{"id":49,"date":"2017-05-29T11:06:10","date_gmt":"2017-05-29T10:06:10","guid":{"rendered":"https:\/\/www.philroche.net\/?p=49"},"modified":"2017-05-29T11:06:10","modified_gmt":"2017-05-29T10:06:10","slug":"creating-a-vpn-server-on-aws-using-pivpn","status":"publish","type":"post","link":"http:\/\/wp.philroche.net\/2017\/05\/29\/creating-a-vpn-server-on-aws-using-pivpn\/","title":{"rendered":"Creating a VPN server on AWS using PiVPN"},"content":{"rendered":"

One of the streaming services I use called NowTV<\/a>\u00a0recently launched an Irish service alongside their UK service which I was using. The Irish service costs _double_<\/strong>\u00a0\u00a0the cost in UK. They have also begun geoblocking all Irish users and also users of VPN Services like ExpressVPN<\/a> and PrivateInternetAccess<\/a> from using the UK service.<\/p>\n

To get around this I decided to set up my own VPN server on AWS in their London datacenter<\/a> to get around the geoblocking.<\/p>\n

The easiest way I have found to set up a VPN server is to use PiVPN<\/a> (http:\/\/www.pivpn.io\/<\/a>) which was designed for use on Raspberry Pi but can be installed on any Debian based machine.<\/p>\n

There has been a few recent guides<\/a>\u00a0on how to install PiVPN but this one focusses on installing on AWS.<\/p>\n

A prerequisite for this guide is that you have an AWS account<\/a>. If this is your first time using AWS then you can avail of their free tier<\/a> for the first year which means you could have the use of a reliable VPN server free for a whole year. You will also need an SSH keypair<\/a>.<\/p>\n

The steps are as follows:<\/p>\n

    \n
  1. Start up an instance of Ubuntu Server\u00a0on AWS in the London region<\/a><\/li>\n
  2. Install PiVPN<\/a><\/li>\n
  3. Download VPN configuration files for use locally<\/a><\/li>\n<\/ol>\n

    1. Start up an instance of Ubuntu Server\u00a0on AWS in the London region<\/h3>\n

    Log in to your AWS account and select the London region, also referred to as eu-west-1.<\/p>\n

    \"Selection_141<\/a><\/p>\n

    Create a new security group for use with your VPN server.<\/p>\n

    \"Selection_141.png\"<\/a><\/p>\n

    This new group sets up the firewall rules for our server and will allow only access to port 22 for SSH traffic and UDP port 1194 for all VPN traffic.<\/p>\n

    \"Selection_140.png\"<\/a><\/p>\n

    Launch a server instance<\/p>\n

    \"Selection_141.png\"<\/a><\/p>\n

    We will choose Ubuntu Server 16.04 as it is a Debian based distro so PiVPN will install.<\/p>\n

    \"Selection_142.png\"<\/a><\/p>\n

    Choose the t2.micro instance type. This is the instance type that is free tier elligible.<\/p>\n

    \"Selection_143.png\"<\/a><\/p>\n

    Leave instance details default<\/p>\n

    \"Selection_144.png\"<\/a><\/p>\n

    Leave storage as the default 8GB SSD<\/p>\n

    \"Selection_145.png\"<\/a><\/p>\n

    No need to add any tags<\/p>\n

    \"Selection_146.png\"<\/a><\/p>\n

    Choose the security group we previously created.<\/p>\n

    \"Selection_147.png\"<\/a><\/p>\n

    Review settings – nothing to change here.<\/p>\n

    \"Selection_148.png\"<\/a><\/p>\n

    Click Launch and specify either a new SSH keypair or an existing SSH key pair. I have chosen an existing pair which is called “philroche”.<\/p>\n

    \"Selection_149.png\"<\/a><\/p>\n

    Check the checkbox abount key access and click Launch Instances. Your instance will now launch.<\/p>\n

    \"Selection_150.png\"<\/a><\/p>\n

    Click View Instances and once state has changed to running note the IPv4 Public IP. You now have an instance on Ubuntu Server running on AWS in their London datacentre.<\/p>\n

