EC2 Instance
- Allow UDP to port 1194 under the instance's security group
- to the world
- or just your IP network
Install and configure OpenVPN instance/server
port 1194
proto udp
dev tun
secret /etc/openvpn/my.key
ifconfig 192.168.2.1 192.168.2.2
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
- apt-get install openvpn
- cd /etc/openvpn
- openvpn --genkey --secret my.key
- Put code below into /etc/openvpn/server.conf
- Run: openvpn --config /etc/openvpn/server.conf
- Leave running while taking remaining steps
- Allow NAT
- modprobe iptable_nat
- echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE
- Checks for the paranoid
- lsof -nP -i
- lsof -c openvpn
port 1194
proto udp
dev tun
secret /etc/openvpn/my.key
ifconfig 192.168.2.1 192.168.2.2
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
- If on Mac, use tunnelblick to open a file like myopenvpn.ovpn with below code
- Replace hostname with yours
- You'll need the my.key file in the same directory as the myopenvpn.ovpn file
- On Linux
- Put below in /etc/openvpn/client.conf
- Put my.key in /etc/openvpn as well
- Run: openvpn --config /etc/openvpn/client.conf
- Leave running
- For all operating systems
- When/if you see this in the client connection logs/messages, you've made it
- "Initialization Sequence Completed"
- Confirm
- You can ping 192.168.2.1, the openvpn server/instance via the ssh tunnel
- You can ssh into the openvpn server/instance via 192.168.2.1
- You have a new network interface with 192.168.2.2 defined on it
- Goto: http://ipaddr.me
- Does it look like your IP?
- If uncertain, use "whois" command to find out
dev tun
proto udp
remote ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com 1194
resolv-retry infinite
nobind
secret my.key
ifconfig 192.168.2.2 192.168.2.1
comp-lzo
verb 3
dhcp-option DNS 172.16.0.23
redirect-gateway def1
No comments:
Post a Comment
Note: only a member of this blog may post a comment.