We promised you an even easier solution than we proposed in Chapter 4.3 (OPENVPN) so today we cover a setup that allows IKEv2 with strong encrypto (AES-GCM, SHA2 and P-256), and WireGuard with a built-in ad and  tracking blocker!

This solution is called Algo VPN!


It is an extremely easy setup and it works 'out of the box' with most cloud providers! One of the best is Hetzner, but as mentioned in Chapter 4.2 they want an ID during the setup of the cloud. Once again, this is not a big issue as you control the cloud, logs etc. Plus you should be doing a new cloud setup every 14-30 days for maximum privacy and then just delete the old setup, this is less important if you are only using it for streaming but bear in mind that you control the cloud, so you can exchange it at any time!

Download Algo and deploy it super easily by connecting via ssh to your server,

git clone https://github.com/trailofbits/algo.git

to create a directory named algo containing the Algo scripts.

On some servers you might need to install Python 3 for Ubuntu and Debian thus:\

sudo apt install -y python3-virtualenv

Install Algo's remaining dependencies. You'll need to run these commands from the Algo directory each time you download a new copy of Algo. In a Terminal window cd into the algo directory and run:

python3 -m virtualenv --python="$(command -v python3)" .env &&  source .env/bin/activate &&  python3 -m pip install -U pip virtualenv &&  python3 -m pip install -r requirements.txt

Set up the username for the people who will be using the VPN. To accomplish this, use your favorite text editor, such as Nano or Vim, to  edit the config.cfg file in the ~/algo directory:

Now open and edit the config.cfg file thus:

nano config.cfg
vim config.cfg

If you wish, remove the lines that represent the default users phone,  laptop and desktop then add your own (e.g., hildeguard, peter, andy) so that  the corresponding section of the file looks like this:

If that's the case, congratulation!

SFTP now to your server, and download the config files.

This files should be called:

hildeguard.conf (whicht is a config file for WireGuard)
hildeguard.mobileconfig (which is a config file for IKEv2 mobile setup for iOS)
hildeguard.png (which generates a QR code that you can scan with your Android or iOS device)

Of course you have the same files for peter and andy

Enjoy  extremely good speeds with this setup. Of course, this is again based on your physical location, but WireGuard and IKEv2 are extremely fast and  you should get a way better speed than with the OpenVPN setup.

In our next writeup, we will describe a a WireGuard setup with unbound DNS resolver! This is the fastest AND the easiest setup and you'll get it next!