I’m about to enter the wonderful, world of AWS and VPN’s. I <think> I want to set up my own VPN server on the cloud to allow individual users to connect to a private test/development network rather than setting up a site to site VPN using the regular VPN tools. I’m rather hoping that IPSec configuration is much better on the client side, than it was 5-6+ years ago when I last looked into it. Dang, I’m getting old all of the sudden…
Leave a comment ?
2 Comments.
Leave a Comment
You must be logged in to post a comment.
So, initially it is looking like I am going to end up doing one of three things:
1.) OpenVPN instance (will require purchasing the licenses necessary to support a yet to be determined number of concurrent users.
2.) Configure a Linux instance with strongSwan/xl2tpd/IPSec
3.) Configure Linux with Poptop pptp
4.) Setup a windows instance with RRAS.
I want to do #2 because it looks the most interesting, but with 1 and 4, there is at least a chance that I won’t end up being the only one supporting it… #4 also has the advantage of possibly allowing users to authenticate against their cloud AD password. Which may also rank in the disadvantage category…. Number 3 (poptop) — I’ve done this before, and it works. I’m not sure about the security of it though.
Well, I think I’m going with option 1. OpenVPN seems to be the best option for my use case of a remote access type VPN. It wasn’t hard to setup OpenVPN on an EC2 instance, though there seems to be a couple minor gaps in the documentation regarding installation on the client side.
Now I’m facing the decision of proceeding with the commercial version (OpenVPN Access Server) or going with the community edition. One of the disadvantages of working with education institutions or non-profits is that many thing end coming done to cost. I’m going to try a manual OpenVPN installation and see how that goes on Ubuntu 14.04… And see how much benefit I will get from the somewhat automated client install I had with Access Server.
I am honestly more worried about the client setup than the server setup. I need this to be fairly painless for the clients. Otherwise it will end up being VERY painful for me…