This brief tutorial will show you how to set up your own personal VPN network, allowing you to:
- SSH into your work computer from home, or your home computer from work.
- Read journal articles that you have access to at work, but not from home.
- Create a secure/encrypted connection to either home or work while travelling and using non-trusted networks.
In order to do this we will be using:
- An Amazon EC2 free-tier instance [NOTE: Free only for the first year!]
- OpenVPN with high-security SSL certificates (no passwords)
- tinyproxy for HTTP/S proxying
Disclaimer: Punching holes in firewalls/paywalls may or may not be allowed in your country/workplace. Journals often specifically permit it under their Terms and Conditions, but it is up to you to make sure. Also check with your work's IT security peoples that this is OK, because they may not be happy that you can access internal resources from outside of their multi-thousand-dollar-deep-packet-inspecting firewalls.
Step 1: Create a publicly-accessible server to host your Virtual Private Network
There are many ways to get two computers which are both behind firewalls to talk to one another, however, the simplest and most stable method is to have them both connect to a 3rd party with no networking restrictions. This third computer should ideally be always-on, cheap to run, and accept all incoming traffic on our VPN port. For this we will use a free-tier EC2 server from Amazon Web Services. To set this up, go to aws.amazon.com and make yourself an account if you don't already have one:
You will be asked for some personal details, your address, and finally a credit or debit card. Although nothing in this tutorial will require money, Amazon just wants to make it easy for you to "upgrade" in the future by getting payment details now...
Once you've created an account, go to the console page and click on EC2:
Launch a new instance:
And then select the Amazon Linux AMI (Free Tier Eligible). If you're not familiar with AWS, an AMI is just a virtual operating system image, kind of like a .iso for those who have installed virtual machines in the past.
Regarding setup, just click next next next until you come to "Step 6: Configure Security Group", and add a new rule for HTTPS traffic like so:
After this click Launch. You may get a warning about the server being "open to the world". This is because your allowing SSH from any IP address -- but don't worry, AWS by default uses asymmetric Private Key for SSH (the same thing we will later used for our VPN), which is essentially unhackable unless someone gets hold of your private key. Download your private key, store it in a safe place, and click Launch.
If all goes well you will be congratulated with a green popup box telling you the instance ID of your new virtual server, starting with "i-". Click on that ID to go to its management page:
If all goes well, your server will come online and you will see it's IP address:
Next you're going to want to change the permissions of that key file you downloaded to something more secure like 500, and then ssh into your shiny new server like so:
The warnings your seeing there are totally normal and nothing to worry about. The hostname of the Amazom AMI is "ec2-user" which is easy to forget, so perhaps write it down somewhere.
To finish up installing our 3rd party server, run (but don't paste!):
sudo yum-config-manager --enable epel sudo yum update sudo yum install openvpn sudo yum install tinyproxy sudo yum install easy-rsa
Note you will have to type "y" a few times as you do the above.
We're now ready to start step 2 - configuring our VPN!