This is proved to work in China behind the GFW even if its blocked you just need to run algo one more time and you have a new VPN server in minutes.
I'm using Windows 10 Windows Subsystem Linux (WSL) Ubuntu 20.04 its easier since everything is native to run in linux so head up to Microsoft Store download it and install it ( I will not cover that part) , wireguard 0.1.1, PiHole 5.0.
1. First you need to create an account in Digital Ocean (These guys are a Cloud Service Provider) they rock with the cheapest and easier to setup VPS (Virtual Private Server) basically a Virtual Machine in the cloud with public IP for 5$ yes, 5 bucks monthly!! In here they call the VPS, Droplets. 2. Once your account is set you head over to the last part of the left hand menu that says API, here you will generate an API token( a key used later for your Algo server deployment). Generate a token and copy it somewhere like notepad. 3. Open the WSL window ( I'm using Mobaxterm since is easier to for my work) but WSL window from the start menu will do ok. 4. Update the WSL run the following command: sudo apt-get update && sudo apt-get upgrade -y 5. In WSL Connect and download to Algo Github repositories run the following command: sudo git clone https://github.com/trailofbits/algo.git this will create a directory in your PC called algo inside the WSL file system. Located in \\wsl$\Ubuntu-20.04\home\user\algo (you need to replace user with the name of your user of your PC). 6. In WSL Install Algo Core dependencies run the following command: sudo apt install -y python3-virtualenv 7. Inside the WSL change directory run the following command: cd algo 8. Inside the WSL Install Algo remaining dependencies run the following command: python3 -m virtualenv --python="$(command -v python3)" .env && source .env/bin/activate && python3 -m pip install -U pip virtualenv && python3 -m pip install -r requirements.txt 9. Modify Algo files Go to your windows explorer and put this in the navigation bar \\wsl$ this is the folder where your WSL is stored. • Open \\wsl$\Ubuntu-20.04\home\mario\algo and search for the file config.cfg open it with notepad and change the following. Configure users and local DNSs • At the top, change or add the - users Laptop and Jack to whatever you want, and add more if you need. Inside the file • change dns_encryption: true to false • change dns_servers 184.108.40.206 to 10.19.49.1 , 127.0.0.1 and Change IPv6 servers to - 0:0:0:0:0:0:0:1 remove the rest • change the following: this will allow to have all your devices connected to the VPN to see each other like a LAN if you want, if not don't change it and it device will work isolated as well as your Algo server (i.e. the "road warrior" setup). • # Block traffic between connected client BetweenClients_DROP: false • # Block SMB/CIFS traffic block_smb: false • # Block NETBIOS traffic block_netbios: false 10. Return to WSL in algo directory: now Run the algo script with the following command: ./algo 11. Choose option 1. DigitalOcean 12. Set a name for your server: something like vpnalgopihole 13. Say Yes to the next 2 questions, this will allow Apple devices to connect on demand basically will put a button in their devices to switch on and off the VPN 14. Don’t write anything in the next question, unnecessary config for most of the users and press enter. 15. The next question is about the PKI keys , to this say yes is a key just in case you need to change anything but in my experience is easier to startover with a new droplet. 16. Next question is about DNS blocking this says: NO 17. Next question is about SSH, say no you don’t need your users to log in your server, ever. 18. Wait, wait, continue waiting….. 