Why Roll Your Own VPN?
Recent VPN discussions in the media often praised the benefits of a do it yoursel VPN. “The only really secure VPN is the one you roll yourself” is sort of a repeating motive. Algo, an open source project, was mentioned as the most convenient way to roll your own VPN. The idea is that you spin up a new VPS (virtual server in the cloud) and use the Algo set of scripts to quickly roll your own VPN on this new server.
I have decided to put this to test and install Algo on a Digital Ocean VPS (virtual private server). Algo supports 4 different cloud providers: Amazon Web Services, Google Cloud, Microsoft Azure and Digital Ocean.
Why did I choose Digital Ocean? Because unlike the big cloud corporations, it doesn’t charge for the bandwidth and I already use it for hosting this website. It’s also much more user-friendly for spinning up a new server than the more advanced infrastructure services from Amazon or Microsoft. And if you sign up from this link, you receive a free $10 credit – enough to run your own VPN for two months.
Like other cloud providers, it charges you by the hour, so it’s excellent for quick and dirty experiments. The cheapest VPN costs $5 a month, which is less than a cent per hour. Our VPN can certainly run on the cheapest instance, we don’t need extra RAM or disk space.
We are using the Algo deployment guide.
Let’s get to work and start following Algo’s guide. The fascinating thing about Algo is that you don’t have to spin up and configure your own server – Algo does it for you. All the work takes place on your local machine.
I’ve downloaded Algo from the link in the guide, opened the archive and entered into the algo directory in my terminal (on a Mac laptop).
$ python -m ensurepip --user
python -m pip install --user --upgrade virtualenv
After pip and virtualenv Python modules are installed, I paste the command to install all the required modules. All this stuff is related to Python programming language, but you don’t actually have to understand this – just copy and paste commands from the guide.
python -m virtualenv env && source env/bin/activate && python -m pip install -r requirements.txt
This script is downloading and installing a bunch of modules for a few minutes.
Now I’m running the main installation script for Algo.
As mentioned, I’ve chosen to use Digital Ocean as the infrastructure for my VPN server. Google, Microsoft and Amazon cloud infrastructures were also available.
The script asked me to generate an API token on digital ocean, so I’ve done that.
After answering some configuration questions, Algo script is creating a new droplet. It is taking a while, looks like the script is working hard.
And… it’s ready!
Now I have to find the configs directory that Algo script has created and click on my .mobileconfig VPN configuration file.
MacOS imports the VPN settings.
And it automatically connects to the VPN. Let’s test our new IP:
We have a New York IP because that’s the VPS location we have chosen on Digital Ocean.
Less than 30 minutes and I’m connected to my private VPN server in New York state, US.
I’ve expected a more complicated process than that. Kudos to the guys at Trail of Bits who have made it possible!
Is It Easy To Roll Your Own VPN on Digital Ocean?
Overall, for a reasonably technical person it’s easy to set up a VPN using Algo and Digital Ocean in under half an hour.
I didn’t have to do anything complicated besides copy pasting shell commands from a guide and double clicking on the created config file to import the settings into a Mac. It would be just slightly more complicated on a Windows machine, a couple extra steps.
If you’re not comfortable with using the terminal (or the command line in Windows) it is more problematic. I’d recommend to get used to the command line first.
What Are The Cons of Rolling Your Own VPN?
Setting up a personal VPN in the cloud is fantastic. But, for most people it’s not a real substitute for a commercial service, for the following reasons:
Some Technical Knowledge is Required
First of all, basic technical knowledge is needed. The majority of the public wouldn’t be comfortable with using shell commands and following a technical guide. Even though it’s a straightforward setup, it’s still much more complicated than downloading and launching an installer for a commercial VPN service.
No Location Flexibility
When you spin up a new server on Digital Ocean, on Amazon or any other cloud provider, you can choose the server location. East Coast, West Coast, Europe, Asia… Lots of choice, but you can choose only once. In this guide we have set up a VPN server in New York, so we cannot switch to a London or a Singapore location on a whim. We would have to set up a new server for that.
By contrast, when you use a commercial VPN you can switch between dozens of different locations depending on your needs
Commercial VPNs like Perfect Privacy offer blocking of ads, trackers and phishing websites. You cannot get these add-ons with a bare bones setup like performed above.
While a file-sharing friendly VPN providers allow torrenting and other file sharing from most of their locations, you cannot use a Digital Ocean VPS for downloading or sharing copyrighted content. It’s against their terms of service and they will ban your account as soon as any complaint is received, if not sooner.
A commercial VPN’s connection manager will make sure that if VPN connection drops, your real IP doesn’t leak.
Premium VPN providers offer cascaded (or multi-hop) connection, when your traffic is routed through more than one VPN server in different countries. It raises your anonymity online and prevents traffic correlation attacks. Of course this cannot be done here because you run only one server.
With a commercial VPN, your traffic is mixed with other people’s traffic. When you use your own private VPN, everything is easily traceable to the server on which the VPN is hosted. And who has paid for this server? You. So there is no long-term anonymity with a private VPN.
What Are The Benefits Of Rolling Your Own VPN?
There are definitely benefits for running your own private VPN.
While a high-quality VPN service will cost you around $8-$10 monthly, a Digital Ocean VPS costs just $5. And you can use your server for hosting small websites or for any other purpose along with running the VPN through it.
There are also much cheaper VPS providers, starting from $2 a month. Since Algo doesn’t support these cheaper providers, you would have to configure everything by yourself – a more complicated process than the demonstrated setup, but still feasible.
You definitely can run your own VPN on a $2 instance, and if there is demand we will do a guide on it as well.
Since your VPN server is under your control, you can be sure that nobody is logging your traffic. Besides Digital Ocean, the infrastructure operator, of course. If you’re worried about shady VPN operators, running your own private one is definitely an option.
No Sharing With Strangers
On a commercial VPN service you share the endpoint with multiple other users. You don’t know what they’re doing. Even if you don’t do anything wrong, they might break the law which will result in potential seizure of servers and deanonymization of your online activity.
Share With Friends And Family
During the Algo VPN setup, you’re invited to created as many user accounts as you wish. You can easily create accounts for your friends, family and configure your VPN for them. It helps you to raise the privacy awareness of people around you without asking them to pay for a commercial service.
Rolling your own private VPN with Algo on Digital Ocean (or other cloud provider) is simple for a technical person. But in our opinion, it’s not a real substitute for a professional VPN provider. You gain more control over your VPN server but lose a lot of flexibility, features and anonymization (which was the reason to use a VPN in the first place).
However, if you only need to use a VPN for short periods of time and don’t plan to subscribe to a commercial service, having a private VPN comes quite handy.
Have experience with using Algo? Please Share in comments.