Saturday 15 December 2012

OpenVPN on EC2/AWS


EC2 Instance
  1. Allow UDP to port 1194 under the instance's security group
    1. to the world 
    2. or just your IP network
Install and configure OpenVPN instance/server
  1. apt-get install openvpn
  2. cd /etc/openvpn
  3. openvpn --genkey --secret my.key
  4. Put code below into /etc/openvpn/server.conf
  5. Run: openvpn --config /etc/openvpn/server.conf
    1. Leave running while taking remaining steps
  6. Allow NAT
    1. modprobe iptable_nat
    2. echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
    3. iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
  7. Checks for the paranoid
    1. lsof -nP -i
    2. lsof -c openvpn

port 1194
proto udp
dev tun
secret /etc/openvpn/my.key
ifconfig 192.168.2.1 192.168.2.2
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

  1. If on Mac, use tunnelblick to open a file like myopenvpn.ovpn with below code
    1. Replace hostname with yours
    2. You'll need the my.key file in the same directory as the myopenvpn.ovpn file
  2. On Linux
    1. Put below in /etc/openvpn/client.conf
    2. Put my.key in /etc/openvpn as well
    3. Run: openvpn --config /etc/openvpn/client.conf
    4. Leave running
  3. For all operating systems
    1. When/if you see this in the client connection logs/messages, you've made it
      1. "Initialization Sequence Completed"
  4. Confirm
    1. You can ping 192.168.2.1, the openvpn server/instance via the ssh tunnel
    2. You can ssh into the openvpn server/instance via 192.168.2.1
    3. You have a new network interface with 192.168.2.2 defined on it
    4. Goto: http://ipaddr.me
      1. Does it look like your IP?
      2. If uncertain, use "whois" command to find out
dev tun
proto udp
remote ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com 1194
resolv-retry infinite
nobind
secret my.key
ifconfig 192.168.2.2 192.168.2.1
comp-lzo
verb 3
dhcp-option DNS 172.16.0.23
redirect-gateway def1

Interview questions: 2020-12

Terraform provider vs provisioner Load balancing Network Load Balancer vs Application Load Balancer  Networking Layer 1 vs Layer 4 haproxy u...