Right off the bat — they are watching!
However dramatic and tinfoil hat-y that sounds, it’s the reality of a time that is experiencing the greatest threats to privacy, freedom of speech, and governments/corporations, for various reasons, seeking to harvest and control internet usage data.
Unfortunately, it’s bound to stay that way and a VPN (short for Virtual Private Network) is one of the solutions (short of burning your router) that can enable you to safely and privately use the internet. A VPN is an encrypted tunnel from your device to the internet, that is by design difficult (close to impossible) to intercept and read whatever is being transferred through it.
OpenVPN is a popular open-source tool that is battle-tested and together with AWS EC2 form a robust production grade VPN solution at zero cost. An EC2 VM will host the OpenVPN Access server that will also be the exit node and public point of origin when we use the internet. A software client on our device (phone, laptop etc) will be used to point our connections to the server thus ensuring end-to-end encryption.
First off, head over to AWS and create a free account, you’ll be required to enter credit card details but trust me when I say it’s free!
After redirection to the AWS Console, you can find the service we’ll be using by typing “EC2” in the find service search box.
On the EC2 dashboard, click launch instance; this will start a 7 step process to set up the VM:
- For step 1, click on AWS Marketplace and search for “OpenVPN” select OpenVPN Access Server — usually the first result.
- For step 2, choose t2.micro. It’s free tier eligible. You’ll be billed for anything else.
- For step 3, the defaults should suffice.
- For step 4, select General Purpose SSD.
- Keep the defaults for the remaining steps, and click Launch to launch the VM. Create and download a key-pair since you’ll need it to log into the server. Wait for it to start-up!
Remember the key-pair we downloaded? We’ll now use it to log into the VM to complete setting it up. To do that, in your terminal:
chmod 400 /path/to/key-pair.pem
ssh -i /path/to/key-pair.pem openvpn@<public_ip>
This will land you on a set of prompts to configure the server. Feel free to read through but otherwise, the defaults will do!
Next, we set up a new admin password for the openVPN server:
sudo passwd openvpn
And that’s all the configuration you’ll need to make on the server.
Finally, head to your browser on https://<public_ip>:943/admin and login with openvn as username and the password being whatever you set up earlier.
Under Configuration on the left panel select VPN Settings and make the following changes:
- Should client Internet traffic be routed through the VPN? → Yes
- Have clients use specific DNS servers → Yes
- Primary DNS Server → “126.96.36.199”
- Save Settings.
And that’s it! Download the OpenVPN client on any device of your choice, log in with the same credentials and you’re good to roam the internet unencumbered!
- The admin credentials offer unrestricted access to the OpenVPN server which itself can be a weakness so it’s best practice to create and use secondary user credentials; this can be done in the admin panel under User Management.
- In addition, the key-pair is also a back door into the server so….throw it in the ocean….just to be safe ;)
- AWS Free Tier limits