Spawn

Administrator
Staff member
Verified
Homepage: GitHub - trailofbits/algo: Set up a personal IPSEC VPN in the cloud
Blog post: Meet Algo, the VPN that works

Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.

Features
  • Supports only IKEv2 with strong crypto: AES-GCM, SHA2, and P-256
  • Generates Apple profiles to auto-configure iOS and macOS devices
  • Includes a helper script to add and remove users
  • Blocks ads with a local DNS resolver (optional)
  • Sets up limited SSH users for tunneling traffic (optional)
  • Based on current versions of Ubuntu and strongSwan
  • Installs to DigitalOcean, Amazon EC2, Microsoft Azure, Google Compute Engine, or your own server
Anti-features
  • Does not support legacy cipher suites or protocols like L2TP, IKEv1, or RSA
  • Does not install Tor, OpenVPN, or other risky servers
  • Does not depend on the security of TLS
  • Does not require client software on most platforms
  • Does not claim to provide anonymity or censorship avoidance
  • Does not claim to protect you from the FSB, MSS, DGSE, or FSM

Meet Algo

I think you’ll agree when I say: there’s no VPN option on the market designed with equal emphasis on security and ease of use.

That changes now.

Today we’re introducing Algo, a self-hosted personal VPN server designed for ease of deployment and security. Algo automatically deploys an on-demand VPN service in the cloud that is not shared with other users, relies on only modern protocols and ciphers, and includes only the minimal software you need.

And it’s free.

For anyone who is privacy conscious, travels for work frequently, or can’t afford a dedicated IT department, this one’s for you.​
 

Spawn

Administrator
Staff member
Verified
From the blog post quoted above they go on to mention to avoiding commercial VPNs (inc. a list).
Don’t bother with commercial VPNs
Really, the paid-for services are just commercial honeypots. If an attacker can compromise a VPN provider, they can monitor a whole lot of sensitive data.
Paid-for VPNs tend to be insecure: they share keys, their weak cryptography gives a false sense of security, and they require you to trust their operators.
Even if you’re not doing anything wrong, you could be sharing the same endpoint with someone who is. In that case, your network traffic will be analyzed when law enforcement makes that seizure.
Aug, 2016: Most VPN Services are Terrible · GitHub
 

blackice

Level 3
Just thought I’d mention I spun up a server this weekend, well a few different ones to mess around with. They have added wireguard support, which is great on iOS, and have addressed some security concerns. It’s a really good learning experience if you aren’t well versed in Linux. Obviously not a use case for “anonymity”, for which the internet wasn’t built anyway.