The CryptoLab Blog

Algo VPN – Create Your Own – Install Algo Server

The video below shows you how to install your Algo VPN on your Linux Server.

https://github.com/trailofbits/algo

0:06 Hi, everyone, today. I'll be setting up an algo VPN server. 0:12 It's pretty much a disposable server that's fai...

0:06
Hi, everyone, today. I'll be setting up an algo VPN server.
0:12
It's pretty much a disposable server that's fairly easy to setup.
0:16
The original length of this video is about 45 minutes, some of the, the examples I've sped up.
0:23
So you don't have to sit there and just watch the screen scroll by to, to follow this installation, You're going to need to have a Linux server available to you.
0:32
In the prior video, I showed you how to set up an account at Le Node, which then you can use as a yeah, you know, as the server that we'll be working on today. Let's start off first by logging into the server, I'll show you that in just a second.
0:51
And just going through this, I'll be using some Linux jargon that you may or may not use.
0:57
I'm also going to be doing a custom install, and I'll be adding some commands and some options features that I came up with to, know, cut down on the logging, and just do some standard security features that you should do if you're using Linux.
1:18
You'll be able to find the notes that I'm following below. You'll also find an Excel template that I've used to create. And you'll know more about that when we talk about the the Excel template that I use for creating VPN usernames further on in the video. But let's get started by logging into our server via SSH right now.
1:43
There are some things that I won't be covering today, that are just your basic run of the mill ways to get around on a Linux server or on your operating system. Those you're going to have to do on your own, for example, open up a Terminal window. We'll start off with what you see right in front of you, that's my terminal window running on my Mac, And this will allow me to login to the Linux server, and so let's start off by typing in the command to get into the server.
2:43
Most of the commands that I'm using are, you are in the setup guide, and he will just do a copy and paste this one. It will upgrade your operating system that you've just installed, making sure you have the latest and greatest you run through the process. This one is in real time.
3:03
And you just want to say yes, to whatever updates, so that you have the latest and greatest running on.
3:11
You're your server.
3:14
Some of it may take a while. Some of that may be pretty quick.
3:17
It just depends on what you have, what you're running on, what operating system you're running this on.
3:23
This is a boo, too.
3:26
It's 18.04 LTS bionic Beaver.
3:31
The next command we're running will basically stop all logging on the operating system level, as compared to on the oligos Server.
3:41
So, you definitely want to make sure that you run that in their documentation, doesn't tell you you should do that. But kinda going back and best practices, this is what you definitely should run.
3:55
This next command, we're going to be adding a user. It's important to, you can install everything at the root user level, but you definitely want to stop the root user from being able to login. And that's why we're going to add a separate user, will add, this user will add a password. You'll see, We'll just go through and say yes to everything else, that's kinda just a Linux legacy for A user. And then we'll go in, later on at the end, and we will not allow the root pass the root user to login to the server. And that's for security purposes.
4:40
The next command you see will basically be adding the user, that you just added, sudo permissions, which basically you will allow this user to use root access when they login.
4:54
That's important for making changes in the future.
5:05
This next command, basically, is telling the server to go out and get a copy of the algo server from the URL provided. And as you can see, I did it incorrectly. I took the whole line instead of just the git clone.
5:21
I included the get, so what I can do is delete.
5:27
They get, and we'll do that again, and we'll go through and it will download the latest version.
5:39
The next few commands that you see are basically just telling the operating system to go out and get the latest version of Python Making sure that it's updated, doing some commands that are required by the algo server, and it's basically you don't need to know these, you just need to follow their directions from this point on.
7:17
K, now it looks like everything is updated. And what we're going to do is go into the config file and make the changes that are documented. It's basically nano command that I use. We'll go into the config. We will change the users. This is where having the Excel template comes in handy. I basically create a set of user names that I want and just add a numeric character at the end and create up to 250 users.
7:49
Right now, I totally create about 100. I don't think I'm going to need any more than that. So right now, I'm going ahead and doing a copy from the Excel spreadsheet, and I'll paste it right into here, into this terminal window. And it will bring all the usernames over that I will be creating, and thus pulling off the server later on, and giving to people that I want to have access to this algo server.
8:13
So here we go, do a paste.
8:17
Other's names came in, then we're going to go down and we're going to make a couple of changes to the algo server itself.
