Perhaps you are behind a corporate firewall which does not allow you to access certain types of resources on the Internet. Or, perhaps you are accessing the Internet over an open wifi where you do not trust your network traffic to your fellow wifi users or the admins running the local network.
These instructions guide you in setting up an OpenVPN server on an EC2 instance, sending all your network traffic through a secure channel to port 80 on the EC2 instance and from there out to the Internet.
Run the latest Ubuntu 9.10 Karmic image. You can find the most current AMI id in a table on https://alestic.com
ec2-run-instances --key <KEYPAIR> ami-1515f67c
Make a note of the instance id (e.g., i-6fceba06). Watch the status using a command like this (replace with your own instance id):
Repeat the describe instances command until it shows that the instance is “running” and make a note of the external hostname (e.g., ec2-75-101-179-94.compute-1.amazonaws.com).
Connect to the instance using the external hostname you noted.
remotehost=<HOSTNAME> ssh -i <KEYPAIR>.pem ubuntu@$remotehost
Upgrade the EC2 instance and install the necessary OpenVPN software:
sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install -y openvpn sudo modprobe iptable_nat echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward sudo iptables -t nat -A POSTROUTING -s 10.4.0.1/24 -o eth0 -j MASQUERADE
Generate a secret key for secure communication with OpenVPN:
sudo openvpn --genkey --secret ovpn.key
Start the OpenVPN server on the EC2 instance. We are (ab)using port 80 because most closed networks will allow traffic to this port ;-)
sudo openvpn \ --proto tcp-server \ --port 80 \ --dev tun1 \ --secret ovpn.key \ --ifconfig 10.4.0.1 10.4.0.2 \ --daemon
Back on the local (non-EC2) workstation, set up the software:
sudo apt-get install -y openvpn sudo modprobe tun # if necessary sudo iptables -I OUTPUT -o tun+ -j ACCEPT sudo iptables -I INPUT -i tun+ -j ACCEPT
Download the secret key from the EC2 instance:
ssh -i <KEYPAIR>.pem ubuntu@$remotehost 'sudo cat ovpn.key' > ovpn.key chmod 600 ovpn.key
Start the OpenVPN client:
sudo openvpn \ --proto tcp-client \ --remote $remotehost \ --port 80 \ --dev tun1 \ --secret ovpn.key \ --redirect-gateway def1 \ --ifconfig 10.4.0.2 10.4.0.1 \ --daemon
/etc/resolv.conf and set it so that DNS is resolved by the EC2 name server:
sudo mv /etc/resolv.conf /etc/resolv.conf.save echo "nameserver 172.16.0.23" | sudo tee /etc/resolv.conf
You should now be able to access any Internet resource securely and without restriction.
When you are done with this OpenVPN tunnel, remember to shut down the EC2 instance and restore the DNS configuration:
sudo killall openvpn ec2-terminate-instances <INSTANCEID> sudo mv /etc/resolv.conf.save /etc/resolv.conf
If you have ways to improve this approach, please leave a comment.
These instructions are not intended to assist in illegal activities. If you are breaking the laws or rules of your government or college or company or ISP, then you should understand the security implications of the above steps better than I do and be willing to accept consequences of your actions.
[Update 2009-01-15: Upgrade instructions for Karmic]