How to create your own VPN Service

How to create your own VPN Service

create and use your own VPN

·

9 min read

Using VPN doesn’t make you completely anonymous

when you connect your computer or phone to a VPN server, you establish an encrypted tunnel between your device and that server. Nobody can see what’s happening in the middle of this tunnel, not even your ISP. And yet, it doesn’t make you magically anonymous. You’re just moving the risk down the VPN tunnel as the VPN company can see all your internet traffic. In fact, many of them sell your data to scammers and advertisers that's why you should have your VPN

why we need VPN??

But VPNs can be useful from time to time. Sometimes you can’t access a website from a public network because it’s blocked. Or you could be traveling to China and you want to be able to access your Gmail account. In those cases, it’s all about minimizing the risk while you use a VPN.

In this tutorial, I will walk you through, how can you make your own VPN service

  1. Create an account on a cloud hosting provider like AWS, GoogleCloud, DigitalOcean

  2. Download Algo VPN on your local computer, unzip it

3.Install the dependencies with the command lines on this page

4.Run the installation wizard

5.Double click on the configuration profiles in the configs directory

Deploy the Algo VPN Server on Cloud Instances

  1. Setup an account on a cloud hosting provider. Algo supports DigitalOcean (most user friendly), Amazon Lightsail, Amazon EC2, Vultr, Microsoft Azure, Google Compute Engine, Scaleway, DreamCompute, Linode, or other OpenStack-based cloud hosting, Exoscale or other CloudStack-based cloud hosting, or Hetzner Cloud.
  1. Get a copy of Algo. The Algo scripts will be installed on your local system. There are two ways to get a copy:

  2. Download the ZIP file. Unzip the file to create a directory named algo-master containing the Algo scripts.

  3. Run the command

git clone https://github.com/trailofbits/algo.git

to create a directory named algo containing the Algo scripts.

  1. Install Algo's core dependencies. Algo requires that Python 3.6 or later and at least one supporting package are installed on your system.

  2. Install Algo's remaining dependencies. You'll need to run these commands from the Algo directory each time you download a new copy of Algo. In a Terminal window cd into the algo-master (ZIP file) or algo (git clone) directory and run:

python3 -m virtualenv --python="$(command -v python3)" .env &&
  source .env/bin/activate &&
  python3 -m pip install -U pip virtualenv &&
  python3 -m pip install -r requirements.txt
  1. Set your configuration options. Open the file config.cfg in your favorite text editor. Specify the users you wish to create in the users list. Create a unique user for each device you plan to connect to your VPN. If you want to be able to add or delete users later, you must select yes at the Do you want to retain the keys (PKI)? prompt during the deployment. You should also review the other options before deployment, as changing your mind about them later may require you to deploy a brand new server.

  2. Start the deployment. Return to your terminal. In the Algo directory, run ./algo and follow the instructions. There are several optional features available. None are required for a fully functional VPN server. These optional features are described in greater detail in here

That's it! You will get the message below when the server deployment process completes. Take note of the p12 (user certificate) password and the CA key in case you need them later, they will only be displayed this time.

You can now set up clients to connect to your VPN. Proceed to Configure the VPN Clients below.

image.png

Configure the VPN Clients to use VPN service In your devices

apple devices WireGuard is used to provide VPN services on Apple devices. Algo generates a WireGuard configuration file, wireguard/.conf, and a QR code, wireguard/.png, for each user defined in config.cfg.

android devices WireGuard is used to provide VPN services on Android. Install the WireGuard VPN Client. Import the corresponding wireguard/.conf file to your device, then setup a new connection with it. See the Android setup instructions for more detailed walkthrough.

Windows devices WireGuard is used to provide VPN services on Windows. Algo generates a WireGuard configuration file, wireguard/.conf, for each user defined in config.cfg

Linux Devices

Setup an SSH Tunnel

If you turned on the optional SSH tunneling role, then local user accounts will be created for each user in config.cfg and SSH authorized_key files for them will be in the configs directory (user.ssh.pem). SSH user accounts do not have shell access, cannot authenticate with a password, and only have limited tunneling options (e.g., ssh -N is required). This ensures that SSH users have the least access required to setup a tunnel and can perform no other actions on the Algo server.

Use the example command below to start an SSH tunnel by replacing and with your own. Once the tunnel is setup, you can configure a browser or other application to use 127.0.0.1:1080 as a SOCKS proxy to route traffic through the Algo server:

ssh -D 127.0.0.1:1080 -f -q -C -N <user>@algo -i configs/<ip>/ssh-tunnel/<user>.pem -F configs/<ip>/ssh_config

SSH into Algo Server

Your Algo server is configured for key-only SSH access for administrative purposes. Open the Terminal app, cd into the algo-master directory where you originally downloaded Algo, and then use the command listed on the success message:

ssh -F configs/<ip>/ssh_config <hostname>

where is the IP address of your Algo server. If you find yourself regularly logging into the server then it will be useful to load your Algo ssh key automatically. Add the following snippet to the bottom of ~/.bash_profile to add it to your shell environment permanently:

ssh-add ~/.ssh/algo > /dev/null 2>&1

Alternatively, you can choose to include the generated configuration for any Algo servers created into your SSH config. Edit the file ~/.ssh/config to include this directive at the top:

Include <algodirectory>/configs/*/ssh_config

where is the directory where you cloned Algo.

Adding or Removing Users

If you chose to save the CA key during the deploy process, then Algo's own scripts can easily add and remove users from the VPN server.

Update the users list in your config.cfg

Open a terminal, cd to the algo directory, and activate the virtual environment with

source .env/bin/activate

Run the command:

 ./algo update-users

After this process completes, the Algo VPN server will contain only the users listed in the config.cfg file.