Tutorial: Create a Personal VPN Server with Amazon EC2
This is a completely apolitical post. The following is a revamp of a tutorial I had previously put together on setting up a personal VPN server. The primary use of such a server is to protect your data when only insecure public wi-fi access points are available, e.g. at a conference.
First, you will need to create an account with Amazon Web Services at aws.amazon.com. Once you have an account, log in and select EC2 from the services menu. Click "Launch Instance" and then continue with the "Classic Wizard." Create your new instance using the Ubuntu AMI. Create and download a key file—you will need this to log in—and set your security group settings. At this time, it is easiest to simply allow All TCP, All UDP, and All ICMP.
Once you have completed the wizard, open terminal and navigate to the folder containing your key file with the following code:
cd /PATH/TO/KEYFILE/FOLDER
Use the following command to change the permissions to read-only and limit access to the local machine.
chmod 400 KEYFILE-NAME.pem
Head back to your browser, select "instance actions" and click connect. A window will pop up with connection details. Make sure to select connect with a standalone client, and copy the code snippet. It should look something like this:
ssh -i vpn-demo.pem root@ec2-54-242-50-114.compute-1.amazonaws.com
You will need to change the username from root to ubuntu:
ssh -i vpn-demo.pem ubuntu@ec2-54-242-50-114.compute-1.amazonaws.com
Once connected, you will likely be presented with an error message informing you the identity of the server cannot be verified. Type "yes" to add the server key to your list of known hosts.
To install the pptp server software, use the following command"
sudo apt-get install pptpd
Next, we need to edit a number of settings files:
sudo pico /etc/pptpd.conf
Uncomment the "remote ip" and "local ip" lines by deleting the "#" in front of them, and change the "local ip" to the private ip listed in the instance details on your AWS account.
sudo pico /etc/ppp/pptpd-options
Uncomment the two "ms-dns" lines and change the ip addresses to 208.67.222.222 and 208.67.220.220.
sudo pico /etc/sysctl.conf
Uncomment the line "net.ipv4.ip_forward=1".
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo pico /etc/rc.local
Paste "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" into the file above the "exit 0" line.
sudo pico /etc/ppp/chap-secrets
"Client" is the username you would like to use. "Server" should be "pptpd". "Secret" is the password you would like to use to connect, and ip addresses should be "*" to allow connections from any network.
Restart the pptp server and the virtual server:
/etc/init.d/pptpd restart sudo reboot
While the server reboots, enter your connection details in your VPN client. Your server setting should be your public DNS value from the instance details in your AWS account. Your username and password are the values set in "chap-secrets." Once your details are entered, and the server has rebooted, you will be able to connect and reroute your internet traffic through a secure tunnel.