On line 121 you find a commented command that reads: #echo 1 > /proc/sys/net/ipv4/ip_forward Remove the ‘#’ so it only reads: echo 1 > /proc/sys/net/ipv4/ip_forward Restart the openvpn once again and make it start upon boot by entering: service openvpn restartĬhkconfig openvpn on Now, you should be able to access the internet through the VPN. A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -o eth0 -j MASQUERADEĬOMMIT Reload the firewall and make it start on boot by entering: service iptables restartĬhkconfig iptables on The last thing before you get traffic accross the net through the VPN is to enable IP forwarding in the initialization file for openvpn.
For the basic needs it’s enough to enable masquerading using the following lines: *nat Change the directory /etc/sysconfig and edit – or if necessary create – a file called iptables, which includes the firewall configuration. So, it’s back to the command line once again. For this you need to enable masquerading and IP forwarding on the server. The traffic goes to the Amazon host but it can’t get any further. But you’ll notice that you are not able to access the internet just yet. Now, after all files have been created and you set up the Amazon security group you should be able to connect to the VPN server. You have to see if these ports are accessible from your client, which usually is the case, but if your provider (or government) decides to block this, you have to set matching alternatives on the server, client and the Management Console. These can be configured in the Amazon AWS Management Console under “Security Groups”. Redirect-gateway def1 After this has been done, you have to allow incoming packets for the port and protocol. Remote INSERT-YOUR-COMPLETE-PUBLIC-EC2-HOSTNAME-HERE 1194 My config includes the following: dev tun Along with that file you need the actual configuration file, the file extension has to be. Get the secrets file ( openvpn-key.txt) and move it to the openvpn/config directory on your PC.
Here are the Windows instructions (which are basically identical to those of Tunnelblick). This way you could for example set up a VPN server in the US and EU. Both have the ability to use more than a single VPN configuration. Verb 3 Finally you have to (re)start the openvpn server by entering the following command: service openvpn restart The client side For Windows I was using openvpn including the GUI, that you can find The main configuration file is in /etc/openvpn/nf. You create the needed key file with: openvpn -genkey -secret /etc/openvpn/openvpn-key.txt Securely copy this file over to the client machine that will access the server, e.g. The person had problems with using a certificate to authenticate so we had to go with a preshared key. Now, in my case I created the server for someone in Iran, so they could get around the blocked. The configuration files for OpenVPN go to /etc/openvpn.
Now you have to install openvpn itself: yum install openvpn Again, say yes when asked to install.
First thing I did was get all the recent system updates: yum update Say yes when you’re asked to install the updates. Of course you can use whatever linux image you want, but the commands I’m using might differ, so YMMV. Setting up the server I’ll be using the basic Fedora Core 8 (AMI Id:Īmi-3c47a355) in this example. There’s also a web-based administration console if you don’t want to use the command line tools. I hope this small howto, that in no way is meant to be complete or fool proof, will give those in need a way to get the news out! You can find the Getting Started Guide for Amazon’s EC2 over here.
I set up a server for another basic need: free speech. Amazon has given us a great base system to build on: the Elastic Compute Cloud, or just EC2. For example: you’re in a hotel and want to be sure nobody is sniffing your packets. There are multiple situations where a VPN server can come in handy.