It’s worth mentioning that it is not, nor does TrailOfBits pretend, that the goal of this project is privacy; it is security. Algo doesn’t and couldn’t care less about your privacy once you reach the endpoint, only about securing the tunnel.
You shouldn’t use Algo if you are concerned about surveillance from corporations/governments, you should use Algo if you are concerned about surveillance/attacks from your local network or ISP.
Hello, I am the original author of Algo. This is 100% correct and I am glad that people understand the goals of the project. Please use Algo to keep communications secure.
The real quality to discuss is threat models. Even using a public-mix VPN is not going to protect against Klein-style wholesale tapping (due to packet correlation). Using your own VPN to exit will not protect against legal attacks (subscriber info will still be subpoenaed). But either will protect against revealing (to every service you connect to) your roaming between access networks - eg the discovery of who is friends from their connecting to the same WiFi.
(Also, distinguishing between "government" and "commercial" surveillance is a bit of a red herring as well. Much government surveillance is done by the "private" sector, which the government at least then buys fulls access to, if it doesn't constitute a de facto government on its own - eg credit bureaus in the US)
That is the parent comment's point. This will protect you from your local ISP. It will not protect you from the government (or the ISP on the other end of the tunnel).
A VPN does not 'hide' your IP address. It merely changes it.
Where would your VPN be? What makes you think the government doesn't monitor traffic flows there? They don't even need to monitor traffic flows at your home's ISP, since they can see both legs of the connection just by watching the network your VPN server is on.
If you're in a FVEY country, you can't count on any real network metadata privacy protection (against your own country's government) for near-realtime communication. Multiple hops (e.g. tor) makes it more difficult for them, but also makes your internet connection slow and unreliable, and your traffic becomes even higher priority for them to investigate; if they happen to have flow data on each of the nodes you use, you're probably unmasked.
It should be noted that if you've setup Algo already that it now supports WireGuard. The WireGuard Android app (which would be great to verify that it is indeed published by www.wireguard.com) is stupid easy to setup and enable on your device.
Thank you for posting this! I'll be checking this out.
I like how the scope of this project is only about setting up an IPsec server automatically on a Linux box.
Algo and Streisand have too much features, making them unwieldy.
Use Wireguard. It is wonderful and the community is friendly. `wg-quick` is easy to use but if you need it, I believe Streisand supports automatically provisioning a wireguard setup.
I tried using it but unlike IPSEC/SSL VPNs, it doesn't punch through many firewalls.
Not Wireguard fault, but in my case IPSEC worked better. I guess I could encapsulate it, but it's just annoying to do and on some platforms it's just too much trouble.
Algo supports it as well although the docs currently make it sound like it's for Android clients only. But you can grab the generated config (and perhaps add a keepalive line to taste) and use it on other platforms.
Wireguard is awesome, but the kernel module is so far a mess. If you're paranoid I wouldn't rely on it until the code has been cleaned up and perhaps audited.
Having actually looked at the code a bit, it is dramatically cleaner than any other firewall code I’ve ever seen. And the crypto is pretty nicely done, too.
OpenVPN is a mess. IPSEC and basically all implementations thereof are messes.
(As a personal anecdote, have you ever tried to get OpenVPN to do anything remotely sensible with MTUs or MTU-related ICMP errors? You can’t, because every possible configuration gets it at least partially wrong [0]. Wireguard get it entirely correct AFAICT.)
Ordinarily I would appreciate comments calling for an audit of security-critical software, but spoken with such derision and apparently ignorant of the fact that the author audits code for a living I can't get behind. As for "cleaned up", LKML's only objections to it so far are formatting; think variable declarations, line wrapping (or lack thereof), et al.
There is a WireGuard kernel module, and it also seems weird to me to say "This is a mess" when what you actually mean is "Nobody yet knows if it is a mess or not and I have no evidence either way."
Question - are there any guides available to help set up a home-brew router to route all outbound connections through an Algo VPN with exceptions for Netflix/etc.?
I currently have a pfSense router set up with Algo, but I have to disable the IPSec policy whenever I want to use Netflix. (Discussion here: https://github.com/trailofbits/algo/issues/292 - see comments near the bottom.)
I actually tried running Algo through Azure and Microsoft terminated my Azure account citing I was breaking Terms of Service. I had hosted Algo for all of two and a half days before the takedown.
