Hacker News new | past | comments | ask | show | jobs | submit login
How to set up your own free VPN server on AWS (webdigi.co.uk)
85 points by roflmatz on March 24, 2015 | hide | past | favorite | 32 comments

Streisand[0] also only takes about 10 times, but with fewer mouse clicks and is much, much more secure. By default it tunnels OpenVPN over stunnel so that your connections looks exactly like regular SSL sessions (albeit SSL sessions that last for months at a time).


Streisand is amazing. I did the VPN setup that is mentioned in the OP, and it worked well .. but then I read your comment and set it up too .. and its just lightyears ahead in terms of what you get out of the process at the end.

is there a way to use streisand at an existing instance of EC2/DO ?


Streisand is just a bundle of ansible playbooks so it can easily be deployed on any server that meets the requirements: Debian 7 or similar.

It also has a nice menu to deploy to Amazon, Linode, Digital Ocean and Rackspace without extra effort.

I created a Docker image that runs OpenVPN and wraps the verbose key and cert generation process. Works on any cloud provider that runs Docker instances (I try to avoid OpenVZ).



It's fast, easy to setup and has less overhead. It's perfectly fine when all you're looking for is a different geolocation quickly.

But it shouldn't be promoted as secure.

Because IPSec is a dog in a million different ways (config, firewall, etc) and lots of shops moved to PPTP because it shipped on their Windows servers and is brain-dead simple to implement and use. It was "good enough." A lot of those issues linked are MS specific anyway, regarding MS-CHAP. You don't have to use MS-CHAP.

PPTP has fallen out of fashion now, and I'm a little surprised to see it being promoted. Now we're all moving to IPSec running in L2TP which seems to be the best of both worlds. You lose the various firewall issues plain jane IPSec introduces and get IPSec level security. Of course you still have an IPSec config on your hands, but that's a one time pain. OSX, Windows, and Android support it natively which is a big plus as well.

If you just want something quick and dirty, PPTP or OpenVPN SSL VPN are the obvious choices. Personally, I'd rather just do SOCKS or port forwarding with an ssh server somewhere than do lazy VPN. Its worth getting right.

The AWS cloudformation template on the site supports both PPTP and L2TP IPSEC protocol. So use as you like based on your security needs / device compatibility.

> However, it has always been hard to trust a VPN provider who could potentially log and intercept your internet traffic!


> Then under Template, Source, select “Specify an Amazon S3 template URL” and paste in this URL https://s3.amazonaws.com/webdigi/VPN/Unified-Cloud-Formation... and then click Next.

Now you're just trusting your obscure VPN machine-image provider not to log and intercept your traffic! (Or am I misunderstanding what using this URL does?)

Like another commenter, I was sort of hoping for something more generic.

I wrote a pretty generic blog post (not AWS specific) a couple of years ago about how to quickly set up a VPN Server: https://redfern.me/quick-and-dirty-vpn-server-with-pptpd/

the project is open source and you can view the code. the underlying os is the base Ubuntu image provided by amazon.

Here is another example using Digital Ocean. This looks complicated but is very simple: https://www.digitalocean.com/community/tutorials/how-to-set-...

If you want to use Docker: https://www.digitalocean.com/community/tutorials/how-to-run-...

If you don't mind the 2 user limit might as well install OpenVPN Access Server. Gives you a web UI and the setup is easier https://www.digitalocean.com/community/tutorials/how-to-inst...

Who owns Just looking at the wget in the setup script...

Also I'd suggest people get an OpenVPN VPN if they can. PPTP is insecure/broken, nobody should be using it ever. And while L2TP/IPSec is secure, it is a massive PITA to use and is often blocked on public WiFi (where a VPN is most useful) because they don't allow the ports/protocols (plus IPSec traversal is a nightmare in some cases).

OpenVPN acts like an SSL connection (not dissimilar to that used by HTTPS) so it works more places. It also traverses most network equipment without issue since, again, it looks similar to HTTPS traffic.

PS - I have no horses in this race, but I have setup an L2TP/IPSec VPN on EC2 before, it was an unpleasant experience all around.

PPS - If you REALLY want OpenVPN to work great put it on port 443. If you browse there nothing will happen, but OpenVPN clients will happily use the port and few if any network equipment is designed to block it. explained here http://tools.ietf.org/html/rfc3927

Beware that free tier has 15 GB upload limit.

from https://aws.amazon.com/free/:

  Data Transfer
  15 GB of bandwidth out aggregated across all AWS services*

I'd always recommend anyone using the free tier to add a free billing alert to your AWS account. For example when I had a free tier server, it cost me roughly $5/month, so I had an alert set to $15/month.

When my free tier ran out (I got the month wrong) the alert notified me ($16 in charges) and I purchased a reserved instance to bring the cost back down to under $10/month.

Until / unless there is a way to actually put a cap on billing (not just a notification), it's something I'll stay away from when I can.

Which data and servers did you want deleted when you hit that cap? ;)

Although I do think a soft cap (preventing more Ec2 launches etc) would make a lot of sense.

I want a hard cap, as in "when cap is reached save current state to disk and don't allow any more CPU time".

Yes, It is per month and further traffic costs $0.09 / GB

In case you were wondering, that adds up FAST. :)

I like the CloudFormation bit - I think I'll give that a try. I wrote a book on how to setup your own VPN in AWS for overseas streaming (step-by-step) but using the OpenVPN AS appliance.

Everyone's mileage and needs are different but OpenVPN is probably a better choice over PPTP & L2TP for security and speed - at least in my experience. www.virtualjj.com if you want to take a peak of what I did.

They speak of a free tier for new AWS customers but how much does it cost if we're not a new customer?

the same tiered machine running for a full month costs about 7usd.

Little more than that. $7 with a reserved instance maybe. I'd say $10-11, but sub-$10 with a reserved instance (including the initial buy-in).

I was really hoping this would be a more generic tutorial for various Linux flavors. I failed miserably at setting up L2TP IPSec last time I tried.

managed to get my Tokyo vpn server quickly. awesome.

Don't use PPTP

You can also use L2TP IPSEC. Use PPTP for devices that dont support L2TP.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact