Build a private VPN Server on Amazon’s EC2 « Geek 2.0. [UPDATE March 2014] Do not copy paste the code from the core text of this post.
These are one year old scripts. An updated version is available in my GitHub Repository. This article describes how to run your private VPN gateway in Amazon’s cloud. Although this article describes a 100% automatic (scripted) method to start and configure your VPN server, it assumes some basic knowledge of Amazon’s EC2 platform and – obviously – requires you to have an account on EC2. If you are totally new to EC2, I strongly advise you to follow a Getting Started guide before going through this article. The VPN server I am using for the purpose of this article is based on IPSec / L2TP security protocols implemented by open source projects OpenSWAN and XL2LTP. For the impatient, the scripts are available on github, along with basic configuration and setup information.
Why a private VPN server ? Sometime, it is legitimate to create an encrypted tunnel of data to another machine on the internet. VPN Security Group. NAT Instances - Amazon Virtual Private Cloud. Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with the Internet.
You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet. For a general overview of VPCs and subnets, see What is Amazon VPC?. For more information about public and private subnets, see Subnet Routing.
Note We use the term NAT instance; however, the primary role of a NAT instance is actually port address translation (PAT). The following figure illustrates the NAT instance basics. Setting up the NAT Instance You can use the VPC wizard to set up a VPC with a NAT instance; for more information, see Scenario 2: VPC with Public and Private Subnets. Important Creating the NATSG Security Group NATSG: Recommended Rules To create the NATSG security group. WhiteBoard Coder: Amazon AWS VPC Replace your NAT with micro Instance NAT. The VPC wizard has an option to create a public subnet and a private subnet.
It creates a NAT instance to handle internet traffic for the private network. The tool does not have the option to make this instance a micro instance. Until recently you could not have a micro instance on a VPC [1] I think it’s possible to use a micro instance as a NAT, you just have to do some manual steps to implement it. This guide assumes you already have a VPC set up with a public and private subnet and a running NAT. From the EC2 console. Then from the pull down menu select “Amazon Images” Then enter “nat” in the text field and press enter.
A display of available amazon provided NAT AMIs is listed Select the 1.1 beta 64 bit, right click and select Launch Instance. Select T1.micro as the instance type. Select VPC and then select the public subnet (in my case 10.0.0.0/24) Build a private VPN Server on Amazon’s EC2 « Geek 2.0. AWSVPN/vpn-ec2-install.sh at master · sebsto/AWSVPN.