[lug] OpenVPN questions using AWS EC2 instance

Will will.sterling at gmail.com
Thu Sep 7 11:55:01 MDT 2017 

Did you disable source and destination check on the AWS instance?

On Thu, Sep 7, 2017 at 8:45 AM, Bear Giles <bgiles at coyotesong.com> wrote:

> I have a question on setting up an OpenVPN server on AWS EC2 instances.
>
> I've been following the instructions here: https://arstechnica.com/
> gadgets/2017/05/how-to-build-your-own-vpn-if-youre-
> rightfully-wary-of-commercial-options/
>
> I've created two instances.
>
> - on Digital Ocean (which he used) the VPN works as expected.
> - on AWS I can connect, do DNS queries, but don't get anywhere with my
> browser, etc.
>
> I've set up the 'masquerade' script and checked permissions so I don't
> think it's that. It's probably the firewall settings but I'm not sure if it
> is, or what to open. I thought it was stateful so if the VPN endpoint made
> an outbound request then the response would be allowed through even if it's
> on a different port but maybe I misunderstand how that works.
>
> I guess it wouldn't hurt to open up all of the inbound ports... I'm not
> running any services except openvpn. I just prefer to keep things locked
> down if possible.
>
> Does anyone have experience with this?
>
> BTW two minor points:
>
> 1. this system does not have port 22 open to the public. I use a nano
> instance as a jump host - I ssh into it and then ssh into the other boxes
> via the internal VPC network.
>
> 2. that's one reason why I would prefer to use the AWS VPN over the DO
> VPN, at least at times. With the proper routing I should be able to
> directly access those other hosts via the OpenVPN connection. In this case
> my main personal VPN would go through DO and I would use the AWS VPN if I
> want to reach the EC2 instances. In that case I could power off the jump
> host.
>
> Thanks
>
> Bear
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170907/2cecb731/attachment.html>

More information about the LUG mailing list