19. Now you will use the API code we got from the DigitalOcean page (yes, the one you put in notepad), copy it and then do right click in the WSL console it will not show anything since is a security feature just right-click it there and press enter, trust me. 20. In the next option Choose your region that is close to you. Ex. NYC1 if you are in America or AMS if you are in europe, etc. this will depend of what you need the VPN for. 21. More waiting, wait, continue waiting….. A lot of waiting….. Here algo is setting up your server in Digital Ocean, continue waiting… 22. When algo finished copy this to a notepad and save it we will use it in a second: It will give you something like this: "# Congratulations! #" "# Your Algo server is running. #" "# Config files and certificates are in the ./configs/ directory. #" "# Go to https://whoer.net/ after connecting #" "# and ensure that all your traffic passes through the VPN. #" "# Local DNS resolver xxx.xxx.xxx.xxx #" "# The p12 and SSH keys password for new users is XXXXXXXX #" "# The CA key password is XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX #" "# Shell access: ssh -F configs//ssh_config #" this line goes in the next step. 23. Now we need to log in the Droplet that contains Algo in Digital Ocean: • There are many ways to do this but it took me a while to find the easy way do it: in the WSL run the following command (the one up there in the previous step): ssh -F configs/x.x.x.x/ssh_config vpnalgopihole 24. Will ask you something about the security and keys, say yes: we don’t care… 25. In WSL run the following command: ip a && ip r this will give you the interfaces that are connected to your server make a screenshot you will need it for the next part. Do it don’t be lazy its needed!!. 26. Now we are done with Algo VPN server but we want add some more DNS sauce to it, so we will install PiHole now go and run the following command: • sudo su ( you need to run the next command as root so we change to root here ) • sudo curl -sSL https://install.pi-hole.net | bash • Press OK enter • Press OK enter • Press OK enter • Now change the option from eth0 to wg0 • Choose Cloudflare from the list and press OK • Press OK enter • Press OK enter • When you reach this point where it ask for the Static IP say NO and enter • Now put the wg0 IP address that is in the screenshot you took earlier ( told you to save it) should look something like 10.19.49.1/24 enter • Now in IPV4 gateway we will use the Droplet public IP (that eth0 IP in the screenshot that you took earlier) • Press OK enter • Press OK enter • Press OK enter • Press OK enter • Press OK enter • Press OK enter • Press OK enter • Now we wait and wait • Now take another screenshot of the installation complete this contains your pihole password, so better to do it. 27. Add the below lines to iptables, run the following command: sudo nano /etc/iptables/rules.v4 • Change the line that says: # Accept DNS traffic to the local DNS resolver -A INPUT -d xxx.xxx.xxx.xxx -p udp --dport 53 -j ACCEPT To -A INPUT -d 10.19.49.1 -p udp --dport 53 -j ACCEPT • Go to the bottom of the file before COMMIT and add the following: # Accept DNS traffic to the PiHole resolver web interface -A INPUT -d 10.19.49.1 -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 4711:4720 -j ACCEPT Once changed press CTRL + O enter to save changes and CTRL + X to exit 28. Reload the iptables run the following comman: sudo dpkg-reconfigure iptables-persistent • Say yes and yes 29. Now we are in your server Head to the file /etc/ipsec.conf , run the following command: sudo nano /etc/ipsec.conf • Change the entry (this should have been done automatically but worth check it) rightdns=127.0.0.1 to rightdns=10.19.49.1, 127.0.0.1, 0:0:0:0:0:0:01 Once changed press CTRL + O enter to save changes and CTRL + X to exit 30. Now reboot your server with the following command: Sudo reboot 31. Configure your VPN clients now: • Download the wireguard client for PC, android, Mac, IOS etc… Remember this config will only work properly for the wireguard network (so use the wireguard clients).
That's it you should be able to have your devices secure and without tracking, I will suggest you personalize your adlists and use Google and Cloudflare DNS services. This you will have to play with the pihole in the webgui.
credits for the help to: https://www.reddit.com/pihole/comments/9545nj/howto_pihole_algovpn_optionally_using_domain_name/ https://www.reddit.com/pihole/comments/a8mjp5/successfully_integrating_algovpn_and_pihole/ https://www.reddit.com/pihole/comments/9545nj/howto_pihole_algovpn_optionally_using_domain_name/ https://www.reddit.com/pihole/comments/a7922z/problems_hooking_up_wireguard_to_pihole/ec5nyle/?context=1 https://github.com/trailofbits/algo/issues/1132