It’s worth mentioning that it is not, nor does TrailOfBits pretend, that the goal of this project is privacy; it is security. Algo doesn’t and couldn’t care less about your privacy once you reach the endpoint, only about securing the tunnel.<p>You shouldn’t use Algo if you are concerned about surveillance from corporations/governments, you <i>should</i> use Algo if you are concerned about surveillance/attacks from your local network or ISP.
It should be noted that if you've setup Algo already that it now supports WireGuard. The WireGuard Android app (which would be great to verify that it is indeed published by www.wireguard.com) is stupid easy to setup and enable on your device.
I prefer <a href="https://github.com/hwdsl2/setup-ipsec-vpn" rel="nofollow">https://github.com/hwdsl2/setup-ipsec-vpn</a>. Shamless blog post on setting it up on a Raspberry Pi 3 - <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" rel="nofollow">https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec...</a>
Use Wireguard. It is wonderful and the community is friendly. `wg-quick` is easy to use but if you need it, I believe Streisand supports automatically provisioning a wireguard setup.
> Does not install Tor, OpenVPN, or other risky servers<p>Although I recognize IPsec is a widely supported protocol and suitable for this use case, did the readme intend to imply OpenVPN is risky?
Question - are there any guides available to help set up a home-brew router to route all outbound connections through an Algo VPN with exceptions for Netflix/etc.?<p>Something like this (this is for OpenVPN): <a href="https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/" rel="nofollow">https://arstechnica.com/gadgets/2017/05/how-to-build-your-ow...</a><p>I currently have a pfSense router set up with Algo, but I have to disable the IPSec policy whenever I want to use Netflix. (Discussion here: <a href="https://github.com/trailofbits/algo/issues/292" rel="nofollow">https://github.com/trailofbits/algo/issues/292</a> - see comments near the bottom.)
I actually tried running Algo through Azure and Microsoft terminated my Azure account citing I was breaking Terms of Service. I had hosted Algo for all of two and a half days before the takedown.<p>Not sure if anyone else has had luck - that was all I was using Azure for was to test Algo out so had nothing else running on Azure at the time. I also ran into a few snags trying to deplay Algo onto Azure so haven't bothered trying to set it up elsewhere. My goal of the VPN was to get a JP address as a few sites I browse are easier to browse with a JP address (eg: I don't get forced bad English translations with no way to toggle to the JP version of the site because I'm coming from an American IP...)
Given this post's HN commentary is full of seemingly well-informed perspectives on the relative merits of several VPN service providers and software packages can anyone comment on Private Tunnel? I've been using it for years, having paid something like $20 for 100GB. No complaints, but interested in expert opinion / insights regarding privacy and security. Thanks!
>Does not install Tor, OpenVPN, or other risky servers<p>Does it call OpenVPN a risky server? Why?<p>Found it <a href="https://github.com/trailofbits/algo/blob/master/docs/faq.md#why-arent-you-using-openvpn" rel="nofollow">https://github.com/trailofbits/algo/blob/master/docs/faq.md#...</a>
What is the best way to have a VPN in each continent (apart from the obvious option to have an instance in each region)? I used to pay for a commercial service, but I lost this functionality when I switched to a self-hosted solution.<p>I prefer this feature since I travel a lot and would like to have lower latency wherever I am.
How do you decide what vpn tech to use?<p>I was using openvpn and then switched to wireguard because openvpn was consuming a lot of power on my phone.<p>Why would I want to use Ipsec?
Not enough people have heard of Outline.
<a href="https://getoutline.org/" rel="nofollow">https://getoutline.org/</a><p>It is a shadowsocks client and even non-technical users can provision VPNs on cloud hosting providers.
IPSEC is broken by (NSA) design. Use Wireguard instead.<p><a href="https://www.mail-archive.com/cryptography@metzdowd.com/msg12325.html" rel="nofollow">https://www.mail-archive.com/cryptography@metzdowd.com/msg12...</a><p><a href="https://www.wireguard.com/protocol/" rel="nofollow">https://www.wireguard.com/protocol/</a>
>Algo supports DigitalOcean (most user friendly), Amazon Lightsail, Amazon EC2, Microsoft Azure, Google Compute Engine, Scaleway and OpenStack.<p>four of the seven listed are cloud providers that actively encourage censorship for the sake of their business model. at best, you would be a fool to run a personal VPN on them, at worst the fact that support exists at all could be evidence that this software is in fact <i>worse</i> than openVPN or TOR in that it facilitates an obviously poor implementation.<p>Google and Microsoft both joined the PRISM program in 2009.<p><a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#Media_disclosure_of_PRISM" rel="nofollow">https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#M...</a>
I once wanted to write an Ansible playbook to install VPN on a server but found out that you cannot just pass parameters via command line like<p>ansible setup-vpn 1.2.3.4<p>Ansible expects you to write host address into a file in /etc. So inconvenient. Also, Ansible doesn't support Windows and Cygwin.<p>It turned out it was easier to write instructions into a Bash program. Sadly, it is non-portable and works only with a specific distribution.<p>It is also surprising how many files are there in the repository for a relatively simple task. And how complicated installation process is. In PHP everything would be easier, because you can pack your application into a single phar archive like in Java.<p>They don't support builtin Android client. I remember I installed Strongswan or something like this and it worked with Android out of the box.<p>I wouldn't recommend Digital Ocean. They don't accept virtual debit card (they want a real card so they can charge you whenever they want) and their VPS are too expensive. $5 per month is too expensive when you can find offers as low as 1 euro/month in Europe with pre-paid system.