Amazon Linux AMI is based on RHEL, so the instructions below work for RHEL 6 ( I didn't realize that RHEL images were not included in the free tier, D'Oh), so without further ado this what you need to do:
I'm assuming that you have already launched an AMI instance.
- Get the PPTP deamon from sourceforge and Install it
- Set Server IP address and Client IP Address ranges by editing /etc/pptpd.conf
- Add allowed users by editing /etc/ppp/chap-secrets
- Add DNS servers (I've used Google DNS servers) by editing /etc/ppp/options.pptpd
- Set up port forwarding (to allow connections to escape the server)
- Allow system to forward packets. Edit /etc/sysctl.conf
- Start VPN service
- Set VPN service to start with the system.
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
sudo yum -y install pptpd-1.3.4-2.el6.x86_64.rpm
localip 192.168.0.1
remoteip 192.168.0.234-238
myuser pptpd myuserpassword *
ms-dns 8.8.8.8
ms-dns 8.8.4.4
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo service iptables save
net.ipv4.ip_forward=1
sudo service pptpd start
sudo chkconfig pptpd on
Do note that protocol ID 47 also needs to be open, probably something like this is needed (not tested)
iptables -A INPUT -p 47 -j ACCEPT
The main problem with using amazon is that the IP address changes with every reboot, which means that you either look it up every time or you use some sort of DDNS.
There are free DDNS services but I've not used them and obviously looking it up is a bit of pain, I'm going to investigate whether this information can be obtained programmatically from the console and the VPN connection edited programmatically, so watch this space.
Alternatively, an elastic IP address could be used, which is free while the instance is powered on.
Alternatively, an elastic IP address could be used, which is free while the instance is powered on.
No comments:
Post a Comment