AlgoVPN Setup Guide

# Setting Up a Private VPN with AlgoVPN on AWS

This in-depth guide will walk you step-by-step through setting up your own secure, private VPN using AlgoVPN, hosted on Amazon Web Services (AWS). Algo is a lightweight, self-hosted VPN setup that uses modern protocols like WireGuard and IPSec. You’ll use a Linux-compatible machine (or Windows with WSL) to run the installer locally, which will provision a cloud instance for you.

---

## Prerequisites

- A Linux-compatible system (Ubuntu, macOS, or Windows with WSL)
- An AWS account
- Admin privileges on your local machine
- Basic knowledge of terminal commands
- Git, Python 3, and virtualenv installed or ready to be installed

---

## Step 1: Set Up an AWS Account

1. Visit [https://aws.amazon.com](https://aws.amazon.com) and click **Create an AWS Account**.
2. Complete the sign-up steps:
   - Enter your email and choose a secure password
   - Choose an account name
   - Add payment information (a free tier is available but AWS still requires a card)
   - Verify your identity with a phone number and code
   - Choose a support plan (select **Basic**)

3. Once inside the AWS Console, set up an IAM user:
   - Navigate to the **IAM** service (search for IAM at the top bar)
   - Click **Users > Add users**
   - Enter a username (e.g., `algovpn-user`) and check **Programmatic access**
   - Click **Next: Permissions**
   - Choose **Attach existing policies directly**, and check **AmazonEC2FullAccess**
   - Complete the wizard and download the Access Key ID and Secret Access Key (you'll need these later)

---

## Step 2: Prepare Your Local System

### Option A: Ubuntu/Linux/macOS

Open your terminal and proceed with the following steps.

### Option B: Windows with WSL

1. Open PowerShell as Administrator and install WSL:
   ```powershell
   wsl --install
   ```
2. Restart your computer.
3. Open the Microsoft Store and install **Ubuntu 22.04 LTS** (or similar).
4. Launch Ubuntu from the Start Menu.

---

## Step 3: Install Required Packages

Run these commands one at a time in your terminal:

```bash
sudo apt update && sudo apt upgrade -y
sudo apt install -y git python3 python3-pip python3-venv build-essential libssl-dev libffi-dev python3-dev
```

Explanation:
- `git` is needed to clone the Algo repository
- `python3-venv` and related packages are needed for Python virtual environments and Algo's dependencies

---

## Step 4: Clone the AlgoVPN Repository

```bash
git clone https://github.com/trailofbits/algo.git
cd algo
```

This downloads the Algo installer and places you into its directory.

---

## Step 5: Set Up the Python Virtual Environment

Create and activate a virtual environment to isolate dependencies:

```bash
python3 -m venv env
source env/bin/activate
```

Now install Algo's Python dependencies:

```bash
python3 -m pip install -U pip
python3 -m pip install -r requirements.txt
```

If you encounter any errors, double-check that you installed all the required build packages (`build-essential`, `libffi-dev`, etc.).

---

## Step 6: Run the AlgoVPN Wizard

With everything in place, start the interactive setup process:

```bash
./algo
```

You'll be prompted through a series of questions:

1. **Choose a cloud provider**:
   - Type: `1` for Amazon EC2

2. **Enter your AWS Access Key ID** and press Enter
3. **Enter your AWS Secret Access Key** and press Enter
4. **Region selection**:
   - Choose a region closest to you (e.g., `us-east-1`, `us-west-2`)

5. **Usernames for VPN users**:
   - Enter a list of usernames or email addresses. These will generate separate config files (e.g., `john`, `sarah@home.com`)

6. **VPN settings**:
   - Choose whether to enable ad blocking (recommended: `yes`)
   - DNS encryption: optional, can be enabled if desired
   - Let Algo provision the instance and configure everything

The script will:
- Launch an EC2 instance
- Install WireGuard and IPSec
- Generate configuration files
- Shut down SSH and secure the server

This may take 5–10 minutes.

---

## Step 7: Retrieve Configuration Files

Once complete, you’ll find a new folder inside `algo/` with your configuration files:

```bash
ls
```

Look for a folder like `deploy-config`, which contains:
- `.mobileconfig` files for iOS/macOS
- `.conf` files for WireGuard (Linux, Android, Windows)
- A `wireguard/` folder with public keys and peer configs

To transfer a file to your phone:
- Use AirDrop (macOS/iOS)
- Email yourself the config (use secure mail)
- Use SCP or a cloud service (if using Android or Windows)

---

## Step 8: Connect Your Devices

### iOS/macOS
- Open the `.mobileconfig` file on your iPhone or Mac
- Follow the prompt to install a VPN profile

### Android
- Install the **WireGuard** app
- Import the `.conf` file generated by Algo

### Windows
- Install **WireGuard for Windows**
- Import the `.conf` file

---

## Step 9: Manage the EC2 Instance

1. Log in to AWS Console > EC2 > Instances
2. Tag or rename your instance (optional)
3. Stop the instance when not in use to save costs
4. Delete the instance if you're no longer using it

---

## Extra Tips

- Run `./algo` again anytime you want to add new users or deploy to another region
- To regenerate keys, delete the EC2 instance and re-run Algo
- If using a dynamic IP locally, make sure to always use the latest config file

---

## Troubleshooting

- **Permission denied errors** – make sure you're in the Algo directory and have execute permissions:
  ```bash
  chmod +x algo
  ```
- **AWS API errors** – verify your keys and IAM permissions
- **Missing dependencies** – double-check you've installed all Python build tools and libraries

---

Congratulations! You've deployed your own private VPN using Algo and AWS. It's fast, lightweight, and yours alone.