How to get to America. We create a VPN server in Amazon EC2

We remind you that the user does all the actions described in the article at his own risk. The material is provided for informational purposes only. If you are going to reproduce the actions described below, we strongly advise you to carefully read the article to the end at least once. The editors of 3DNews are not responsible for any possible consequences.

⇡ # Introduction

This article will discuss in some detail how to create your own VPN server in the Amazon Elastic Compute Cloud cloud platform. And for a very symbolic amount. As a client, Windows 7 will perform. Why is this all necessary? At least in order to gain access to web services, which are allowed only in the country of victorious capitalism. From their (services) point of view, you will be in the US. In fact, there are a lot of options for using such access. The simplest example is that you can listen to the radio for free in or Pandora.

Advanced users will probably have one reasonable question. Why do we need to configure a VPN server, and even in Amazon? There are also proxy servers, often free, there are Tor and other anonymizers, there are, in the end, VPN-access providers with quite acceptable tariffs. The proposed method is worse in something, but better than the solutions listed above. Its main advantages are: ease of operation, relatively high security and almost complete free-of-charge. Interesting? Then let's go.

The idea of ​​raising a VPN server in Amazon EC2, to put it mildly, is not new. The nuance is that since November 1st of last year each new Amazon Web Services client for a whole year is granted free access to a small piece of the cloud – 613 MB of RAM, 10 GB of disk space, 15 GB of traffic, 750 hours of computer time and so on. Do you feel the gesheft? Of course, something serious on this machine will not start. But for our purposes, such a configuration is quite enough, in addition, and pay for it in fact is not necessary.

So, we need the following things: a valid bank card with at least three dollars in the account, PuTTY and PuTTYgen customers from this site, Amazon and DynDNS accounts, and some free time. If there is no account in Amazon and DynDNS, then they will have to be created. We recommend that you carefully read the license agreements and the rules for using all services and programs for legality in your country. Registration in Amazon and DynDNS does not differ from the similar process on other sites, so there should not be any difficulties. Note only that when registering in Amazon you will need to specify the correct phone number – it will be required for the subsequent activation. Also, when specifying the card details in and AWS, an amount of one dollar will be automatically reserved on the account. Finally, one more remark. It's better not to use IE and Opera browsers. IE at the most inopportune moment blocked the download of the digital key, and Opera somehow refused to show the PIN-code for activation by phone. In Chrome, for example, everything went well.

⇡ # Create instance in Amazon EC2

First, we log into your Amazon account and go to the EC2 console. Click on the Sign Up Now button and proceed to the registration process in Amazon Web Services (AWS). There is nothing difficult in it, either. About the nuances with the phone number and reservation of funds on the card already mentioned above. At the end you will be called to the specified number, and you will need to enter the four-digit PIN code, which will be shown on the screen, from the phone keypad. Upon completion, several emails will be sent to the mailbox confirming the registration and activation of the AWS account.

We return to the console EC2. Now it will look like in the screenshot below. Please note that we must be on the EC2 tab and in the US East region. We press Launch Instance and proceed directly to its creation.

At the first stage we are invited to choose Amazon Machine Image (AMI), a sort of virtual disk image with OS. In principle, we can stop on any suitable image with Linux of no more than ten gigabytes allocated to us. As an example, we will use an image with Ubuntu 10.04.2 LTS. His
can be found by driving into the search ID: ami-3e02f257. Then click Select and go to the next step.

Select the Instance Type item Micro (t1.micro). In the Number of Instances, we leave the unit.

In the next step, do not touch anything and leave the default values. Put a tick in front of Termination Protection.

Then we are offered to put tags for our virtual server. Opposite the Name, enter any server name you like.

There comes a crucial moment – the generation of private keys to access the server. We drive the name for our key (any) and click Create & Download your Pair Key. The browser prompts you to save the file with a .pem extension. Refuse not worth it. Just in case, it would be nice to immediately make a copy of this file and save it in another place. If for some reason the key does not load, then you have to cancel everything (Cancel on the upper right) and repeat all the previous steps. Without a key, further actions lose all meaning.

At this stage, do not touch anything and just click Continue.

Finally, we check whether we have correctly selected and configured everything, then click Finish. Now it takes a couple of minutes to start the server.

It's time to give the newly created server access to the Network. To do this, select Elastic IPs in the left menu, click on the Allocate New Address button and agree to the allocation of a new IP address. Then click on the Associate Address, in the list select our server (it is the only one) and agree again. In the end, something like this should turn out:

Now go to the Security Groups section, and in the list, select the default group. Go to the Inbound tab. A firewall control window appears before us. Select the SSH item in the Create a new rule list (all required fields are filled in by yourself) and click Add rule. Then, in the same list, select Custom TCP rule. In the Port Range field, type 1723, Source is left the same ( and again click Add rule. Finally, click Apply Rule Changes. Everything, on this basic configuration of the virtual server is finished.

⇡ # Setting up DynDNS

DynDNS is needed so that when changing the issued IP-address does not have to once again climb into the console AWS. In short, for convenience. So, log in to the DynDNS website and get to the account management console. Here click on Add Host Services.

In the Hostname field, drive in any suitable domain name (in our example it's amazec2), and in the list on the right we select any domain. In the Service Type, specify Host with IP Address and click the link below. The current location's IP Address is xx.xx.xx.xx. At the bottom of the page is the Add To Cart button. Click on it.

Then select Proceed to checkout and Activate Services.

⇡ # Setting up PuTTY

The first step is to convert the key from the pem format to ppk. To do this, run PuTTYgen. In the Conversions menu, click on Import key and select our pem-key, which was downloaded earlier. At the bottom of the window, select SSH-1 (RSA), click Save Private Key and save the received key in ppk format.

Now you need to return to the AWS console and select Instances in the menu on the left, and then click the Refresh button on the top right. We click on our server and from the bottom in the information panel we find the item Public DNS. Select the address and copy it to the clipboard.

Launch PuTTY and paste the copied address into the Host Name field. Then go to the menu on the left in Connection → SSH → Auth and specify the path to our key in the ppk format in the Private key file. And in Window → Translation, select the UTF-8 encoding.

Finally, press the treasured Open button. In the dialog box, click Yes. And here we have a remote console of our server. Enter in the quality of the ubuntu login and press Enter.

If you notice an error – select it with the mouse and press CTRL + ENTER.

Leave a Reply