Ask any privacy watchdog, If you are a corporate person working in a highly competitive firm and mainly travel to different places for work, You are ought to use a VPN service.
If your company doesn’t have a VPN server, You are highly advised to use a top-notch paid VPN instead of free VPN services.
Because paid VPN services are believed to be secure and reliable. And your company would never want its competitors to intercept its employee’s network traffic.
But the fact is, Most paid VPN services are unreliable, insecure because of their weak cryptography implementations and apparently they are prone to hacking, thereby revealing sensitive information of the users using it.
Also, you never know with whom you are sharing the VPN service endpoints.
Let’s say you are a privacy concerned internet user using X-VPN service. The X-VPN has many endpoints which are used by different user groups. X-VPN has allocated you a service “endpoint-3” along with few other users forming a particular group.
A particular user in your group is engaged in illegal business and somehow the law enforcement agency like NSA gets hold of him.
In this case, the law enforcement agency will ask X-VPN service provider to reveal all the network traffic of the criminal user (“endpoint-3”). Since the same endpoint is shared by you & your group, even your network traffic will be available to the agency for analyses.
For this reason, Intelligent privacy watchdogs do not recommend the use of any publicly available free/paid VPN’s. In-fact some VPN providers sell user-data & browsing history to Scammers and Advertisers for more profits.
So what can be the best solution?
How to create your own VPN server in the Cloud?
Having your own VPN server that can cater exclusively for you is very beneficial. You no longer have to share your VPN server with other people, Giving you much better performance and It’s much cheaper than subscribing to a VPN service.
Before we begin with the tutorial, let me clear that VPN service will not make you immune to internet surveillance or more secure on the internet, albeit you will be much safer than being sensed by your ISP on a regular connection. Moreover, VPN service will help you bypass internet censorship.
That being said, let’s get started with the tutorial.
Requirements for setting up a VPN server
For creating your own VPN server you will need 2 things, A cloud hosting and a VPN server software.
Cloud hosting provider
There are several cloud hosting providers in the market but I recommend choosing between either DigitalOcean or Amazon EC2.
Since Amazon EC2 gives you a free 12 months of service, We will use this web service for our VPN server (I have listed instructions for both). However, for best performance, you should switch to DigitalOcean, which provides greater bandwidth and processing compared to Amazon EC2.
For example, DigitalOcean’s $5 a month plan gives you 1TB of bandwidth, 1 core processor & 512MB memory. While Amazon EC2 gives you limited 15GB of bandwidth per month (after free 12 months trial you will end up paying around $10 per month)
VPN server software
I have been playing around with this new personal VPN server called Algo VPN, which seems very simple and has the best security features. With Algo, you can set up a VPN in the cloud within a few minutes.
‘Algo’ relies on only modern protocols and cyphers. It contains the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
Steps in creating your own VPN Server
We will first register & set-up your cloud hosting and then deploy Algo VPN server to your newly created cloud instance.
Register Cloud hosting account
You can start with Amazon EC2 since its free for 12 months. However, if you are serious with your VPN usage, Start with $5 a month plan of Digitalocean (The best cloud computing service)
Registering on Amazon EC2:
1) Head over to Amazon web services site and click “get started with Amazon EC2”. You can sign-in with your existing Amazon account or create a new account. Select “personal account” and fill in all the required details. Complete your “payment & identity” verification and you are done with the registration.
2) Now sign-in to your AWS account, Click services > IAM (Security, Identity, & Compliance tab).
3) Inside IAM management console, click the user’s tab on the left and add a new user with the username of your choice, Check “Programmatic Access“. Then click next.
4) In the permissions screen, Click “attach existing policies directly” and search for “AdministratorAccess”. Click the checkbox next to that. Then click Next.
5) Review and click “create user”. On the final screen, click the “Download CSV” button. This file includes access keys that you’ll need during the Algo VPN set up the process. Click close and your free tier service is up and running on Amazon AWS.
Registering on DigitalOcean:
The overall process of registering an account and creating access tokens in DigitalOcean is relatively simple and fast. Even developers@trailofbits recommend DigitalOcean.
1) Goto DigitalOcean website and sign up for a new account. Once you verify your email and add billing info, You will be taken to a plan selection page (droplet selection)
2) On create droplet page, Select these options:
Datacenter Region: Choose the closest one
Leave rest of the options unchanged & click “create” button.
3) Congrats! You just configured your cloud instance. At this moment you will be in your droplets dashboard. Go to API section and click “generate New Token”.
4) Enter any token name and click “generate token”
5) Copy the token that you just created and save it in a separate text file. We will be using this token while deploying Algo to your newly created DigitalOcean droplet.
Configuring and deploying Algo VPN
Windows users please follow this page for prerequisites. Once you are done with the required prerequisites, Continue from step 5 below.
1) Download Algo and unzip the file wherever you want on your system. This creates a folder called algo-master. I have this folder in my “Downloads” directory.
2) Open your favourite Terminal, then type in cd followed by the algo-master directory location and hit enter (we are just navigating to algo-master folder). If you’re not sure about the actual path, Just type in cd, then drag and drop the algo-master folder into Terminal. It’ll auto-fill the location.
3) Type in python -m ensurepip –user and hit enter.
4) Next, type in python -m pip install –user –upgrade virtualenv and hit enter. This will complete installing algo’s core dependencies.
If you see a message about pip upgrade, go ahead and type in sudo python -m pip install –upgrade pip and hit enter to upgrade your pip (Enter your mac admin password).
5) Type in python -m virtualenv env && source env/bin/activate && python -m pip install -r requirements.txt and hit enter. This will install the remaining dependencies and can take some time.
Note: If you haven’t installed the cc command line tools before, you’ll get a prompt to do so. Go ahead and install when prompted.
Also, observe your terminal for any possible errors. If you see any errors, Just restart from step 1 (delete algo-master folder and download it again).
6) Next, We will create a list of users that will have access to your VPN server. So according to your needs, like how many devices you have or if you would like to share your VPN with friends and family, make a list of their names.
Once you do that, Type in sudo nano config.cfg and hit enter (enter your mac admin password). This opens up a text editor. Under users, type the names of any users you’d like to create. When you’re done, press Ctrl+X to save and exit (if it doesn’t close, press enter).
7) Type in ./algo to start the installation process. For the provider, type in 1 for DigitalOcean or 2 for Amazon EC2 and hit enter.
If your provider is Amazon EC2, you will need to enter “AWS access key” and “AWS secrete key” (You will find it in the CSV file you that downloaded in the previous steps). Go ahead and copy/paste each number from that file when you’re asked.
Or if your provider is DigitalOcean, You just need to enter your “access token” (you saved it in a text file during registration). Next, type any name for your VPN.
8) Once you are done with access keys and server naming, You will be asked a series of questions during installation. Choose the server location (i suggest sticking to the closest available server).
Next up, Algo asks you about VPN On Demand. This makes it easy for your Apple devices automatically connect to the VPN. Otherwise, you have to enable them manually each time.
Say yes to the security enhancements, HTTP proxy, and local DNS resolver. However these options are entirely up to you, you can say no to everything and your VPN will still work fine.
Finally, after you are done with answering questions, Algo will work in the background and install itself on your provider, then set up a ton of different services, eventually giving you final success message that will look like this:
Your VPN is now up and running. You need to connect your devices to it in order to use it.
You will find all the required profile/certificate files for your users/devices in your algo-master directory.
You will require these files to setup VPN on your devices. For detailed instructions on configuring your (mac, windows, iPhone, Android) devices for your VPN, refer this official trailofbits github page.