Category Archives: Networking

Creating a VPN server on AWS using PiVPN

One of the streaming services I use called NowTV recently launched an Irish service alongside their UK service which I was using. The Irish service costs _double_  the cost in UK. They have also begun geoblocking all Irish users and also users of VPN Services like ExpressVPN and PrivateInternetAccess from using the UK service.

To get around this I decided to set up my own VPN server on AWS in their London datacenter to get around the geoblocking.

The easiest way I have found to set up a VPN server is to use PiVPN (http://www.pivpn.io/) which was designed for use on Raspberry Pi but can be installed on any Debian based machine.

There has been a few recent guides on how to install PiVPN but this one focusses on installing on AWS.

A prerequisite for this guide is that you have an AWS account. If this is your first time using AWS then you can avail of their free tier for the first year which means you could have the use of a reliable VPN server free for a whole year. You will also need an SSH keypair.

The steps are as follows:

  1. Start up an instance of Ubuntu Server on AWS in the London region
  2. Install PiVPN
  3. Download VPN configuration files for use locally

1. Start up an instance of Ubuntu Server on AWS in the London region

Log in to your AWS account and select the London region, also referred to as eu-west-1.

Selection_141 (copy).png

Create a new security group for use with your VPN server.

Selection_141.png

This new group sets up the firewall rules for our server and will allow only access to port 22 for SSH traffic and UDP port 1194 for all VPN traffic.

Selection_140.png

Launch a server instance

Selection_141.png

We will choose Ubuntu Server 16.04 as it is a Debian based distro so PiVPN will install.

Selection_142.png

Choose the t2.micro instance type. This is the instance type that is free tier elligible.

Selection_143.png

Leave instance details default

Selection_144.png

Leave storage as the default 8GB SSD

Selection_145.png

No need to add any tags

Selection_146.png

Choose the security group we previously created.

Selection_147.png

Review settings – nothing to change here.

Selection_148.png

Click Launch and specify either a new SSH keypair or an existing SSH key pair. I have chosen an existing pair which is called “philroche”.

Selection_149.png

Check the checkbox abount key access and click Launch Instances. Your instance will now launch.

Selection_150.png

Click View Instances and once state has changed to running note the IPv4 Public IP. You now have an instance on Ubuntu Server running on AWS in their London datacentre.

Selection_151.png

2. Install PiVPN

SSH in to your new server using the private key from the pair specified when launching the server.

ssh -i ~/.ssh/philroche ubuntu@%IPV4IPAddress%

substituting %IPV4IPAddress% for the IP address of your server

Selection_152.png

Once logged in update the packages on the server.

sudo apt-get update

Selection_154.png

Start the PiVPN installer.

curl -L https://install.pivpn.io | bash

For more detail on this, see http://www.pivpn.io/#tech

Selection_172.png

You are then guided through the process of installing all the required software and configuring the VPN server:

Selection_155.png

Selection_156.png

Selection_157.png

Selection_158.png

Choose the default ubuntu user.

Selection_159.png

Selection_160.png

We do want to enable unattended upgrades of security patches.

Selection_161.png

Choose UDP as the protocol to use.

Selection_162.png

Choose the default port 1194.

Selection_163.png

Selection_164.png

Create a 2048 bit encryption key.

Selection_165.png

Selection_166.png

Choose to use your servers public IP address.

Selection_167.png

Choose whichever DNS provider you would like to use. I chose Google.

Selection_168.png

Installation is now complete 🙂

Selection_169.png

Choose to reboot the server.

Selection_170.png

Selection_171.png

Once the server has rebooted, checking the AWS dashboard for it’s status, SSH back in to the server.

Now we need to configure a VPN profile that we can use to connect to the VPN server.

The easiest way to do this is to use the ​​​​pivpn command line utility.

pivpn add

Selection_173.png

This will guide you through the process of creating a profile. Make sure to use a strong password and note both the profile name and the password as you will need these later.

Selection_174.png

Set up is now complete so you can logout.

Selection_175.png

3. Download VPN configuration files for use locally

The only thing left to do is to download the profile you created from the server so that you can use it locally.

scp -i ~/.ssh/philroche ubuntu@%IPV4IPAddress%:/home/ubuntu/ovpns/%PROFILENAME%.ovpn .

substituting %IPV4IPAddress% for the IP address of your server and %PROFILENAME% with the name of the profile you created.

This will download the .ovpn file to your current directory.

Selection_177.png

Once downloaded you can import this to your VPN client software of choice.

I used the profile on a small Nexx WT3020 I had with OpenWRT installed. I connect this to my NowTV box so I can continue to use NowTV UK instead of the overpriced NowTV Ireland.

IMG_20170529_105928.jpg

I hope this guide was helpful.

The ultimate wifi upgrade

I have been procrastinating for a very long time about whether or not to take the plunge and upgrade my office/home wifisetup. The goal of the upgrade is to have complete high speed wifi coverage throughout my house and seamless hand over between access points.

TOUGHSwitch TS‑8‑PRO

TOUGHSwitch TS‑8‑PRO

Today I bit the bullet and decided to buy a five pack of Ubiquiti UniFi AC Lite AP and one Ubiquiti TOUGHSwitch TS‑8‑PRO. I could have gone for the Pro or HD access points but for my use case this was overkill.

All Ubiquiti products seem to be the industry GOTO product and we use them at Canonical sprints where we’ve never had a problem. I also purchased 305m spool of cat6 cable and a Platinum Tools EZ-RJPRO Crimp Tool and connectors to make it easier to properly terminate the connections.

UniFi AC Lite AP

UniFi AC Lite AP

All the access points are (POE) Powered Over Ethernet so will not require power points in the ceiling.

This setup does require using Ubiquiti Unifi controller software but thankfully there is a docker image which sets this up and which I can run on my Freenas box.

All this means I should achieve my goal highspeed wifi throughout the house and seamless handover between access points. It will also hopefully mean that I no longer require any ethernet over powerline adapters.

I plan on taking a few pictures of the setup as it progresses as well as performing speed tests.. watch this space.