Sec VPC
๐ Secure VPC for personal needs. Helps you create your own VPN server in a separate VPC in a few simple steps.
๐ Like [Crash CDK] (https://github.com/hex22a/crash-cdk) but in Terraform!
๐ธ Suits for AWS Free Tier instances
โ๏ธ Fast, but verbose setup
๐ฏโ Mostly copy-pasting
๐ฅ Easy to destroy
Pre-requirements
๐ Tarraform. tfswitch is recomended to manage Terraform versions
๐งพ AWS Account
๐ AWS CLI
๐ค IAM User with following policies:
๐ญ Important: Create a separate user instead of using default sudo-level access.
๐ญ Important 2: Best practice is to attach permissions to a group and then add users to that group, rather than giving permissions to user directly. In this particular case there's not much difference, so you can do either.
Configure AWS CLI
aws configure
The tool will prompt for an IAM credentials. Fill in ones, created before.
Deploy
# Make sure you're on correct version of terraform
tfswich
# Init terraform state
terraform init
# Plan your infra
terraform plan
# Deploy
tarraform apply
Get the admin password
If you properly setup EC2InstanceConnect you should be able to SSH into the instance throuh AWS Console.
# One you connected to the instance output the content of /usr/local/openvpn_as/init.log and look for openvpn default superuser password
sudo cat /usr/local/openvpn_as/init.log
๐ญ Important 3 Don't forget to change your admin password after first login!
Instance configuration is complete ๐
Set up VPN
Server
Log in as openvpn
user at https://PUBLIC_IP/admin
. Ignore SSL warning, or add SSL Cert as trusted to the keychain. You can find your public ip in AWS Console. To bypass Google Chrome's "Not Secure" warning, just type in "thisisunsafe" while the tab is open.
Update Hostname or IP Address at Network Settings (https://PUBLIC_IP/admin/network_settings). Value in the field should be your PUBLIC_IP.
Create ๐ฉโ๐ป VPN users, click "More Settings" to set password, enable auto-login
Don't forget to "Update Running Server"
Client
Login as a ๐ฉโ๐ป VPN user https://PUBLIC_IP/?src=connect
Download client app if you haven't yet
Click Yourself (autologin profile)
to download client.ovpn
file. Use this file to establish your custom VPN connection.
๐จ Destroy
terraform destroy
Troubleshooting
Unrecognized option or missing or extra parameter(s) in configuration: (line 4): dhcp-pre-release (2.4.4)
If you're configuring WiFi router with .ovpn
autologin profile like above, try adding following lines to the .ovpn
file in your favorite text editor
## Add this right after comments block, just for better arrangemnt
pull-filter ignore "dhcp-pre-release"
pull-filter ignore "dhcp-renew"
pull-filter ignore "dhcp-release"
pull-filter ignore "register-dns"
pull-filter ignore "block-ipv6"