Not sure if anyone else has had luck - that was all I was using Azure for was to test Algo out so had nothing else running on Azure at the time. I also ran into a few snags trying to deplay Algo onto Azure so haven't bothered trying to set it up elsewhere. My goal of the VPN was to get a JP address as a few sites I browse are easier to browse with a JP address (eg: I don't get forced bad English translations with no way to toggle to the JP version of the site because I'm coming from an American IP...)
We have many successful reports of using Azure for AlgoVPN. I would appreciate it very much if you could file an issue and include the full details of what happened, including any communications you received from Microsoft (https://github.com/trailofbits/algo/issues/new). I have contacts at Azure that I can escalate this issue to directly.
I don't tend to hold onto email as I don't really care for or value them; especially not emails saying my account has been terminated. Those are more of a delete and move on with my life kind of notice. I ended up getting an email from a rep. asking how my experience was and either two or three (I think it was two) calls to speak with me. A funny left-hand not speaking to the right-hand scenario where customer reps tried to salvage a client even though the client had been terminated by the service.
Thanks for extending a hand. I'll look for the email tomorrow - and if found - I'll open an issue. Though if you don't hear from me, it's because the email in all likelihood was deleted shortly after getting it. My use wasn't critical need, so I didn't particularly care to deal with the headache of getting things sorted.
I have been running my algo VM (with wireguard) in Azure for 2-3 months now without issue. For me it is nice because there is an Azure region pretty close to me so I don't take a _huge_ hit traversing the country.
I do work at MSFT but my algo VM is inside of my personal account.
Given this post's HN commentary is full of seemingly well-informed perspectives on the relative merits of several VPN service providers and software packages can anyone comment on Private Tunnel? I've been using it for years, having paid something like $20 for 100GB. No complaints, but interested in expert opinion / insights regarding privacy and security. Thanks!
My choice is typically between "should I use a hosted provider" vs "should I host my own." IMHO there is not a vast amount of difference between hosted VPN providers. They all suffer from generally the same issues.
Here are some reasons you might want to self-host:
What is the best way to have a VPN in each continent (apart from the obvious option to have an instance in each region)? I used to pay for a commercial service, but I lost this functionality when I switched to a self-hosted solution.
I prefer this feature since I travel a lot and would like to have lower latency wherever I am.
What is wrong with purchasing a VPN that is made to provide this functionality on the cheap? i don't get why everybody has to try do it themselves. If you're worrying about tainted IPs, pay a little more for a VPN that logs. All good VPNs support connecting via openVPN at this point.
Perhaps? If you’re using a VPN to protect your internet traffic from being sold to ad companies, probably. The VPN industry has become a racket full of affiliate schemes that push people towards plans and services that don’t necessarily act in the user’s best interest. Figuring out the food from the bad can be difficult. And I’ve seen some services that when audited use outdated or insecure stacks.
Of course, if you’re using a VPN to try to protect your browsing activity from authorities, obviously a major cloud provider may be more willing to turn your info over to someone else.
I've been using VPN services for over a decade. In my opinion, the most privacy friendly are AirVPN, Insorg, IVPN, Mullvad, Private Internet Access and Riseup. To my knowledge, HideMyAss, EarthVPN, IPVanish, PureVPN and WANSecurity have violated their users' privacy. For the most part, by sharing logs with investigators. Prudent providers make damn sure not to have any logs that could be seized.
Well, I will not advocate for any big brand here but it is also true that hidemyass, IPvanish, Purevpn has more than 50% total share of VPN users and indeed its true that new VPN services especially Private Internet Access is going great. I recently read some review of them at Bestvpn.co.
Trustworthy? I could go either way, depending on particular scenario.
Usable? Infinitely. I've noticed quite a few web sites and services putting obnoxious blocks or filters or other impediments against users coming from "widely-known" VPN and VPS provider IP addresses. But few seem to bother with Microsoft or Amazon IPs.
So for something that has the purpose of either getting me out from behind a restrictive network or wrapping my traffic on an insecure network, a VPN to an Azure- or EC2-provisioned virtual machine works just fine.
I have a Streisand [1] server on a Digital Ocean droplet, and I do run into the occasional Cloudflare: blocked or extra-aggressive captcha when I am routed through it.
Serious question, are there any professional VPN companies? Dont most VPN companies depend on cloud providers for many locations too. Most VPN companies have had serious screw ups in the past. PureVPN - disable all encryption by default for performance on their Windows client - for example. StrongVPN I recall logging. Other popular ones recur billing at top whack after a year and refusing refund. Overloaded servers, port blocking and so on.
