Algo: A set of Ansible scripts that simplify the setup of a personal IPSEC VPN

189 点作者 uoflcards22超过 6 年前

18 条评论

It’s worth mentioning that it is not, nor does TrailOfBits pretend, that the goal of this project is privacy; it is security. Algo doesn’t and couldn’t care less about your privacy once you reach the endpoint, only about securing the tunnel.You shouldn’t use Algo if you are concerned about surveillance from corporations/governments, you should use Algo if you are concerned about surveillance/attacks from your local network or ISP.

评论 #17816411 未加载

评论 #17820608 未加载

评论 #17816606 未加载

dalanmiller超过 6 年前

It should be noted that if you've setup Algo already that it now supports WireGuard. The WireGuard Android app (which would be great to verify that it is indeed published by www.wireguard.com) is stupid easy to setup and enable on your device.

评论 #17818405 未加载

nodesocket超过 6 年前

I prefer <a href="https://github.com/hwdsl2/setup-ipsec-vpn" rel="nofollow">https://github.com/hwdsl2/setup-ipsec-vpn</a>. Shamless blog post on setting it up on a Raspberry Pi 3 - <a href="https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec-vpn-server-using-a-raspberry-pi/" rel="nofollow">https://blog.elasticbyte.net/setting-up-a-native-cisco-ipsec...</a>

评论 #17816156 未加载

评论 #17817901 未加载

eximius超过 6 年前

Use Wireguard. It is wonderful and the community is friendly. `wg-quick` is easy to use but if you need it, I believe Streisand supports automatically provisioning a wireguard setup.

评论 #17816464 未加载

评论 #17818210 未加载

评论 #17817180 未加载

评论 #17817005 未加载

accrual超过 6 年前

> Does not install Tor, OpenVPN, or other risky serversAlthough I recognize IPsec is a widely supported protocol and suitable for this use case, did the readme intend to imply OpenVPN is risky?

评论 #17816095 未加载

TimTheTinker超过 6 年前

Question - are there any guides available to help set up a home-brew router to route all outbound connections through an Algo VPN with exceptions for Netflix/etc.?Something like this (this is for OpenVPN): <a href="https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/" rel="nofollow">https://arstechnica.com/gadgets/2017/05/how-to-build-your-ow...</a>I currently have a pfSense router set up with Algo, but I have to disable the IPSec policy whenever I want to use Netflix. (Discussion here: <a href="https://github.com/trailofbits/algo/issues/292" rel="nofollow">https://github.com/trailofbits/algo/issues/292</a> - see comments near the bottom.)

评论 #17817021 未加载

Nadya超过 6 年前

I actually tried running Algo through Azure and Microsoft terminated my Azure account citing I was breaking Terms of Service. I had hosted Algo for all of two and a half days before the takedown.Not sure if anyone else has had luck - that was all I was using Azure for was to test Algo out so had nothing else running on Azure at the time. I also ran into a few snags trying to deplay Algo onto Azure so haven't bothered trying to set it up elsewhere. My goal of the VPN was to get a JP address as a few sites I browse are easier to browse with a JP address (eg: I don't get forced bad English translations with no way to toggle to the JP version of the site because I'm coming from an American IP...)

评论 #17816424 未加载

评论 #17818456 未加载

chrisweekly超过 6 年前

Given this post's HN commentary is full of seemingly well-informed perspectives on the relative merits of several VPN service providers and software packages can anyone comment on Private Tunnel? I've been using it for years, having paid something like $20 for 100GB. No complaints, but interested in expert opinion / insights regarding privacy and security. Thanks!

评论 #17818505 未加载

akerro超过 6 年前

>Does not install Tor, OpenVPN, or other risky serversDoes it call OpenVPN a risky server? Why?Found it <a href="https://github.com/trailofbits/algo/blob/master/docs/faq.md#why-arent-you-using-openvpn" rel="nofollow">https://github.com/trailofbits/algo/blob/master/docs/faq.md#...</a>

ilarum超过 6 年前

What is the best way to have a VPN in each continent (apart from the obvious option to have an instance in each region)? I used to pay for a commercial service, but I lost this functionality when I switched to a self-hosted solution.I prefer this feature since I travel a lot and would like to have lower latency wherever I am.

评论 #17816238 未加载

评论 #17816138 未加载

givinguflac超过 6 年前

Serious question, do people consider a cloud provider to be more trustworthy than a professional VPN company?

评论 #17815980 未加载

评论 #17816093 未加载

评论 #17816088 未加载

评论 #17816118 未加载

评论 #17815953 未加载

评论 #17815905 未加载

评论 #17817247 未加载

ishanjain28超过 6 年前

How do you decide what vpn tech to use?I was using openvpn and then switched to wireguard because openvpn was consuming a lot of power on my phone.Why would I want to use Ipsec?

评论 #17816601 未加载

评论 #17818073 未加载

alchemism超过 6 年前

Also is great. I extend this script and use it as a quick-and-easy way of managing my dev team’s vpn into our clouds.

xanth超过 6 年前

Having not done any cloud work myself I have no clue how much this would cost, anyone able to give a rough estimate?

评论 #17816084 未加载

verroq超过 6 年前

Not enough people have heard of Outline. <a href="https://getoutline.org/" rel="nofollow">https://getoutline.org/</a>It is a shadowsocks client and even non-technical users can provision VPNs on cloud hosting providers.

评论 #17816244 未加载

评论 #17816297 未加载

mtgx超过 6 年前

IPSEC is broken by (NSA) design. Use Wireguard instead.<a href="https://www.mail-archive.com/cryptography@metzdowd.com/msg12325.html" rel="nofollow">https://www.mail-archive.com/cryptography@metzdowd.com/msg12...</a><a href="https://www.wireguard.com/protocol/" rel="nofollow">https://www.wireguard.com/protocol/</a>

nimbius超过 6 年前

>Algo supports DigitalOcean (most user friendly), Amazon Lightsail, Amazon EC2, Microsoft Azure, Google Compute Engine, Scaleway and OpenStack.four of the seven listed are cloud providers that actively encourage censorship for the sake of their business model. at best, you would be a fool to run a personal VPN on them, at worst the fact that support exists at all could be evidence that this software is in fact worse than openVPN or TOR in that it facilitates an obviously poor implementation.Google and Microsoft both joined the PRISM program in 2009.<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#Media_disclosure_of_PRISM" rel="nofollow">https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#M...</a>

codedokode超过 6 年前

I once wanted to write an Ansible playbook to install VPN on a server but found out that you cannot just pass parameters via command line likeansible setup-vpn 1.2.3.4Ansible expects you to write host address into a file in /etc. So inconvenient. Also, Ansible doesn't support Windows and Cygwin.It turned out it was easier to write instructions into a Bash program. Sadly, it is non-portable and works only with a specific distribution.It is also surprising how many files are there in the repository for a relatively simple task. And how complicated installation process is. In PHP everything would be easier, because you can pack your application into a single phar archive like in Java.They don't support builtin Android client. I remember I installed Strongswan or something like this and it worked with Android out of the box.I wouldn't recommend Digital Ocean. They don't accept virtual debit card (they want a real card so they can charge you whenever they want) and their VPS are too expensive. $5 per month is too expensive when you can find offers as low as 1 euro/month in Europe with pre-paid system.

评论 #17818603 未加载

评论 #17818279 未加载

评论 #17818577 未加载

评论 #17818719 未加载

评论 #17818260 未加载