ErikSoderstrom.com

Share this post

Tutorial: Create a Personal VPN Server with Amazon EC2

www.eriksoderstrom.com

Tutorial: Create a Personal VPN Server with Amazon EC2

Erik
Nov 18, 2012
Share this post

Tutorial: Create a Personal VPN Server with Amazon EC2

www.eriksoderstrom.com

This is a completely apolitical post. The following is a revamp of a tutorial I had previously put together on setting up a personal VPN server. The primary use of such a server is to protect your data when only insecure public wi-fi access points are available, e.g. at a conference.

First, you will need to create an account with Amazon Web Services at aws.amazon.com. Once you have an account, log in and select EC2 from the services menu.  Click "Launch Instance" and then continue with the "Classic Wizard."  Create your new instance using the Ubuntu AMI.  Create and download a key file—you will need this to log in—and set your security group settings.  At this time, it is easiest to simply allow All TCP, All UDP, and All ICMP.

Once you have completed the wizard, open terminal and navigate to the folder containing your key file with the following code:

cd /PATH/TO/KEYFILE/FOLDER

Use the following command to change the permissions to read-only and limit access to the local machine.

chmod 400 KEYFILE-NAME.pem

Head back to your browser, select "instance actions" and click connect. A window will pop up with connection details. Make sure to select connect with a standalone client, and copy the code snippet. It should look something like this:

ssh -i vpn-demo.pem root@ec2-54-242-50-114.compute-1.amazonaws.com

You will need to change the username from root to ubuntu:

ssh -i vpn-demo.pem ubuntu@ec2-54-242-50-114.compute-1.amazonaws.com

Once connected, you will likely be presented with an error message informing you the identity of the server cannot be verified. Type "yes" to add the server key to your list of known hosts.

To install the pptp server software, use the following command"

sudo apt-get install pptpd

Next, we need to edit a number of settings files:

sudo pico /etc/pptpd.conf

Uncomment the "remote ip" and "local ip" lines by deleting the "#" in front of them, and change the "local ip" to the private ip listed in the instance details on your AWS account.

sudo pico /etc/ppp/pptpd-options

Uncomment the two "ms-dns" lines and change the ip addresses to 208.67.222.222 and 208.67.220.220.

sudo pico /etc/sysctl.conf

Uncomment the line "net.ipv4.ip_forward=1".

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo pico /etc/rc.local

Paste "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" into the file above the "exit 0" line.

sudo pico /etc/ppp/chap-secrets

"Client" is the username you would like to use. "Server" should be "pptpd". "Secret" is the password you would like to use to connect, and ip addresses should be "*" to allow connections from any network.

Restart the pptp server and the virtual server:

/etc/init.d/pptpd restart sudo reboot

While the server reboots, enter your connection details in your VPN client. Your server setting should be your public DNS value from the instance details in your AWS account. Your username and password are the values set in "chap-secrets." Once your details are entered, and the server has rebooted, you will be able to connect and reroute your internet traffic through a secure tunnel.

Share this post

Tutorial: Create a Personal VPN Server with Amazon EC2

www.eriksoderstrom.com
Comments
TopNew

No posts

Ready for more?

© 2023 Erik Soderstrom, LLC
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing