How to Set up Your Own Completely Free VPN in the Cloud
A virtual private network (VPN) is a great way to increase the security of your browsing as well as prevent surveillance ( including your ISP ), but VPN providers are notoriously sketchy . You could do a little research to find a good one. Or you can make your own in about 10 minutes.
As a reminder, a VPN encrypts your data before it leaves your device, then that data remains encrypted as it passes through your local network and your Internet Service Provider (ISP) until it is ultimately decrypted by the VPN server. In this case, you will be installing the VPN software on the web service.
Commercial VPNs are easier to set up, and while this project is not overly complex, you do need to have some technical readiness to do so. Since a poorly configured VPN is useless, I would recommend using a commercial option from a reputable company such as Private Internet Access , SlickVPN , NordVPN, Hideman, or Tunnelbear if you’re not comfortable with configuring this for yourself. For the rest of us who are comfortable with a little command line use, let’s get started.
What are you getting
Namely, you get a free VPN from this. This means a secure, encrypted connection between your computer or mobile device and the Internet in general. If you are annoyed that your ISP can see everything you do on the Internet, or you need a secure Internet connection when you are in a coffee shop , then you should use a VPN.
We’ve highlighted many public VPN providers over the years , including most recently private internet access , but one common problem with any provider is that it’s hard to tell how loyal they are about keeping your personal information private. So the next logical step is to make your own. There are several different projects for this, but I settled on Algo because it seems to be the simplest of them all. It installs the VPN software on one of several different competing cloud services, and you can connect to it from any computer you have.
There are several more options , including Streisand , which takes the VPN idea even further by integrating the Tor bridge and several other privacy-focused features. Streisand is great, but for most of us, this is overkill. However, if you are more interested in the additional privacy and security features in Streisand, the first step of the setup process is almost identical to Algo, so the first step in this guide will walk you through the confusing part of setting up your Amazon EC2 Service. Then follow Streisand’s instructions for your operating system.
Finally, before we begin, Algo does not anonymize your web browsing or protect you from legal or government entities receiving your data. In theory, the government could request your billing information from a hosting provider, in this case Amazon. This means that your traffic can be tracked to you. Of course, they can do this with any commercial VPN provider as well. However, at least a portion of this VPN is entirely up to you. It’s also relatively disposable, so you can set up or destroy this sucker pretty quickly once you get the hang of the process.
However, Algo protects and encrypts your connection, which is good enough for most of us. If you are uncomfortable with giving money to anonymous random VPN provider, this is the best solution.
Step 1: Register for an Amazon EC2 Account
You can install Algo on DigitalOcean , Amazon EC2 , Google Compute Engine, and Microsoft Azure . If you’re a new user, you can access the Amazon EC2 Free Tier all year round, so we’re going to detail the process here.
However, there are some limitations here. First, you get 750 hours per month, which should be more than enough for a single device, but can increase if you have multiple devices. Secondly, you are limited to 15 GB of bandwidth per month. If you are uploading a lot of large files, this may not be enough. Third, after a year, the price switches to hourly rates. However, most people shouldn’t expect to pay more than $ 10-11 a month.
If this unpredictability is annoying and you’d rather skip the free year in favor of something more robust for the price, I suggest using DigitalOcean’s $ 5 / month tier instead. Setting up DigitalOcean is also much easier. Create a new blob with default settings, then click on the API tab and generate a new token. You will need this number during the installation of Algo. After that, you can simply skip to the algorithm step below.
But we all love free, so let’s continue with Amazon:
- Go to the Amazon Web Services site and create a free account. You can link your current Amazon account to your web services account if you like.
- Once logged in, click Services> IAM. It’s under the Security, Identity & Compliance tab.
- Click the Users tab on the left.
- Click Add User.
- Create a username, then check the box next to Programmatic Access. Then click Next.
- Click Connect existing policies directly.
- Enter “admin” to search for policies. Find “Administrator Access” and check the box next to it. When finished, click Next.
- On the final screen, click the Upload CSV button. This file includes a pair of numbers and passkeys that you will need during the Algo setup process. Click “Close” and you’re done.
Your little free tier is now up and running on Amazon. It’s time to install Algo.
Step 2. Download and install Algo
Next, we’ll install Algo. You will do this using the command line on your Windows, Mac, or Linux home computer. If you are using Linux or Mac, skip to the second part below. If you are using Windows, continue.
Part one: Windows 10 users (Mac users can skip this step)
To work, Windows users will need to install Windows Subsystem for Linux for Algo, which is only available on Windows 10 (Anniversary Update or later). Here’s what you need to do:
- Open settings.
