web.onassar.com Archive

I can be reached at onassar@gmail.com.

For my open source work, check out github.com/onassar

Ubuntu VPN Build Script (on AWS EC2)

View more posts

About a year ago (wow), I posted Setting up a VPN for my AWS Micro instance. I touched upon my need to rebuild my server in my recent Installing a specific PECL-extension version post, but I thought I would automate this process a bit.

So I created a build script to setup a VPN on a new Ubuntu 11.10 instance. This way, I can just run the program, or combine it into my entire-instance build script flow.

Here is the build script:

#!/bin/bash -x
## @author Oliver Nassar <onassar@gmail.com>
## Ubuntu 11.10 VPN

## Sample Usage:
## cd
## sudo vi vpn-setup.sh
## sudo chmod +x vpn-setup.sh
## sudo ./vpn-setup.sh <username> <password>

## 0.1 Username/Password Check
## Checks to make sure *2* parameters were specified
if [ $# -ne 2 ]
    echo "Usage: sudo ./`basename $0` <username> <password>"
    exit 0

## 1.0 VPN Setup
sudo apt-get -y install pptpd
echo "$USERNAME pptpd $PASSWORD *" | sudo tee -a /etc/ppp/chap-secrets
sudo perl -0 -p -i -e 's/\n#net.ipv4.ip_forward=1/\nnet.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo perl -0 -p -i -e 's/\nexit 0/\n\n# <build script modifications>\n    \sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n# <\/build script modifications>\n\nexit 0/' /etc/rc.local
sudo /etc/init.d/pptpd restart

The flow for this is as follows:

  1. Exit out of the script if a username and password isn't provided
  2. Install the PPTPD VPN
  3. Add the username and password specified earlier as a user
  4. Forward the traffic onto the internet
  5. Reload the configuration file
  6. Make a rule, to again, forward traffic on
  7. Have this rule run each time the instance is restarted
  8. Restart the daemon

At that point, I would add in the following line:

sudo reboot

I didn't want to include that incase you didn't want your instance to be rebooted immediately. The process for running this from the command line is as follows:

For a quick copy paste (with respective replacements):

sudo vi vpn-setup.sh
sudo chmod +x vpn-setup.sh
sudo ./vpn-setup.sh <username> <password>


This server defaults to receiving connections through port 1723, so ensure that is open. I'm sure there's a way to change that, but I haven't needed to just yet.

Update (Sep 26)

I tested this on Ubuntu 12.04 LTS (Precise Pangolin), and it worked fine as well :)