It depends what you want. If you're trying to obtain some degree of anonymity, then a personal VPN server is obviously much worse, since you'll be a using a dedicated IP address just for you, instead of sharing a public one.
But if you just want to secure your data from an untrustworthy local network, it's a reasonable choice. You're less likely to be flagged as connecting from a "bad" IP.
You can have both. Mirimir reaches the Internet using a nested chain of three VPN services. The last being IVPN, given that I work for them. But then I use private VPNs on VPS when I need to pretend that I'm not using a VPN.
It depends. Some VPN services will go out of their way to protect users' privacy. Because it's a moral issue for them. Or because they value their reputation. Others will sell you out, to avoid penalties and costs. And the same is true for cloud providers.
I don't know. I briefly used IPsec when I stopped using OpenVPN and I was looking for alternatives. The setup for IPsec on the server was slightly annoying. I used a Github project that sets up everything for me but the script didn't do everything.
And I have observed(from just using IPsec and wireguard on my phone) that wireguard is quite good(maybe even better) than IPsec at not annihilating internet bandwidth.
It's not a Google project, it's a Jigsaw project. There's a huge difference, since one is run with extremely low resources and employees between the entities are not shared. Don't trust code that comes from Jigsaw. In my experience, it's all been haphazardly thrown together for a proof of concept and media coverage, not production quality software that people should use.
Outline is a security disaster, and I strongly recommend against using it.
- Shadowsocks is not a VPN, it's a per-application SOCKS proxy. What has Jigsaw done to ensure that packets don't leak outside of the tunnel? All UDP traffic leaks, so it looks like they did nothing! https://github.com/shadowsocks/shadowsocks-rust/issues/78
- Shadowsocks is dangerously full of bad configuration options to avoid. Did Jigsaw avoid all of them when it built Outline? Their copy of shadowsocks appears to use an unauthenticated CFB mode by default (https://github.com/Jigsaw-Code/outline-server/blob/d8cb1575d...), but then this setting is overridden elsewhere. Good luck checking all the rest.
- They enabled an automated update system they called "Watchtower." Is this safe to use? Who controls the keys? When are updates pushed out? How would it react to a subpoena?
- The setup process is bonkers. Outline has an Electron app that builds a cloud server, authenticates to it over a random port, then somehow bootstraps encrypted communication with a self-signed certificate. I haven't had time to review the process in all its detail but what the hell? The certificate does not even appear pinned correctly: https://github.com/Jigsaw-Code/outline-server/blob/d8cb1575d...
- Jigsaw did not pay for a reputable security review of the code. This security review is one of the worst, possibly THE worst, that I have ever read. It looks like shadowsocks was in scope at first, but then eliminated from scope. There's some weird fascination with parsing bugs in local configuration files. I don't know what's going on here, but it's a waste of paper: https://s3.amazonaws.com/outline-vpn/static_downloads/ros-re...
Jigsaw is advertising this as a method to keep high-risk journalists safe and it's likely to get someone killed (https://medium.com/jigsaw/introducing-outline-making-it-safe...). They are conflating two different use cases: Outline may be acceptable for bypassing censorship (low-risk, where success is immediately visible), but it is wholly unacceptable for protecting the safety or anonymity of speech online (which carries the risk of an invisible and potentially fatal failure in a hundred different ways if traffic can be inspected or even just attributed to a person).
tl;dr Outline is a flaming pile of garbage. Stop recommending it.
>Outline is a security disaster, and I strongly recommend against using it.
>- Shadowsocks is not a VPN, it's a per-application SOCKS proxy. What has Jigsaw done to ensure that packets don't leak outside of the tunnel? All UDP traffic leaks, so it looks like they did nothing! >https://github.com/shadowsocks/shadowsocks-rust/issues/78
UDP seems to work properly with Outline without any issues. SOCKS proxies does allow UDP to be proxied.
>Shadowsocks is dangerously full of bad configuration options to avoid. Did Jigsaw avoid all of them when it built Outline? Their copy of shadowsocks appears to use an unauthenticated CFB mode by default (https://github.com/Jigsaw-Code/outline-server/blob/d8cb1575d...), but then this setting is overridden elsewhere. Good luck checking all the rest.
How can CBF mode by "unauthenticated"? What does that even mean?
