6

I have setup an EC2 instance (Windows Server 2008) that I will let different developers connect to. Since I want the connection to be secure I am trying to setup a VPN connection to that machine, but I don't have much idea on how to do this in the simplest possible way.

I want the developer to simple setup a new VPN connection in his machine which will connect directly to the EC2 instance.

I guess using AWS VPC is a simple way, but how do I configure it?

Caleb
  • 11,813
  • 4
  • 36
  • 49
Karl
  • 61
  • 1
  • 3

1 Answers1

4

The VPN support in Amazon VPC is designed for hardware appliances, not what are commonly known as "road warriors". (I am further going to assume your developers aren't necessarily in the same place.)

You can run a VPN service on a regular Amazon EC2 instance, as long as it runs entirely on TCP or UDP. OpenVPN is a popular choice.

PPTP and L2TP were traditionally unavailable, as they used other protocols, which you couldn't forward to your instance. You can now forward these protocols through a VPC security group, so you should be able to run a PPTP or L2TP VPN server.

Alternatively, it may be suitable for you to have your instance in a security group and allow access to that group by single IP addresses which your developers provide for you.

crb
  • 7,998
  • 1
  • 38
  • 53
  • Hi, why PPTP didn't work? What if I install pptpd on my Nat gateway that have access to the private subnet? – Howard Jul 23 '13 at 15:46
  • @Howard: PPTP does not work as it relies on a separate protocol to TCP/UDP ([GRE](http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation), protocol 47), and you cannot route that protocol to any AWS instance. – crb Jul 25 '13 at 20:47
  • I am not saying you are not correct, but I have seen so many tutorial on the internet teach people how to setup pptpd on ec2, e.g. http://64bit.co.uk/index.php/archives/223.html, I will let you know when I have tested them. – Howard Jul 26 '13 at 04:12
  • I've updated the answer to reflect you can now forward GRE if you're using VPC. – crb Jul 30 '13 at 11:10
  • 2
    I can confirm even with ec2 classic, you can open the port 1723 and able to connect using pptp from the internet – Howard Jul 31 '13 at 16:33