    \"Selection_151.png\"<\/a><\/p>\n

    2. Install PiVPN<\/h3>\n

    SSH in to your new server using the private key from the pair specified when launching the server.<\/p>\n

    ssh -i ~\/.ssh\/philroche ubuntu@%IPV4IPAddress%<\/pre>\n
    substituting %IPV4IPAddress% for the IP address of your server<\/p>\n
    \"Selection_152.png\"<\/a><\/p>\n
    Once logged in update the packages on the server.<\/p>\n
    sudo apt-get update<\/pre>\n
    \"Selection_154.png\"<\/a><\/p>\n
    Start the PiVPN installer.<\/p>\n
    curl -L https:\/\/install.pivpn.io<\/a> | bash<\/pre>\n
    For more detail on this, see\u00a0http:\/\/www.pivpn.io\/#tech<\/a><\/p>\n
    \"Selection_172.png\"<\/a><\/p>\n
    You are then guided through the process of installing all the required software and configuring the VPN server:<\/p>\n
    \"Selection_155.png\"<\/a><\/p>\n
    \"Selection_156.png\"<\/a><\/p>\n
    \"Selection_157.png\"<\/a><\/p>\n
    \"Selection_158.png\"<\/a><\/p>\n
    Choose the default ubuntu user.<\/p>\n
    \"Selection_159.png\"<\/a><\/p>\n
    \"Selection_160.png\"<\/a><\/p>\n
    We do want to enable unattended upgrades of security patches.<\/p>\n
    \"Selection_161.png\"<\/a><\/p>\n
    Choose UDP as the protocol to use.<\/p>\n
    \"Selection_162.png\"<\/a><\/p>\n
    Choose the default port 1194.<\/p>\n
    \"Selection_163.png\"<\/a><\/p>\n
    \"Selection_164.png\"<\/a><\/p>\n
    Create a 2048 bit encryption key.<\/p>\n
    \"Selection_165.png\"<\/a><\/p>\n
    \"Selection_166.png\"<\/a><\/p>\n
    Choose to use your servers public IP address.<\/p>\n
    \"Selection_167.png\"<\/a><\/p>\n
    Choose whichever DNS provider you would like to use. I chose Google.<\/p>\n
    \"Selection_168.png\"<\/a><\/p>\n
    Installation is now complete \ud83d\ude42<\/p>\n
    \"Selection_169.png\"<\/a><\/p>\n
    Choose to reboot the server.<\/p>\n
    \"Selection_170.png\"<\/a><\/p>\n
    \"Selection_171.png\"<\/a><\/p>\n
    Once the server has rebooted, checking the AWS dashboard for it’s status,\u00a0SSH back in to the server.<\/p>\n
    Now we need to configure a VPN profile that we can use to connect to the VPN server.<\/p>\n
    The easiest way to do this is to use the \u200b\u200b\u200b\u200bpivpn command line utility.<\/p>\n
    pivpn add<\/pre>\n
    \"Selection_173.png\"<\/a><\/p>\n
    This will guide you through the process of creating a profile. Make sure to use a strong password and note both the profile name and the password as you will need these later.<\/p>\n
    \"Selection_174.png\"<\/a><\/p>\n
    Set up is now complete so you can logout.<\/p>\n
    \"Selection_175.png\"<\/a><\/p>\n
    3. Download VPN configuration files for use locally<\/h3>\n
    The only thing left to do is to download the profile you created from the server so that you can use it locally.<\/p>\n
    scp -i ~\/.ssh\/philroche ubuntu@%IPV4IPAddress%:\/home\/ubuntu\/ovpns\/%PROFILENAME%.ovpn .<\/pre>\n
    substituting %IPV4IPAddress% for the IP address of your server and\u00a0%PROFILENAME% with the name of the profile you created.<\/p>\n
    This will download the .ovpn file to your current directory.<\/p>\n
    \"Selection_177.png\"<\/a><\/p>\n
    Once downloaded you can import this to your VPN client software of choice.<\/p>\n
    I used the profile on a small Nexx WT3020<\/a> I had with OpenWRT<\/a> installed. I connect this to my NowTV box so I can continue to use NowTV UK instead of the overpriced NowTV Ireland.<\/p>\n
    \"IMG_20170529_105928.jpg\"<\/a><\/p>\n
    I hope this guide was helpful.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Step by step guide to setting up a VPN server on AWS using PiVPN<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,8,13,15],"tags":[],"_links":{"self":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts\/49"}],"collection":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/comments?post=49"}],"version-history":[{"count":0,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/posts\/49\/revisions"}],"wp:attachment":[{"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/media?parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/categories?post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/wp.philroche.net\/wp-json\/wp\/v2\/tags?post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}