A VPN protects against eavesdropping and the party you are connecting to will not learn your real location (at least, not be looking at your IP address).
Using an Amazon Linux Image, setting up your private VPN is quick and easy. In this example we set-up a PPTP (Point-to-Point Tunneling Protocol) VPN. This is supported by nearly all operating systems including Apple and Android devices.
So here are the detailed steps:
- create a (micro) EC2 instance (64 bits) - note: this is for free, for the first year!
- login (use SSH) as ec2-user, and enter the following in the shell:
$ sudo su - # yum update # yum groupinstall 'Development Tools' # yum groupinstall development-libs # yum install ppp -y # wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm # rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm # rm -rf pptpd-1.3.4-2.el6.x86_64.rpm
Use your favourite editor (e.g. ‘nano’) to modify the file /etc/pptpd.conf to read:
You can of course use other IP addresses. The above instructs the VPN to use 192.168.88.1 as a local address, and give remote clients an IP address between 192.168.88.60 and 192.168.88.69.
After that modify the file /etc/ppp/options.pptpd:
This instructs the VPN to use the Google DNS Servers.
Now it is time to create a user. Again, use your favourite editor to modify /etc/ppp/chap-secrets and add a user (here user ‘Zaphod’ with password ‘BeebleBrox’)
Zaphod pptpd BeebleBrox *
You could limit the access further by modifying the ‘*’ into an IP adress or list of IP addresses.
Some more manual edits are needed; we need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via a text editor and change the following line to read ‘= 1”:
net.ipv4.ip_forward = 1
# sysctl -p (ignore the errors related with net.bridge)) # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # service iptables save # service iptables restart # chkconfig pptpd on # init 6
The only thing you now need to do is to configure your EC2 firewall to allow incoming VPN connections at port 1723 and 47.
Remember the IP address given to you by Amazon or the server-name of your AMI (usually something as ‘ec2-122-248-195-211.ap-southeast-1.compute.amazonaws.com’). You’ll need these if you want to connect to the VPN server.
This is easy, e.g. on Windows 7:
- Go the the “Network an Sharing Center”.
- Click “Set up a new connection or network”,
- Choose “Connect to a workplace”;
- Choose to create a new connection;
- Choose to use your Internet Connection;
- Give the connection a destination name of your choice;
- Enter the Internet Address of your VPN server (as given by Amazon);
- Enter the username and password (in the example ‘Zaphod’ and BeebleBrox”)
- Press Connect.
That’s it! Enjoy!
2012/06/02 Fixed spelling error
2012/05/03 First version.