How to make your own free VPN with Amazon Web Services

Avoiding IP conflicts


That was a head scratcher. In Windows 7, click the network icon in the system tray and select the VPN connection. Lastly, we need to create a client configuration file. Somewhere in this tutorial, something will probably go wrong for you. Both computers must be connected to the internet.

Option One: Get a Router With VPN Capabilities


You can connect via the Internet and securely access your shared files and resources. You don't have to buy an expensive VPN server if don't have a lot of users. Windows actually provides VPN server and client functionality. Now let's get started!

Since VPN connections link networks together, you must be careful with the subnet and IP addressing so there aren't any conflicts. On the network hosting the VPN server, you should use an uncommon default IP for the router, such as To configure the Windows VPN server, you do what is described by Microsoft as "creating an incoming connection. Among other things, you'll specify the users you want to be able to connect.

Follow these steps to create an incoming connection:. Now you need to access the properties of the newly created incoming network connection and define the IP address range for VPN clients:.

Windows will automatically allow the VPN connections through Windows Firewall when you configure the incoming connection on the host PC. However, if you have a third-party firewall installed on the host PC, you need to make sure the VPN traffic is allowed. You may have to manually enter the port numbers 47 and You specify the host PC by entering its local IP address. You will see the Devices for Incoming Connections screen. Do not select anything on this screen. Select Allow virtual private connections.

Select to whom you want to give access. If a user is not listed, you will have to add an account. Do not change anything on the Networking Software screen. Your computer is now set up to allow for VPNs. Click Finish to complete the wizard. Select Connect to the network at my workplace and click Next.

Select Virtual Private Network connection and click Next. Type the name of your network in the blank box. Enter the IP address you wrote down earlier and click Next.

Select Add a shortcut to this connection to my desktop and click Finish. How do I set my computer IP address so that it does not change on each open network? This isn't necessarily possible. In some cases, IP addresses can be assigned manually but this must be done through the router of the network, which is inaccessible in most cases like a cafe's network.

In short, you cannot set it to be the same for each network. My client is able to connect to the server, but is unable to pass through to any other host. I had this problem as well, I could connect to the vpn server but not get to traffic beyond.

This was dropping all of the traffic on the floor before it could get NATed and routed out to the world. Once I deleted that rule, it worked like a charm. Very good tutorial, I was able to use it to get a simple server going.

I just discovered that amazon is offering a simple VPS service called lightsail, a scaled back version of ec2. Hello, i try to connect, but I have this error. We need like 6 or more concurrent users. That way you can assign certificates to multiple users instead of a single connection using the.

Excellent tutorial, I was wondering and have always kind of wondered, could implementing a process like this prevent your ISP from throttling your data or seeing how much data is being used? Am I interpreting this correctly? If not, is there anything I could do to get a setup that achieves this? I have successfully completed your instructions, until http: I successfully completed the connection, but I do not know how to scan the remote server folders from windows.

Any idea what this is and how to fix it? Hi Paul, I am following the steps exactly as you mentioned. I know this is due to the key has been generated.

Which is connected to ISP router. When I came back the next day and started it again VPN would no longer work. Can you point to how to easily put these all in a script that runs whenever the instance is started? When I restarted the assigned IP address is different, so had to modify the settings in the openvpn config file. That will give you a web GUI to control things from and can be configured to run whenever the instance is running.

A tutorial for this is in my queue but might be awhile before I get to it. Well done, Paul, thank you so much. I did have to add an entry to the security group for custom TCP to port , but that was it. Ok here is the problem and solution: Active Running Instead of: Active Exited Because the actual openvpn. The vpn connection should be able to establish even after instance reboot. This is the only article online that covers exactly what I need. I checked the security group is assigned to the EC2 instance.

I can ssh to the server so server is up and running. What I understood is that when we start the service on the server, there is no way to tell the service where to look for the conf file. I put random characters in the conf file and service was able to restart successfully! I even removed the conf file from the server and server was still able to restart successfully. Status says it is active and green. Because if I remove rules on aws security group the error is connection timed out. If I add them the error is connection refused.

So the rules work. There is no server on the port to listen to the input. There is no log file created with name server-tcp. It apparently ignores the config file. Just a couple things on feedback. Noted about the cipher, thanks.

Hello paul, Am very grateful for the time taken to put the write up together.. I followed the process as described but after the setup on my putty connect while the other things like browsers refused to connect… What might be the cause of that please. According to google they both have the same IP. They both can establish a connection to an ec2 OpenVPN server configured per your instructions, but not simultaneously the second one just hangs establishing the connection.

Some other secret sauce? Followed your year old recipe and I think it worked like a champ the ec2 gui changed a bit but it was easy enough to figure out. I say I think because when I check https: You can do this in your network settings. Before I invest time in this, one question. Luckily, unless you have an elastic IP set up, you can just reboot the instance to get a new IP and try again.

Make sure you change you config as necessary. How does that work with this VPN solution? Thanks for this easy to follow guide. I require two more things: As for your Linux client, it should be more or less the same thing but with your Linux terminal instead of PuTTy. Make sure you allow your Linux device to connect in your AWS security groups. I have not installed the OpenVPN yet. I was wondering your vpn test did not prompt for username and password.