- Click Update & Security, then click For Developers.
- Turn on developer mode.
- After everything is installed, click on “Control Panel” and select “Programs.”
- Click Turn Windows features on or off.
- Scroll down and check the box next to Windows Subsystem for Linux, then click OK. Windows will install the software and then reboot.
You now have Linux Bash installed. Click the start menu and type bash. You will be asked a few more questions. Answer them and Windows will install another set of software. Finally, once this is complete, you will be taken to the command line. Enter this and hit enter:
sudo apt-get update && sudo apt-get install python-pip python-setuptools build-essential libssl-dev libffi-dev python-dev python-virtualenv git -y
Then clone the repository using this command:
git clone https://github.com/trailofbits/algo && cd algorithm
Once that is done, move on to the fifth step of the second part below.
Part two: installing the algorithm
On Mac, you can easily install Algo. However, depending on which version of Linux you are using, you will have a different set of commands here. You can find out what you need for Linux here .
- On a Mac, download Algo and unzip the file on any computer. This creates a folder called
algo-master
. - Open Terminal, then type
cd
and specify the location of the “algo-master” directory. If you are unsure about this, entercd
, then drag the algo-master directory to Terminal. It will auto-populate the location, resulting incd /Users/jimbojones/Documents/algo-master
something likecd /Users/jimbojones/Documents/algo-master
. - Type
python -m ensurepip —user
and press Enter. - Type
python -m pip install —user —upgrade virtualenv
and press Enter. - Type
python -m virtualenv env && source env/bin/activate && python -m pip install -r requirements.txt
and press Enter. If you have not installed the cc command line tools before, you will be prompted accordingly. Agree. - Type
sudo nano config.cfg
and press Enter. A text editor will open. In the Users section, enter the names of all users you want to create. These are different people that you want to have access to your VPN, so make a few of them if you are sharing with friends or using multiple devices. When you’re done press Ctrl + X to save and exit. - Enter
./algo
to start the installation process. The installation script will ask you a series of questions. - For Vendor, enter
2
for Amazon EC2 (unless you chose another vendor). Enter any name for your VPN and choose a server location (I suggest sticking to the closest server available). - Then you need to get your AWS Access Key and AWS Private Key. Remember that credential CSV file you downloaded from Amazon in the previous step? This includes both of these numbers. Go ahead and copy / paste each number from that file when asked.
- Algo will then ask you about the VPN on demand. I answered
Yes
to both questions. This automatically connects your Apple devices to the VPN. Otherwise, you will have to manually enable them each time. I also recommend saying yes to security improvements, HTTP proxy and local DNS resolver. The rest of the options are entirely up to you, you can say no to everything and your VPN will still work fine.
Finally, after all this, Algo will go out into the world and install itself on your ISP, and then configure many different services, which will ultimately give you the go-ahead that you’re done. Your VPN is now up and running. You need to connect your devices to it in order to use it.
Set up your devices for VPN
To connect to a VPN, you need to install a profile or certificate on each device from which you want to connect to the VPN. This is more difficult for some operating systems than others. In any case, all the files you need are in the “algo-master” directory inside the “configs” folder.
Set up VPN on Apple devices
Inside the “configs” folder, you will find a .mobileconfig file. On Mac, double-click this file to install the profile on Mac. To install a profile on an iPhone or iPad, you can either Airdrop the same file from your Mac to your iOS device, email it to yourself, or upload it to a cloud service like iCloud or Dropbox and open it from there. You will be prompted to confirm the installation of the profile, and from now on you will be connected to this VPN. You can disconnect simply by deleting the profile.
Set up VPN on Android devices
On Android, you first need to install the StrongSwan VPN Client app . Then copy the P12 file from the Configs folder to your Android device and open it in strongSwan. Follow the instructions from there to install it. If you need help, this guide will walk you through each part.
Set up your VPN on Windows
On Windows, this is a fairly complex process, but still doable.
- Go to the “config” folder, then copy the PEM, P12 and PS1 files to your Windows computer.
- Double-click the PEM file to import it into the Trusted Root Store.
- Open the Powershell app, then navigate to the folder with the files you copied in the first step a second ago.
- Type
Set-ExecutionPolicy Unrestricted -Scope CurrentUser
and press Enter. - Enter the name of your Powershell script and press Enter. It will be something like
windows_$usernameyoumadeup.ps1
. Follow the instructions on the screen. - Finally, when it’s complete, type
Set-ExecutionPolicy Restricted -Scope CurrentUser
and press Enter.
Your VPN should now be configured.
Once you’ve got everything set up, follow our testing guide to make sure your VPN is working properly.