About a year ago (wow), I posted Setting up a VPN for my AWS Micro instance. I touched upon my need to rebuild my server in my recent Installing a specific PECL-extension version post, but I thought I would automate this process a bit.
So I created a build script to setup a VPN on a new Ubuntu 11.10 instance. This way, I can just run the program, or combine it into my entire-instance build script flow.
Here is the build script:
#!/bin/bash -x
## @author Oliver Nassar <onassar@gmail.com>
## Ubuntu 11.10 VPN
## Sample Usage:
##
## cd
## sudo vi vpn-setup.sh
## sudo chmod +x vpn-setup.sh
## sudo ./vpn-setup.sh <username> <password>
## 0.1 Username/Password Check
## Checks to make sure *2* parameters were specified
##
if [ $# -ne 2 ]
then
echo "Usage: sudo ./`basename $0` <username> <password>"
exit 0
fi
USERNAME=$1
PASSWORD=$2
## 1.0 VPN Setup
##
##
sudo apt-get -y install pptpd
echo "$USERNAME pptpd $PASSWORD *" | sudo tee -a /etc/ppp/chap-secrets
sudo perl -0 -p -i -e 's/\n#net.ipv4.ip_forward=1/\nnet.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo perl -0 -p -i -e 's/\nexit 0/\n\n# <build script modifications>\n \sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE\n# <\/build script modifications>\n\nexit 0/' /etc/rc.local
sudo /etc/init.d/pptpd restart
The flow for this is as follows:
- Exit out of the script if a username and password isn't provided
- Install the PPTPD VPN
- Add the username and password specified earlier as a user
- Forward the traffic onto the internet
- Reload the configuration file
- Make a rule, to again, forward traffic on
- Have this rule run each time the instance is restarted
- Restart the daemon
At that point, I would add in the following line:
sudo reboot
I didn't want to include that incase you didn't want your instance to be rebooted immediately. The process for running this from the command line is as follows:
- Connect to your EC2 instance (through the terminal)
- Copy and paste the code above into a file (eg. vpn-setup.sh)
- Make that file executable
- Run it with your username and password specified
For a quick copy paste (with respective replacements):
cd
sudo vi vpn-setup.sh
sudo chmod +x vpn-setup.sh
sudo ./vpn-setup.sh <username> <password>
Note
This server defaults to receiving connections through port 1723, so ensure that is open. I'm sure there's a way to change that, but I haven't needed to just yet.
Update (Sep 26)
I tested this on Ubuntu 12.04 LTS (Precise Pangolin), and it worked fine as well :)