How to Create an Amazon VPN Server
π¨βπ»
While current VPNs come with many subscription options, most of them – or at least fast and reliable – are only available with a monthly purchase. In this guide, we show you how to set up a VPN on Amazon web services, so you can avoid monthly subscription costs.
AWS . Requirements
Amazon Web Services offers two different VPN server options: OpenVPN and SSH Tunneling. Each option has its ups and downs, and both are worth researching extensively before making a decision. Regardless of whether you choose OpenVPN or SSH Tunneling, you will still need to meet the following requirements:
- An account with Amazon Web Services
- Credit card for Amazon Web Services enrollment (no fees unless you exceed preset amounts)
- PuTTy (SSH client)
- PuTTyGen (key generator)
- WinSCP (FTP Server)
How to set up Amazon VPN on AWS
Setting up your VPN on Amazon Web Services is very easy. For Windows users, you will need to complete the following steps after signing up for an account and setting up your billing information.
- When prompted, choose the free basic plan
- In the search bar, type EC2 and click on it
- From the EC2 dashboard, select Launch Instance
- Select the first eligible free-tier option: Amazon Linux AMI
- Choose the eligible t2.micro free tier option (usually pre-selected)
- Select Review and Play at the bottom of the page
- Click Edit Security Groups
- Click Add Rule
- Under the type dropdown list, select Custom UDP
- Set the port range to 1194
- Under Source, select Anywhere
- select launch
- When prompted, select the dropdown menu and choose Create new key pair
- Name your key pair
- Select Download Key Pair and store it in a safe place
- Select Running Instances
- On the Playback status screen, select View Instances
- Verify that only one instance is running (if this is your first time using EC2)
How to use your Amazon VPN with an SSH tunnel
Many people use VPNs in hopes of accessing geo-restricted content. If the only reason you want to use a VPN is to access content that is not available in your country, then an SSH tunnel is probably the best and easiest option for you. While an SSH tunnel isn’t perfect, it’s great for light use like basic web browsing or searching your way around geo-locked websites/services.
To set up an SSH tunnel, complete the following steps:
- Download PuTTy and PuTTyGen .exe files
- Double click on PuTTyGen to open it
- select download
- In the dropdown menu in the lower right corner, select All File Types
- Choose your key pair file before
- Select Save private key
- The file name must match the .pem character
- Optional: Create a passphrase
- Exit PuTTyGen and open PuTTy
- Go to your AWS EC2 dashboard
- Copy IPv4 Public IP
- Paste the IPv4 Public IP into the PuTTy hostname (or IP address)
- Choose a session name
- Select Save
- In the right panel, go to SSH > Auth
- Under Authentication parameters, select Browse
- Navigate to the private key you created earlier and select it
- In the right panel, go to SSH > Tunnels
- Under Add new port forwarding: type 8080 and select Dynamic and Automatic
- Go back to the session and select Save
- select open
- When prompted for a username, type ec2-user for Amazon Linux AMI
- Go to the next steps based on your preferred browser
fire fox
- Open Firefox browser
- Go to Tools > Options > Advanced > Network > Connectivity > Settings > Manual Proxy Configuration
- Set the SOCKS host to 127.0.0.1
- Set the port to 8080
- Click Save
Chrom
- Install Proxy SwitchySharp Extension
- Setup screen will appear
- Choose a name
- Select manual configuration
- Change the SOCKS host to 127.0.0.1
- Change the port to 8080
- Everything else should be left blank
- Select Save
- Click the extension icon and select your proxy profile
After completing the above steps, you will successfully pass your browser traffic through your EC2 instance tunnel. However, an SSH tunnel is only useful for light browsing and accessing some geo-restricted content. If your goal is to create a fully functional Virtual Private Network (VPN) with the ability to redirect all your internet traffic, then OpenVPN is the option you’ll want to consider. We get into the details below.
How to use AWS with OpenVPN
As an open source application, OpenVPN is a great VPN tool to use. With the ability to redirect all your internet traffic through your EC2 instance, OpenVPN is also able to help with VPN use for apps like Steam or Battle.net. Setting up OpenVPN may seem complicated when you direct your attention to the instructions, but the truth is that it is fairly simple (if not time consuming).
Install OpenVPN on AWS
- Using the instructions above, connect your EC2 instance to PuTTy
- A command prompt showing Amazon Linux AMI should appear
- Copy and paste the following commands individually into the Command Prompt:
- sudo yum install -y openvpn
- sudo modprobe iptable_nat
- echo 1 | sudo tee / proc / sys / net / ipv4 / ip_forward
- sudo iptables -t nat -A POSTROUTING -s 10.4.0.1/2 -o eth0 -j MASQUERADE
- sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
- If the first command above didn’t work, replace it with:
- sudo apt-get install -y openvpn
Connecting to OpenVPN via easy-rsa
When it comes to setting up an OpenVPN server, you have two different approaches. The first method allows you to connect to different devices simultaneously via easy-rsa, while the second method only allows one connection at a time via static encryption.
Server Configuration
- Copy and paste the following commands individually into the Command Prompt:
- sudo yum install easy-rsa -y –enablerepo = epel
- sudo cp -via /usr/share/easy-rsa/2.0 CA.
