[lug] OpenVPN questions using AWS EC2 instance
Bear Giles
bgiles at coyotesong.com
Thu Sep 7 08:45:45 MDT 2017
I have a question on setting up an OpenVPN server on AWS EC2 instances.
I've been following the instructions here:
https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/
I've created two instances.
- on Digital Ocean (which he used) the VPN works as expected.
- on AWS I can connect, do DNS queries, but don't get anywhere with my
browser, etc.
I've set up the 'masquerade' script and checked permissions so I don't
think it's that. It's probably the firewall settings but I'm not sure if it
is, or what to open. I thought it was stateful so if the VPN endpoint made
an outbound request then the response would be allowed through even if it's
on a different port but maybe I misunderstand how that works.
I guess it wouldn't hurt to open up all of the inbound ports... I'm not
running any services except openvpn. I just prefer to keep things locked
down if possible.
Does anyone have experience with this?
BTW two minor points:
1. this system does not have port 22 open to the public. I use a nano
instance as a jump host - I ssh into it and then ssh into the other boxes
via the internal VPC network.
2. that's one reason why I would prefer to use the AWS VPN over the DO VPN,
at least at times. With the proper routing I should be able to directly
access those other hosts via the OpenVPN connection. In this case my main
personal VPN would go through DO and I would use the AWS VPN if I want to
reach the EC2 instances. In that case I could power off the jump host.
Thanks
Bear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170907/d20ab2f9/attachment.html>
More information about the LUG
mailing list