/PiVPN-AWS

PiVPN on AWS

This guide will walk you through creating your own PiVPN server on AWS and connecting to it from Windows. PiVPN was originally created to host your own VPN server on RaspberryPi, but is portable to AWS as well.

Not only will this will help protect yourself from being monitored by your ISP, but also protect you from cybercriminals looking to steal your information.

Getting Started

Amazon Web Services offers one year of free virtual server space, provided you use less than predetermined amounts of bandwidth, time, and space. AWS free tier includes 750 EC2 hours a month. So if this is the only EC2 instance you create, you should not be billed. Even if you go over that limit, the cost of running a server image on Amazon’s Elastic Compute Cloud is probably less than you would pay for a VPN subscription.

List of things you’ll need:

  • An Amazon Web Services account. This requires a credit card, but you’ll only be charged for what you use, which will likely be nothing if you’re prudent about what you’re doing.
  • PuTTy. You’ll also need PuTTy’s sister key generation program, PuttyGen.
  • WinSCP, or an equivalent FTP client to move files between your local computer and your EC2 instance.
  • A basic working knowledge of Unix commands and how servers work with clients will be massively helpful in troubleshooting should something not go exactly as planned.
  • OpenVPN GUI, installed in the default location and with the default settings on your PC

Setting up AWS

Once you’ve signed up for an Amazon Web Services account, here’s how to launch the server that we’ll use for our VPN:

  1. Log into your Amazon Web Service account and head to the EC2 dashboard. EC2

  2. On the top right, you can choose the location where we’ll be setting up your VPN. Then click Launch Instance. EC2

  3. Choose whatever Linux AMI is listed as “free tier eligible.” At the time of writing this article, I’m choosing Ubuntu Server 16.04 LTS. Go on to the next step. EC2

  4. Here choose a t2.micro instance that’s also free tier eligible. Click Review and Launch. EC2

  5. On the next page, click Edit Security Groups. EC2

  6. You’ll need to edit the security group to only allow traffic from your computer to access the VPN or proxy. You should have one rule already in place for connecting to your server via SSH, which we’ll use later. We’ll need to add another to allow OpenVPN connections, which use port 1194 by default. For simplicity’s sake, click the Add rule button. Set the Type to Custom UDP, the Port Range to 1194, and the Source to Anywhere. EC2

  7. Click Review and Launch EC2

  8. If all went well, your page should look similar (your Source IP will be different) with the rules we just created in the “Security Groups” section. Now click Launch EC2

  9. Now you’ll want to create a key pair, which sort of works like a password that you’ll use to connect to the virtual server you’re creating. Select “create a new key pair” from the dropdown menu and name it whatever you like. Click the button to download the key pair. Store it somewhere safe.EC2

  10. The next page should alert you that the instance is launching. Scroll to the bottom and hit View instances. Here you’ll see a list of any instances you’ve launched, which if this is your first time using EC2 will just be one.EC2

Connecting to the server with PuTTy

We can connect to our EC2 instance with PuTTy, but first we’ll need a proper key file to get connected. When you installed PuTTy, you should have also installed PuTTygen. Go ahead and run it now. PuTTy and PuTTygen both run right out of the box as .exe files with no need to install.

  1. Open PuTTygen, click Load.
    EC2

  2. Navigate to the .pem key pair file you downloaded before and load it into Puttygen. You’ll have to select the option to show all file types for the .pem key to show up. Hit Save Private Key. The file name must be identical to the .pem key.

  3. Now close out of PuTTygen and open PuTTy. Copy your instance’s public IP from the EC2 console into PuTTy. Type in a name for your session and hit save.EC2

  4. In the left pane, navigate to Auth under SSH. Click the browse button at the bottom and navigate to the private key you just generated.EC2

  5. Back on the main Session page, name and save your session profile so you can quickly connect the next time you use PuTTy. Then click Open.

  6. A prompt will appear asking you for a username. For the Amazon Ubuntu AMI, it’s ubuntu.

Setup OpenVPN on the server

OpenVPN is a free open source tool that will let you run a full-on VPN through your Amazon EC2 instance. That means all your internet traffic goes through it.

  1. Connect to your EC2 instance using PuTTy according to the instructions above. Once logged in, update and install the packages on the server:
    sudo apt-get update && sudo apt-get upgrade -y
    EC2

  2. Start the PiVPN installer:
    curl -L [https://install.pivpn.io](https://install.pivpn.io/) | bash
    For more detail on this, see http://www.pivpn.io/#tech

You are then guided through the process of installing all the required software and configuring the VPN server:EC2

EC2

EC2

EC2

Choose the default ubuntu user.
EC2

We do want to enable unattended upgrades of security patches.
EC2

Choose UDP as the protocol to use.
EC2

Choose the default port 1194.
EC2

EC2

Create a 2048 bit encryption key.
EC2

EC2

Choose to use your servers public IP address.
EC2

Choose whichever DNS provider you would like to use. I chose Google.
EC2

Installation is now complete 🙂
EC2

Choose to reboot the server.
EC2

EC2

Once the server has rebooted, checking the AWS dashboard for it’s status, SSH back in to the server.

Now we need to configure a VPN profile that we can use to connect to the VPN server.

The easiest way to do this is to use the ​​​​pivpn command line utility:
pivpn add
EC2

This will guide you through the process of creating a profile. Make sure to use a strong password and note both the profile name and the password as you will need these later.
EC2

Set up is now complete so you can logout.
EC2

Download VPN configuration files for use locally

  1. To get the files off of our server and onto our PC, we’ll use a free program called WinSCP. Just use the default installation options. Once that’s done, a window should pop up prompting you to import your server authentication details from PuTTy. Select the one we made above and continue.

  2. Select myvpn (or whatever you named yours) and hit the Edit button. Type in ubuntu under user name. Click on Login.
    EC2

  3. If this isn’t your first time using WinSCP, you can set the .ppk file you used in PuTTy by clicking Edit and Advanced. Go to SSH > Authentication > Private key file and navigate to your PPK file.
    EC2

  4. In the host name field on the main page, you can enter either the IP address or domain of your EC2 instance. Be sure to save your settings, then hit Login.

  5. In the right pane, navigate to the directory containing your key files, in this case /home/ubuntu/ovpns

  6. Highlight your file {username.ovpn} and click the download button or drag the file from the right pane to the left pane (your computer). This will download the .ovpn file to your current directory.

  7. Once downloaded you can import this to your OpenVPN client software for Windows.

  8. (Optionally) You can install the client on your Android phone through the GooglePlay, download and import this file to your Android phone and have a VPN on your phone as well.