Algo easily. However, depending on which version of Linux you’re running, you’ll have a different set of commands here. You can figure out which you need for Linux here.
One a Mac, download Algo and unzip the file wherever you want on your machine. This creates a folder called algo-master.
Open Terminal, then type in cd followed by the “algo-master” directory location. If you’re not sure of this, type in cd, then drag and drop the algo-master directory into Terminal. It’ll auto-fill the location, resulting in something like, cd /Users/jimbojones/Documents/algo-master.
Type in python -m ensurepip --user and press Enter.
Type in python -m pip install --user --upgrade virtualenv and press Enter.
Type in python -m virtualenv env && source env/bin/activate && python -m pip install -r requirements.txt and press Enter. If you haven’t installed the cc command line tools before, you’ll get a prompt to do so. Go ahead and agree.
Type in sudo nano config.cfg and press Enter. This opens up a text editor. Under users, type the the name of any users you’d like to create. These are all the different people you want to have access to your VPN, so make a few of them if you’re sharing with friends or on multiple devices. When you’re done, press Ctrl+X to save and exit.
Type in ./algo to start the installation process. The installation script asks you a series of questions.
For the provider, type in 2 for Amazon EC2 (unless you went with a different provider). Type any name for your VPN and choose the server location (I suggest sticking to the closest available server).
Next, you need to grab your AWS Access Key and your AWS Secret Key. Remember that credentials CSV file you downloaded from Amazon in the previous step? That includes both of these numbers. Go ahead and copy/paste each number from that file when you’re asked.
Next up, Algo asks you about VPN On Demand. I answered Yes to both questions. This makes it so your Apple devices automatically connect to the VPN. Otherwise, you have to enable them manually each time. I also recommend saying Yes to the security enhancements, HTTP proxy, and local DNS resolver. The rest of the options are entirely up to you, you can say no to everything and your VPN will still work fine.
Finally, after all that, Algo will go off into the world and install itself on your provider, then set up a ton of different services, eventually giving you the go-ahead that it’s complete. Your VPN is now up and running. You need to connect your devices to it in order to use it.
Configure Your Devices for your VPN
In order to connect to your VPN, you need to install a profile or certificate on each device you want to connect to the VPN from. This is more complicated for some operating systems then it is for others. Either way, all the files you need are in that “algo-master” directory inside the “configs” folder.
Set Up Your VPN on Apple Devices
Inside the “configs” folder, you’ll find a .mobileconfig file. On Mac, double-click that file to install the profile on your Mac. To install the profile on an iPhone or iPad, you can either Airdrop that same file from your Mac to your iOS device, email it to yourself, or upload it to cloud service like iCloud or Dropbox and open it from there. You’ll be asked to confirm the profile installation, and from then on, you’ll be connected to that VPN. You can disconnect by simply deleting the profile.
Set Up Your VPN on Android Devices
On Android, you need to first install the strongSwan VPN Client app. Then, copy the P12 file inside the Configs folder over to your Android device and open it in strongSwan. Follow the directions from there to set it up. If you need help, this guide will walk you through each part.
Set Up Your VPN on Windows
This process is rather complicated on Windows, but it’s still doable.
Head to the “configs” folder, then copy the PEM, P12, and PS1 files to your Windows machine.
Double-click the PEM file to import it to the Trusted Root certificate store.
Open the Powershell application, then navigate to the folder with the files you copied in step one a second ago.
Type in, Set-ExecutionPolicy Unrestricted -Scope CurrentUser and press Enter.
Type in the name of your Powershell script and press Enter. This will be something like windows_$usernameyoumadeup.ps1. Follow the directions on screen.
Finally, when that’s complete type in Set-ExecutionPolicy Restricted -Scope CurrentUser and press Enter.
Your VPN should now be set up.
Once you have everything set up, follow our guide to test to make sure your VPN is working properly.