- Enable the root user by typing in your command prompt sudo su
- In the next step, you will be asked to fill in information such as your job/company – select the default by pressing Enter when prompted
- Copy and paste the following commands individually into the Command Prompt:
- cd /usr/share/easy-rsa/2.0/CA
- Source ./vars
- ./clean everything
- ./build-ca
- ./build-key-server server
- ./build-dh 2048
- To set up your device, individually copy and paste the following commands into the Command Prompt:
- ./build-key client
- cd /usr/share/easy-rsa/2.0/CA/keys
- openvpn –genkey – pfs.key secret
- mkdir / etc / openvpn / keys
- for the file in server.crt server.key ca.crt dh2048.pem pfs.key; make cp $ file /etc/openvpn/keys/; he did
- cd / etc / openvpn
- nano server.conf
- Nano text editor will open – copy and paste the following text:
Port 1194
proto udp
Dave Ton
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file must be kept secret
dh /etc/openvpn/keys/dh2048.pem
AES-256-CBC encryption
SHA512 Authentication
Server 10.8.0.0 255.255.255.0
push “redirect-gateway def1 bypass-dhcp”
Push “dhcp-option DNS 8.8.8.8”
Push “dhcp-option DNS 8.8.4.4”
ifconfig-pool-persist ipp.txt
Survive 10120
Comp-lzo
persistence key
continuation ton
status openvpn-status.log
Log and append openvpn.log
verb 3
TLS Server
tls-auth /etc/openvpn/keys/pfs.key
- To save and exit the configuration text, press CTRL + O followed by CTRL + X
- Start OpenVPN by typing in the command prompt:
- start sudo openvpn service
Client configuration
- Copy and paste the following commands into the command prompt:
- cd /usr/share/easy-rsa/2.0/CA
- chmod keys 777
- CD keys
- for the file in client.crt client.key ca.crt dh2048.pem pfs.key ca.key; Does sudo chmod 777 $ file ; he did
- Download and open WinSCP with default installation options
- WinSCP will prompt you to import server authentication details from PuTTy
- Select the one you created in the previous steps
- Select Edit and type under the username: ec2-user
- Click on login
- Click Edit, then Advanced
- Go to SSH > Authentication > Private Key File
- Find your PPK file
- Back on the main screen, enter the IPv4 address of the EC2 instance in the Hostname field
- Save your settings
- In the right panel, go to the directory containing your key files
- You will need to highlight the five necessary files: client.crt, client.key, ca.crt, dh2048.pem and pfs.key
- Select the green download button
- Save files wherever you want
- Go back to the PuTTy Command Prompt
- Copy and paste the following command:
- for the file in client.crt client.key ca.crt dh2048.pem pfs.key; Does sudo chmod 600$ file; he did
- compact disc..
- chmod switches 600
- On your computer, move the five files to the OpenVPN configuration folder (the default location is C: \ Program Files \ OpenVPN \ config
SUB: Create a client configuration file
The last thing we need to do is create the client configuration file. Fortunately, this can be done easily with a basic text editor.
- Right click on any basic plain text editor
- Select Run as administrator
- Copy and paste the following configuration:
Client
Dave Ton
proto udp
REMOTE YOUR.EC2.INSTANCE.IP 1194
ca.crt
Customer testimonial. crt
customer key
tls-version-min 1.2.0 Update
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256: TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 : TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
AES-256-CBC encryption
SHA512 Authentication
Solve and try again infinite
Authentication – Retry anything
Nabil
persistence key
continuation ton
ns-cert server type
Comp-lzo
verb 3
tls-client
tls-auth pfs.key
- Save the configuration file as client.ovpn
- Save the config file in the same directory as the other 5 files (default is C:\Program Files\OpenVPN\config)
- Finally, right-click on OpenVPN GUI and select Run as administrator
- In the system tray below, right-click on the OpenVPN icon
- Connect to the appropriate configuration
- If successful, the OpenVPN icon will turn green
Remove the CA file
To stay as secure as possible, our team at ProPrivacy.com recommends removing the ca.key file from your server. In the event that a CA has been compromised, you will never want to trust the certificates this CA provides in the future. Before completing the following steps, make sure you have the keys/certificates for each device you want to connect.
- select ca.key
- Instead of selecting the Download button, select Download and Delete
- Store the file in a safe place
Fix restart or maintenance problems
If you encounter problems after restarting your computer or completing maintenance, you can set up OpenVPN as a service by typing the following commands at the command prompt. Most of the time, this fixes the problem.
If the above commands don’t work or you seem to be connecting to the VPN but not the internet, try resetting the iptable settings by running the commands from earlier:
- echo 1 | sudo tee / proc / sys / net / ipv4 / ip_forward
- sudo iptables -t nat -A POSTROUTING -s 10.4.0.1/2 -o eth0 -j MASQUERADE
- sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Connecting to OpenVPN via Static Encryption
While this method is easier to achieve than the easy-rsa method, it is less secure and only allows one connection to the VPN server at a time. Still, a great choice over other free VPN services.
- In the PuTTy command prompt, paste:
- cd / etc / openvpn
- sudo openvpn –genkey – ovpn.key secret
- sudo nano openvpn.conf
- When the Nano text editor pops up, type the following configuration:
Port 1194
TCP Server Proto
dev tun1
ifconfig 10.4.0.1 10.4.0.2
Server Status – tcp.log
verb 3
ovpn.key secret key
- Select CTRL + O to save followed by CTRL + X to exit
- At the PuTTy command prompt, type:
- start sudo openvpn service
- sudo chmod 777 ovpn.key
- Download WinSCP by following the default installation prompts
- The prompt will ask you to import server authentication details from PuTTy
- Select the option you made in the previous steps and click Edit
- Under the username, type ec2-user and press login
- In the right panel, scroll up and go to etc / openvpn
- Select the ovpn.key file and drag it to a safe place
- At the PuTTy command prompt, type:
- Download OpenVPN according to your system specifications
- Move ovpn.key to OpenVPN config folder (default is C:/Program Files/OpenVPN/configβ¦)
- Open Notepad and paste the following:
Proto TCP Client
remote yourEC2IPhere
…
[ad_1]
Don’t forget to share this post with friends !