
How to set up your own free VPN server on AWS - roflmatz
https://www.webdigi.co.uk/blog/2015/how-to-setup-your-own-private-secure-free-vpn-on-the-amazon-aws-cloud-in-10-minutes/
======
desdiv
Streisand[0] also only takes about 10 times, but with fewer mouse clicks and
is much, much more secure. By default it tunnels OpenVPN over stunnel so that
your connections looks exactly like regular SSL sessions (albeit SSL sessions
that last for months at a time).

[https://github.com/jlund/streisand](https://github.com/jlund/streisand)

~~~
pacofvf
is there a way to use streisand at an existing instance of EC2/DO ?

~~~
Couto
Yes.

Streisand is just a bundle of ansible playbooks so it can easily be deployed
on any server that meets the requirements: Debian 7 or similar.

It also has a nice menu to deploy to Amazon, Linode, Digital Ocean and
Rackspace without extra effort.

------
2bluesc
I created a Docker image that runs OpenVPN and wraps the verbose key and cert
generation process. Works on any cloud provider that runs Docker instances (I
try to avoid OpenVZ).

[https://registry.hub.docker.com/u/kylemanna/openvpn/](https://registry.hub.docker.com/u/kylemanna/openvpn/)

[https://github.com/kylemanna/docker-
openvpn](https://github.com/kylemanna/docker-openvpn)

------
Nux
Why is PPTP still used and promoted?

[http://en.wikipedia.org/wiki/Point-to-
Point_Tunneling_Protoc...](http://en.wikipedia.org/wiki/Point-to-
Point_Tunneling_Protocol#Security)

~~~
anfogoat
It's fast, easy to setup and has less overhead. It's perfectly fine when all
you're looking for is a different geolocation quickly.

But it shouldn't be promoted as secure.

------
scintill76
> However, it has always been hard to trust a VPN provider who could
> potentially log and intercept your internet traffic!

Later:

> Then under Template, Source, select “Specify an Amazon S3 template URL” and
> paste in this URL [https://s3.amazonaws.com/webdigi/VPN/Unified-Cloud-
> Formation...](https://s3.amazonaws.com/webdigi/VPN/Unified-Cloud-
> Formation.json) and then click Next.

Now you're just trusting your obscure VPN machine-image provider not to log
and intercept your traffic! (Or am I misunderstanding what using this URL
does?)

Like another commenter, I was sort of hoping for something more generic.

~~~
JosephRedfern
I wrote a pretty generic blog post (not AWS specific) a couple of years ago
about how to quickly set up a VPN Server: [https://redfern.me/quick-and-dirty-
vpn-server-with-pptpd/](https://redfern.me/quick-and-dirty-vpn-server-with-
pptpd/)

------
BrianHutch
Here is another example using Digital Ocean. This looks complicated but is
very simple: [https://www.digitalocean.com/community/tutorials/how-to-
set-...](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-
openvpn-server-on-ubuntu-14-04)

If you want to use Docker:
[https://www.digitalocean.com/community/tutorials/how-to-
run-...](https://www.digitalocean.com/community/tutorials/how-to-run-openvpn-
in-a-docker-container-on-ubuntu-14-04)

~~~
lcmatt
If you don't mind the 2 user limit might as well install OpenVPN Access
Server. Gives you a web UI and the setup is easier
[https://www.digitalocean.com/community/tutorials/how-to-
inst...](https://www.digitalocean.com/community/tutorials/how-to-install-
openvpn-access-server-on-ubuntu-12-04)

------
Someone1234
Who owns 169.254.169.254? Just looking at the wget in the setup script...

Also I'd suggest people get an OpenVPN VPN if they can. PPTP is
insecure/broken, nobody should be using it ever. And while L2TP/IPSec is
secure, it is a massive PITA to use and is often blocked on public WiFi (where
a VPN is most useful) because they don't allow the ports/protocols (plus IPSec
traversal is a nightmare in some cases).

OpenVPN acts like an SSL connection (not dissimilar to that used by HTTPS) so
it works more places. It also traverses most network equipment without issue
since, again, it looks similar to HTTPS traffic.

PS - I have no horses in this race, but I have setup an L2TP/IPSec VPN on EC2
before, it was an unpleasant experience all around.

PPS - If you REALLY want OpenVPN to work great put it on port 443. If you
browse there nothing will happen, but OpenVPN clients will happily use the
port and few if any network equipment is designed to block it.

~~~
snorkel
169.254.169.254 explained here
[http://tools.ietf.org/html/rfc3927](http://tools.ietf.org/html/rfc3927)

~~~
Someone1234
Ah I see. Here's a better explanation:
[http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-insta...](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-
metadata.html)

------
kasabali
Beware that free tier has 15 GB upload limit.

from [https://aws.amazon.com/free/](https://aws.amazon.com/free/):

    
    
      Data Transfer
      
      15 GB of bandwidth out aggregated across all AWS services*

~~~
Someone1234
I'd always recommend anyone using the free tier to add a free billing alert to
your AWS account. For example when I had a free tier server, it cost me
roughly $5/month, so I had an alert set to $15/month.

When my free tier ran out (I got the month wrong) the alert notified me ($16
in charges) and I purchased a reserved instance to bring the cost back down to
under $10/month.

~~~
TheLoneWolfling
Until / unless there is a way to actually put a cap on billing (not just a
notification), it's something I'll stay away from when I can.

~~~
jamiesonbecker
Which data and servers did you want deleted when you hit that cap? ;)

Although I do think a soft cap (preventing more Ec2 launches etc) would make a
lot of sense.

~~~
TheLoneWolfling
I want a hard cap, as in "when cap is reached save current state to disk and
don't allow any more CPU time".

------
virtualjj
I like the CloudFormation bit - I think I'll give that a try. I wrote a book
on how to setup your own VPN in AWS for overseas streaming (step-by-step) but
using the OpenVPN AS appliance.

Everyone's mileage and needs are different but OpenVPN is probably a better
choice over PPTP & L2TP for security and speed - at least in my experience.
www.virtualjj.com if you want to take a peak of what I did.

------
xutopia
They speak of a free tier for new AWS customers but how much does it cost if
we're not a new customer?

~~~
hu_me
the same tiered machine running for a full month costs about 7usd.

~~~
Someone1234
Little more than that. $7 with a reserved instance maybe. I'd say $10-11, but
sub-$10 with a reserved instance (including the initial buy-in).

------
azurelogic
I was really hoping this would be a more generic tutorial for various Linux
flavors. I failed miserably at setting up L2TP IPSec last time I tried.

------
themanual
managed to get my Tokyo vpn server quickly. awesome.

------
urda
Don't use PPTP

~~~
goalo
You can also use L2TP IPSEC. Use PPTP for devices that dont support L2TP.