>They enabled an automated update system they called "Watchtower." Is this safe to use? Who controls the keys? When are updates pushed out? How would it react to a subpoena?
Shadowsocks is/was written in Python. The CVEs you have linked affect the Python version only. There is however a much cleaner C version.
If you'd read the spec, the crypto makes perfect sense, as pointed out by the stack exchange post, the lack of a PDF on the password is probably the only weakpoint.
>The setup process is bonkers. Outline has an Electron app that builds a cloud server, authenticates to it over a random port, then somehow bootstraps encrypted communication with a self-signed certificate. I haven't had time to review the process in all its detail but what the hell? The certificate does not even appear pinned correctly: https://github.com/Jigsaw-Code/outline-server/blob/d8cb1575d....
>Jigsaw did not pay for a reputable security review of the code. This security review is one of the worst, possibly THE worst, that I have ever read. It looks like shadowsocks was in scope at first, but then eliminated from scope. There's some weird fascination with parsing bugs in local configuration files. I don't know what's going on here, but it's a waste of paper: https://s3.amazonaws.com/outline-vpn/static_downloads/ros-re....
>Jigsaw is advertising this as a method to keep high-risk journalists safe and it's likely to get someone killed (https://medium.com/jigsaw/introducing-outline-making-it-safe...). They are conflating two different use cases: Outline may be acceptable for bypassing censorship (low-risk, where success is immediately visible), but it is wholly unacceptable for protecting the safety or anonymity of speech online (which carries the risk of an invisible and potentially fatal failure in a hundred different ways if traffic can be inspected or even just attributed to a person).
In a reply to a thread where it's about a easy to set up VPN, I think it is perfectly acceptable.
>tl;dr Outline is a flaming pile of garbage. Stop recommending it.
Outline is a fine iOS app that let's you connect to a shadowsocks server as a easy to use VPN. I can't speak for anything else.
>Algo supports DigitalOcean (most user friendly), Amazon Lightsail, Amazon EC2, Microsoft Azure, Google Compute Engine, Scaleway and OpenStack.
four of the seven listed are cloud providers that actively encourage censorship for the sake of their business model. at best, you would be a fool to run a personal VPN on them, at worst the fact that support exists at all could be evidence that this software is in fact worse than openVPN or TOR in that it facilitates an obviously poor implementation.
Google and Microsoft both joined the PRISM program in 2009.
I once wanted to write an Ansible playbook to install VPN on a server but found out that you cannot just pass parameters via command line like
ansible setup-vpn 1.2.3.4
Ansible expects you to write host address into a file in /etc. So inconvenient. Also, Ansible doesn't support Windows and Cygwin.
It turned out it was easier to write instructions into a Bash program. Sadly, it is non-portable and works only with a specific distribution.
It is also surprising how many files are there in the repository for a relatively simple task. And how complicated installation process is. In PHP everything would be easier, because you can pack your application into a single phar archive like in Java.
They don't support builtin Android client. I remember I installed Strongswan or something like this and it worked with Android out of the box.
I wouldn't recommend Digital Ocean. They don't accept virtual debit card (they want a real card so they can charge you whenever they want) and their VPS are too expensive. $5 per month is too expensive when you can find offers as low as 1 euro/month in Europe with pre-paid system.
>Ansible expects you to write host address into a file in /etc. So inconvenient.
When I was first learning ansible, I was very frustrated about things like this. I came to learn, though, that it is very flexible, and this behavior, as well as other weirdness is completely overrideable.
Two ways to override this behavior, with the inventory.ini file in the same directory as the project:
1) ansible.cfg in the project directory that points to the inventory file (you can also override other default behaviors using this file.)
2) pass in a -i argument with the path to the file.
I usually just go with option 1, because I like overriding many of the default behaviors (like making cowsay random, or turning it off sometimes), or setting up my ansible vault.
Aruba has 1-dollar tiny VPS which could be enough for a VPN server, don't know about their performance though. Vps.ag offers 3 euro instances. Both of them use pre-paid payments and accept virtual cards.
I recommend checking what VPS technology is used. If it is OpenVZ or similar then you won't be able to edit iptables config, load kernel modules, setup ipsec. Because OpenVZ is more like a userspace container rather than a virtual machine. KVM, XEN, VMWare work fine.
You shouldn’t use Algo if you are concerned about surveillance from corporations/governments, you should use Algo if you are concerned about surveillance/attacks from your local network or ISP.