Setting up a VPN server with Amazon EC2 is a great way to protect your privacy. You can turn the server on when you need it, shut it down when you dont. All your traffic will go through your VPN and go out on the internet from your EC2 box so that you are in a really secure environment.
Amazon lets you use a free instance for a year that will be perfect for our purpose. And with the help of this post, it should not take more that 5 minutes!
This post is a followup to a first post in which I introduced the Voodoo Privacy project and explained how to completely lock down your computer from external access (but also how to prevent your computer from talking too much).
We will see how to see an IPSec / L2TP VPN. They are very secure, and very easy to configure on the client side, supported by most operating systems without any extra tools to download or install.
If you dont want to go through the trouble of setting up an EC2 box, you can buy a VPN from a provider such as Black VPN which will give you a VPN into a country of your choice for only 49€ per year. I think it’s a pretty good deal (and they also have a full privacy package which also gives you access to all of their VPN servers including Lithuania, Russia, etc should you have a need for that).
Amazon EC2 pre-requisites
I am going to assume that you already have an amazon EC2 account and SSH keys set up. If not look around it is really easy (the assistant will actually help you do it when you start your first instance).
Set up a security group
Create a new security group (EC2 Management interface -> Security groups) and allow traffic to TCP port 500, and UDP ports 500 and 4500. Also add a rule to allow SSH. I like to limit SSH login from my home/office IP but if you are really brave you can let everyone find your SSH.
Start a new Ubuntu server
Get my voodoo-vpn script from my github, you dont even need to download it, just copy and paste into a text editor
Change the default value for the three variables IPSEC_PSK, VPN_USER and VPN_PASSWORD at the top of launch script and copy everything into your clipboard.
I have done my best to simplify the steps and make it easy to reproduce. If it does not work, there are a few things you can do to debug it.
On your mac, look at /var/log/ppp.log, this is what a normal connection looks like:
SSH to your amazon box and look at /var/log/auth.log and /var/log/syslog, this is what a normal connection should look like:
Remember, there are three steps to the connection:
Establish an IPSec connection between your Mac and the Amazon EC2 box, if you can see STATE_QUICK_R2: IPsec SA established transport mode in /var/log/auth.log, then you have it working.
Build an xl2tpd connection between your Mac and the amazon box, if you can see Call established with <YOUR_HOME_IP>, then you have that working.
Build a ppp connection, if you can see the last three lines in /var/log/syslog, then you are good.
If it still does not work, please post in the comment below and let me know what step you have reached. I will do my best to help! If it works, please do also post in the comment below. I would love to know that I have helped someone with this.