Architectural breakdown for creating a Client VPN setup to allow your local machine to securely access your EC2 instance in an AWS VPC:
Components:
VPC (Virtual Private Cloud): This is the private network where your EC2 instance resides. It provides isolation and security for your resources.
Client VPN Endpoint: This is a service within AWS that manages the VPN connections for your clients (local machines). You'll need to configure the endpoint with authentication methods, target network (your VPC), and other settings.
Client VPN Client Software: This software is installed on your local machine and establishes the VPN connection to the Client VPN endpoint. Popular options include OpenVPN or the AWS VPN client.
Internet Gateway (IGW): This component provides internet access for resources within your VPC. Your EC2 instance will use the IGW to communicate with public internet resources.
The final glimpse of the project:
Let's get started.
Firstly, we go to the OpenVPN connect. Click here.
Choose according to your OS.
Take some time to set up.
You'll be seeing like following interface.
Alright, now we'll do the remaining task.
Login to your AWS account.
We're going to create a VPC.
Follow the following way:
Choose VPC and more and provide a name for your VPC.
Leave other options as default and click on Create VPC.
Now go to the EC2 console to launch a new instance.
Provide a name
AMI as Ubuntu
Choose free-tier instance
Create a key pair.
In the network settings,
Click
EditChoose your created VPC
In the subnet section, choose one of the public subnets.
Enable the auto-assign public IP
Launch the instance while leaving other options as default.
Click on your instance and select the Connect button.
Click on Connect.
Click on the Connect button.
When connecting to an Amazon Web Services (AWS) EC2 instance using EC2 Instance Connect, you do not need to provide a key pair. EC2 Instance Connect leverages AWS Identity and Access Management (IAM) for authentication, making it easier to connect to your EC2 instance securely.
We're into our EC2 instance now.
Type the following commands:
sudo apt update
apt and APT are not the same.
aptis a command-line tool for interacting with the APT package management system.APTis the underlying software that implements the APT package management system. It is responsible for managing packages, including installing, updating, and removing them.
apt is a tool that you use to interact with APT.
By running sudo apt update, you make sure that your package manager has the most current information about available software packages.
Type the following command:
sudo apt upgrade -y
The command sudo apt upgrade -y is used in Debian-based Linux distributions like Ubuntu to upgrade installed software packages.
upgrade: This is the sub-command used withapt. It instructsaptto upgrade the installed packages to their latest available versions. This can include installing new packages and upgrading existing ones.-y: The-yflag is used to automatically answer "yes" to any prompts or confirmations that the package manager might present during the upgrade process.
So, when you run sudo apt upgrade -y, you are telling the system to upgrade all installed software packages without asking for confirmation. It will download and install updates for packages that have new versions available, making your system's software up-to-date.
Select OK.
Use the TAB key to select the Cancel option and click Enter.
Type the following command:
wget https://git.io/vpn
wget:wgetstands for "Web Get" and is a command-line tool used for retrieving files from the internet. It's often used to download files from web servers.https://git.io/vpn: This is the URL of the file that we want to download.
Type the following command:
chmod -v +x ./vpn
chmod: This is a command used to change file permissions. It stands for "change mode."-v: The-voption (verbose) is used to makechmodprovide feedback on what changes it's making, showing the changes as they happen. It's not strictly necessary but can be helpful for confirming the changes made.+x: This part of the command is adding the execute (or run) permission to the file. When you add the execute permission to a file, it allows the file to be executed as a program or script../vpn: This is the file to which you're adding the execute permission. The./indicates the current directory, and "vpn" is the filename.
So, the command chmod -v +x ./vpn is making the file "vpn" in the current directory executable, allowing it to be run as a program or script. The -v option will provide you with feedback about the change, confirming that the execute permission has been added to the file.
Type the following command:
sudo ./vpn
The command sudo ./vpn is used to run an executable file named "vpn" with superuser (root) privileges.
You must be seeing like this:
Follow the following options:
Enter
Option 1
Enter
Option 3
provide the name you like
I came across this again. If you did too, then do as earlier:
And finally.
Now, I'm on my desktop and I am using Git Bash for the terminal.
SSH Client Command:
Type the following command:
<copy_the_SSH Client_command_from_EC2> "sudo -s cat /root/<the_name_you_had_given>.ovpn" > <the_name_you_had_given>.ovpn #in my case it's tutorial.
# my full command looks like this: ssh -i "NewKey.pem" ubuntu@ec2-3-90-59-156.compute-1.amazonaws.com "sudo -s cat /root/tutorial.ovpn" > tutorial.ovpn
The
sshcommand is connecting to a remote server with the specified SSH key and username.On the remote server, it's running the command enclosed in double quotation marks,
"sudo -s cat /root/<the_name_you_had_given>.ovpn". This command consists of two parts:sudois used for a single command. When you prefix a command withsudo, it runs that specific command with elevated (root) privileges, but the elevated privileges apply only to that command.sudo -sis used to start an entire session with root privileges. Once you runsudo -s, you're effectively "logged in" as the root user for the duration of that session, and any commands you run within that session will have root-level access until you exit the session.cat /root/<the_name_you_had_given>.ovpn: This part uses thecatcommand to read the contents of the file located at/root/<the_name_you_had_given>.ovpnon the remote server.
The output of the
catcommand, which is the content of the specified file, is then directed (using>) to a local file named<the_name_you_had_given>.ovpnin your current directory on your local machine.
This command connects to a remote server using SSH and retrieves the contents of a file called <the_name_you_had_given>.ovpn from the /root directory on that server. Then, it saves the contents to a local file named <the_name_you_had_given>.ovpn on your own computer.
In my case, it looked like this:
On my desktop, now I have the tutorial.ovpn file downloaded.
Now, open the OpenVPN Connect if you had closed earlier and paste the recently downloaded .ovpn file.
Now click on Connect.
Oops!!
So, what went wrong here?
We haven't specified the port to which the OpenVPN can listen.
For that, we have to configure the inbound rules of our instance.
Select your instance, scroll a bit, choose the Security tab and select Security groups.
Select Edit inbound rules:
Inbound rules for EC2 instances determine what types of traffic are allowed to reach the instance. To allow your VPN to accept traffic, you typically need to configure the security group.
Follow the following steps:
Click on Add rule
Type:
Custom UDPPort range:
1194Source:
AnywhereIPv4
Save rules.
We just entered when the port range was prompted as 1194, remember?
Now, click on RETRY.
Now, you'll see the following interface:
Check your new location:
Now, time to clean up the used resources:
Terminate the instance through the EC2 console.
Terminate the VPC (Delete other resources if needed)
This concludes the lab.
Thank you.