[lug] OpenVPN questions using AWS EC2 instance

[Bear Giles]

I have a question on setting up an OpenVPN server on AWS EC2 instances.

I've been following the instructions here:
https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/

I've created two instances.

- on Digital Ocean (which he used) the VPN works as expected.
- on AWS I can connect, do DNS queries, but don't get anywhere with my
browser, etc.

I've set up the 'masquerade' script and checked permissions so I don't
think it's that. It's probably the firewall settings but I'm not sure if it
is, or what to open. I thought it was stateful so if the VPN endpoint made
an outbound request then the response would be allowed through even if it's
on a different port but maybe I misunderstand how that works.

I guess it wouldn't hurt to open up all of the inbound ports... I'm not
running any services except openvpn. I just prefer to keep things locked
down if possible.

Does anyone have experience with this?

BTW two minor points:

1. this system does not have port 22 open to the public. I use a nano
instance as a jump host - I ssh into it and then ssh into the other boxes
via the internal VPC network.

2. that's one reason why I would prefer to use the AWS VPN over the DO VPN,
at least at times. With the proper routing I should be able to directly
access those other hosts via the OpenVPN connection. In this case my main
personal VPN would go through DO and I would use the AWS VPN if I want to
reach the EC2 instances. In that case I could power off the jump host.

Thanks

Bear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170907/d20ab2f9/attachment.html>