8:24
The first one, we'll be adding, let's see, let's go down.
8:34
Keep going.
8:38
It's going to be the unintended reboot.
8:41
I always say true, because I want the August server to get the latest and greatest as soon as it can, so there we go. Right. Now, it says False.
8:51
We're going to turn to True, and it will try to sync up every day at six AM, whatever, wherever your server is, and it will get the latest software, and then it'll do a reboot. You make an e-mail from Lenovo saying, hey, your server just rebooted. It's because it was getting the latest and greatest software.
9:12
And the strong, suan log level, we're going to do to a , and that will cause no logs to be created.
9:22
Definitely want that.
9:24
That way, there are zero logs, just like everybody else promise's you, but you know for sure that you don't, because you're not enabling them.
9:35
This next command is basically starting the process of your alga server being built.
9:41
I will go through and take the command, and we'll start the process.
9:50
There, we have an error, I've done this many times. There are a couple things that you should know that they really don't document that well, but I found out, the first is, you do not want to have a dash in your usernames. The second part is you need to start at the same spot for everybody. So we're gonna delete those spaces out. We're gonna go ahead and save the config file, and we're gonna run it again. So do not add dashes in the name.
10:20
There can only be a dash on the left side of the name, which basically signifies that's a new username, we're gonna run the command again.
10:31
And this is where it just starts. There are a couple of things that, you definitely want to change The first one will be, you have to let it know what type of server. This is a standalone server.
10:43
We're going to choose number 11 we're going to say no, the capital N basically means if you just hit return, that will be the default. We're just going to go through and say no to all of these.
10:56
And the only thing that we're really going to want to do is, when we see it, and this is in the documentation, too, you're going to want to put the real IP address.
11:10
in not this one. This is going to be local host.
11:28
The next one is where you're going to want to put the real IP address of the server itself. This will basically lock it in place, and you won't be able to change that later.
11:42
When she got that IP address, and you hit return, in there, it's just going to go through. This literally is the longest part of the installed, depending on how many users you're creating, it's just gonna go through and and create all of those, and do the things that it needs to do to create the algo server lock some security features and button it all up on how they have the algo server written. So I've sped this up by 20 times. So this one definitely takes much longer in real life than it does in this video.
12:44
Yeah.
13:03
Once you've come to this part of the install, you're pretty much done. Congratulations.
13:09
And we can then pull the profile's off the server, and we can get them into Wire Guard on the servers sorry, and the computers that we need.
13:25
You can do the next and command line. I'm just going to cheat. And I'm going to do it through, basically, an FTP app that I use.
13:33
And we're going to go in and download, basically, the profile files that you need to use to enable your VPN on each computer that you want to use, and you will see the login, you go into the algo server, you'll go down into configs.
13:53
Into note into that, your IP then wire guard, and you're going to pull all those config files.
14:01
There are two config files for each login.
14:05
one is Account file, which are used for your desktops. And the other is the PNG file which you use for anything that has a camera, like an iPad, and Android and i-phone. And when you have those, you just take a picture, and it pulls the information, and that needs to, to configure for the VPN connection.
14:35
Now that we have everything installed, we have the config files off. What we need to do is one final step, which is basically to shut out the root user into being able to access the server. So, you can kind of follow along on the screen, anybody that knows how to do it, Yo, You're good to go. I just thought I'd add this because you definitely do not want the root user to be able to have access to the server most of the time, when someone tries to hack into a server. They use the username route because that's installed every time.
15:11
So, go ahead and just follow these examples, and you'll see that we're locking out the root admin, and then we're trying to log back in later on in the video to show you that you can't login.
15:29
Yeah.

 

The templates referred to can be found below. I have included both Word/Excel and Pages/Numbers.

To learn more about copying files via SSH read this document.

Notes Post Video:

I’ve made quite a few changes that I would like to include with the information above. I will do so when I have time, but here are a few notes

  1. I now include Ad Blocking in the initial install. I also include a URL which I control so I can add anything I want without too much of a bother.
  2. I use Quad9 for initial DNS setting – Why Quad9? and How Update Your Algo

 

Leave a comment

Other Posts You Might Enjoy

BCH Fork 2020

Bitcoin Cash Fork, 15 November 2020: What it Means for You Bitcoin Cash will hard fork on November 15 2020 around 12:00 pm UTC as

Read More »