Hi, thanks for the tutorial! As such, I want to ask how safe is it to use Amazon as a server provider considering it is a US company 5 eyes and whatnot? You can even minimize this by lowering the verbosity in your server config. You have to contact customer service to ask which server can unblock which sites. Wed Nov 23 Im facing the exact same issue. Everything works and service is up, also the security group was checked several times. I even tried opening everything to anywhere.

I can connect to the client and my IP is the same as ec2, open vpn is connected, but I still can not get on to the sites that are blocked in my location i. I am wondering where did I go wrong? I have a little problem though. Best, Declan ——————————————————————- Judging from your log it looks like a TunnelBlick problem.

Have you tried to create a layer 3 site to site tunnel using OpenVPN. I have using the openvpn access server web portal. Or at least the AWS side?

Hi Paul, Could you please provide the link or input how to login to the openvpn client using with users name and password more then 2 users. Under settings on FileZilla there is a place to put the putty ssh key. Once you import that you can login with the username ec2-user and just make sure your port is Can you help fix?

You should be able to diagnose the problem using one or the other or both. When I go to http: It could be a DNS leak, which this tutorial does not account for. Do you know if it is possible to have username and password authentication from the client in static key mode? In any case it will boost your security and allow you to connect multiple simultaneous devices.

Any thoughts where i could be going wrong? Could be a DNS leak. I got everything setup including using openvpn to tunnel everything on my pc and it works good. Thank you for this tutorial. Alternatively, most laptops support virtual routers, where you would just connect to your VPN, turn on the virtual router, and connect whatever other devices you have to the wifi signal coming from your laptop.

You can find instructions on how to do that here: Any chance you might consider doing a parallel article for setting up in Azure? Let us know if you figure it out! It looks like the installer does not exist.

I found that using openvpn in this way, while having IPv6 enabled on your local client, will leak lots of traffic locally over ipv6. I still have to solve how to forward ipv6 traffic on the server side. But it does solve the ipv6 data leakage, basically by just dumping all ipv6 traffic in a black hole.

Also is there a tutorial to configure the client to use DNS on my AWS instance to prevent lookups on my client environment? Because Macs have a proper Unix terminal, you should be able to connect directly to the server through that instead of something like PuTTy. I am not sure if that is the same for all ec2 instances. We have a brief tutorial on setting up a smart DNS client here: I got it working with a windows client.

Can you point me in the direction of getting it to work with the linux client? If you need something before then, Google is your best friend. You could also try the OpenVPN forums.

Just spent a couple days finagling with openrsa, using a couple websites, and was able to install it and start making keys, but cannot figure out how to tie that in to openVPN for multiple users. Any chance of a write-up or other help for us noobs looking to set up VPN servers for multiple home, fair use, single-family clients?

Hi, I am behind a fortiguard firewall, could this be the reason I am getting: Try , , , , and I spoke too soon. Shortly after it connected, it disconnected again. Here are the logs. Mitigate by using a —cipher with a larger block size e. You can change your AWS security settings to allow all traffic on whatever port you want from any IP to avoid this.

I decided to change it to and that did the trick. Hi Paul, Thanks for the replies! I tried different ports, none work. How can I port forward another port? Also, make sure the necessary ports are open on your EC2 instance.

What should I do to deal with it? Find the server log and see if it gives you any more details. It should either be in the same directory as the config file as server-tcp. You can just import the same config file that you use on your PC, along with the associated key file, to whatever OpenVPN client you are using on those devices.

Make sure to allow the IP addresses for those devices through the firewall using AWS security groups or iptables. Manually set the adapter to Google Dns and it works. Paul, Thanks for your guide. Is there any way to overcome this limitation? Even if I set up source port 80 or in Putty it does not allow me to connect timed out.

Hi Mike, Have you check the security groups on AWS to make sure traffic through those ports are open? Thanks for your help. So, I assumed that port is also blocked or filtered. So, do you have any idea how deal with this issue? I could connect my work laptop to the corporate network using Cisco Any.. I added UDP to the security group for my instance, and it connected with no problem. Hi Paul, great tut.. Hi Austin, Yes, it is possible, but ideally you would use tls-auth instead of the pre-shared private key ovpn.

You can look into installing easy-rsa to generate TLS certificates. What I would like to do now is create an ssh tunnel from AWS server to a linux server at my home. We actually have a separate tutorial just for that: As far as the ports go, you probably need to poke holes in the server firewall using either iptables or the AWS Dashboard security groups.

Hi Thanks for the guide. I have successfully connected to my EC2, however there is no connection coming in. Any idea what I am missing? Did you open the right ports in your AWS security groups?

On top of that, the encryption and re-routing of internet traffic that takes place with a VPN will slow your download speed down, usually by about 10 percent. I tried switching to UDP to see if that helps, it did but only for a short while. Seems to be an odd issue where it speeds up and slows down. This a great tutorial, thanks! I found this here:

Why You Might Want to Do This

Leave a Reply

Choose the Most Secure VPN - Protect Your Privacy & Stay Anonymous. Here's how to create and outgoing VPN connection in Windows XP: Open the Network Connections window and click Create a new connection. Select Connect to the network at my workplace, and click Next. Select Virtual Private Network connection, and click Next. Enter a name for the connection, and click Next. Virtual Private Networks (VPNs) are very useful, whether you’re traveling the world or just using public Wi-Fi at a coffee shop in your hometown. But you don’t necessarily have to pay for a VPN service—you could host your own VPN server at home.