|
So, this comes up semi-regularly in the IYG Android Thread and it's not exactly in-scope for that thread so here is where I'll describe algo. Algo automates the deployment of a cloud server at Digital Ocean, Azure, Amazon, or Google. It then configures that server to serve as an IPSEC VPN for securing internet connections for your devices. quote:Algo automatically deploys an on-demand VPN service in the cloud that is not shared with other users, relies on only modern protocols and ciphers, and includes only the minimal software you need. You can read more about the inspiration and reasons for algo to exist here. Algo can also be configured to block ads. A typical usage scenario for an Apple device might go like this: 1. Download and unzip algo. 2. Set up an account at Digital Ocean. 3. In your account settings at Digital Ocean generate an API key. 4. Run through the algo install. 5. Send the automatically generated apple profile to your iPhone. 6. Turn on the VPN in the settings. Android doesn't support the IKEv2 protocol natively, so you have to use the strongSwan app. You can also use it on Windows or Linux clients. Ehh, I'm sure people will need more help so I'll update this OP as needed. I'd appreciate any infosec people chiming in on what they think about algo.
|
# ¿ Sep 13, 2017 17:18 |
|
|
# ¿ Apr 26, 2024 13:57 |
|
hooah posted:Do you use your algo-created VPN on a desktop? I recently set mine up again and now one of the games I play (Warframe) will no longer work with the VPN connection active. Any ideas? I do sometimes, but I don't when I game just because I MUST HAVE LESS PINGS. But I think Rexxed is right, I've come across a couple of things that note that I'm surfing from a data center and they say "NO".
|
# ¿ Sep 14, 2017 16:04 |
|
That's a pretty reasonable thing to believe. FWIW, I've had the opposite experience with the one thing I wanted help with. FWIW, part deux, I've had windows 10 connected for days straight, so I guess you're right about then fixing it.
|
# ¿ Sep 14, 2017 20:15 |
|
A nice thing about algo is that its almost zero effort to spin up another VPN server on another cloud server...as long as you have your accounts set up at each of them. So, if you have trouble with something blocking some IP range or something, its easy to try another. (FWIW, I don't recall having a problem with blocking anywhere with my DO-hosted VPN server)
|
# ¿ Sep 17, 2017 17:33 |
|
Grassy Knowles posted:This is also true—I just don't care, so I let it be until I have another reason to switch like an upcoming outage. How could you not care about pizzahut.com??!?!
|
# ¿ Sep 17, 2017 18:54 |
|
I don't use AWS, I use DO, and it cost me 5/month.
|
# ¿ Sep 23, 2017 16:07 |
|
EconOutlines posted:What are we talking about in terms of security vs OpenVPN? quote:OpenVPN’s lack of out-of-the-box client support on any major desktop or mobile operating system introduces unnecessary complexity. The user experience suffers. That's what the developers of algo have to say about OpenVPN.
|
# ¿ Oct 10, 2017 15:18 |
|
tzirean posted:I'm probably wrong, but this seems worse for privacy than typical VPNing. Instead of tracking your IP to a VPN service that doesn't keep specific logs, it's tracked to a cloud service that can happily hand over your exact details as the only user who could possibly have been at that IP at that time. Am I an idiot? "Not keeping logs" is a bullshit thing for a VPN provider to claim anyway. quote:Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,
|
# ¿ Oct 10, 2017 20:49 |
|
Khorne posted:That's literal metadata that is available without the VPN provider keeping it, and the only examples of this happening with a VPN provider is with one based in China and another based in the UK. DO self-hosted VPNs will get you nailed in the same way. I'm not sure if you're agreeing or disagreeing with me. My point was that you are just taking their word for it WRT to log-keeping and other anonymizing strategies and that it doesn't really matter much anyway since as you point out there's other things that can be done other than just looking at logs. I wasn't claiming that self-hosted VPNs were better or worse, only that if you're that concerned with log keeping you need to be aware that you're just taking it on faith. Thermopyle fucked around with this message at 01:02 on Oct 11, 2017 |
# ¿ Oct 11, 2017 00:35 |
|
It depends on your internet speed. Not directly relevant to your question, but algo is mostly focused on cloud servers and you can get a DO server for 5/month.
|
# ¿ Oct 22, 2017 15:50 |
|
Boris Galerkin posted:I just wanted to do it on my router cause I thought I wanted to own the entire stack down to hardware, but then I thought about what the point of this was (securing my public WiFi) and didn’t care anymore. Gave it a shot with DO since I already had an account there and since I’m staying at hotels right now and it works great. Will look more in depth into the options later cause I don’t need it to generate any android anythings for me. They also support deploying to your own Ubuntu server so you might look in to that. There was [url=http://w4t.pw/2p]work done on supporting it on Ubiquiti EdgeMax devices and there's a config and instructions to do that. However, it's not the easiest system and after some discussion I think people are holding off on going further with it and official support until algo gets its plugin system implemented.
|
# ¿ Oct 26, 2017 15:05 |
|
apropos man posted:I tried algo the other day and the script returned an error pertaining to a missing selinux python dependency. Check out the issues and submit a new one if you can't find someone with the same problem. https://github.com/trailofbits/algo/issues
|
# ¿ Oct 26, 2017 15:15 |
|
THF13 posted:Covering the stupid questions first, did you CD into the algo-master directory where you unzipped Algo before running any of the commands from the deployment guide? FWIW, I had those problems long ago with strongswan, but for a long time now strongswan basically never disconnects or gets stuck. Right now it's been running for 4 days on my phone. I do hate how I have to disconnect to use some smarthome devices and chromecasts as they expect you to be on the same network.
|
# ¿ Oct 26, 2017 17:33 |
|
THF13 posted:I saw it had split tunneling with options for excluding specific network subnets, wouldn't that solve it? They added that somewhat recently and I'm too networking-stupid to figure out how to configure it. There's a Custom subnets and and an excluded subnets field and I can't seem to bungle my way through getting it to work. I also think that maybe it's not a great solution anyway because anytime I get on wifi using the same ip range as my home network (192.168.1.x) i'm exposing requests from my phone to that network. Or maybe I just don't understand (most likely). edit: Oh, I messed around with it more. Had to put 192.168.1.0/24 into excluded subnets and that seems to work. I'm not sure if it's a good idea though because of what I mention about being on other wifi networks with that address range... Thermopyle fucked around with this message at 19:58 on Oct 26, 2017 |
# ¿ Oct 26, 2017 19:44 |
|
hooah posted:I've heard of this (if it's the same thing as split horizon), and it sounds like it could help me use e.g. Universal Remote and browse the SMB share on my desktop while at home. If that's the case, do you have anywhere I can read up on how to make this work? Thermopyle's post about subnetting might help too. My post is all you need. Requests to your network bypass the vpn if you add the subnet mask to the "excluded subnets" setting for your certificate in strongswan.
|
# ¿ Oct 27, 2017 03:34 |
|
|
# ¿ Apr 26, 2024 13:57 |
|
Blue Footed Booby posted:I did this too. StrongSwan worked perfectly and my phone is online and ad-free. Just delete the droplet you used to create the algo droplet. The whole point of algo is that it sets up a secure droplet for you, so now that you've done it you're done. You basically don't need to think about it again.
|
# ¿ Nov 26, 2017 02:39 |