Algo VPN v1.1 releases: Set up a personal IPSEC VPN in the cloud
Algo VPN
Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices.
Features
- Supports only IKEv2 with strong crypto (AES-GCM, SHA2, and P-256) and WireGuard
- Generates Apple profiles to auto-configure iOS and macOS devices
- Includes a helper script to add and remove users
- Blocks ads with a local DNS resolver (optional)
- Sets up limited SSH users for tunneling traffic (optional)
- Based on current versions of Ubuntu and strongSwan
- Installs to DigitalOcean, Amazon Lightsail, Amazon EC2, Vultr, Microsoft Azure, Google Compute Engine, Scaleway, OpenStack, or your own Ubuntu server
Anti-features
- Does not support legacy cipher suites or protocols like L2TP, IKEv1, or RSA
- Does not install Tor, OpenVPN, or other risky servers
- Does not depend on the security of TLS
- Does not require client software on most platforms
- Does not claim to provide anonymity or censorship avoidance
- Does not claim to protect you from the FSB, MSS, DGSE, or FSM
Changelog v1.1
Removed
- IKEv2 for Windows is now deleted, use Wireguard #1493
Added
- Tmpfs for key generation #145
- Randomly generated pre-shared keys for WireGuard #1465 (elreydetoda)
- Support for Ubuntu 19.04 #1405 (jackivanov)
- AWS support for existing EIP #1292 (statik)
- Script to support cloud-init and local easy deploy #1366 (jackivanov)
- Automatically create cloud firewall rules for installs onto Vultr #1400 (TC1977)
- Randomly generated IP address for the local dns resolver #1429 (jackivanov)
- Update users: add server pick-list #1441 (TC1977)
- Additional testing #213
- Add IPv6 support to DNS #1425 (shapiro125)
- Additional p12 with the CA cert included #1403 (jackivanov)
Fixed
- Fixes error in 10-algo-lo100.network #1369 (adamluk)
- Error message is missing for some roles #1364
- DNS leak in Linux/Wireguard when LAN gateway/DNS is 172.16.0.1 #1422
- Installation error after #1397 #1409
- EC2 encrypted images bug #1528
Changed
- Upgrade Ansible to 2.7.12 #1536
- DNSmasq removed, and the DNS adblocking functionality has been moved to the dnscrypt-proxy
- Azure: moved to the Standard_B1S image size
- Refactoring, Linting and additional tests #1397 (jackivanov)
- Scaleway modules #1410 (jackivanov)
- Use VULTR_API_CONFIG variable if set #1374 (davidemyers)
- Simplify Apple Profile Configuration Template #1033 (faf0)
- Include roles as separate tasks #1365 (jackivanov)
Download & Tutorial
Copyright (c) 2016 Trail of Bits
