-- Creating a VPN with DragonVPN:FoeHammer --


Its easy to create a your own VPN with DragonVPN:Foehammer. All you need is a Amazon Web Services account and you can be in total control of your VPN.


Amazon Web Services


Amazon Web Sevices (AWS) offer a range of on-demand computing resources that make it a good choice for running a personal VPN. There are other Cloud providers and DragonVPN:FoeHammer will have ports for Azure and Google Cloud in the near future.

So the first thing to do is to sign up for an AWS account here: Sign up for an AWS account

A note about signup and costs. AWS operate on a Pay-As-You-Go model so you are only charged for the resources you consume in AWS. Simply put this means that if you don’t use anything then you are not charged but if you start using services then you will incur costs and how much these are depend on what you use.

For example it's possible to run DragonVPN:Foehammer on a t2.mico with 2Gb data transfer for approximately $9 per month. This cost could be reduced by terminating the EC2 instance when not in use and making use of spot instances. For a detailed cost breakdown of AWS resources visit https://calculator.s3.amazonaws.com/index.html.


Creating A FoeHammer VPN Server


After you have an AWS account you are now able to launch a pre-built Amazon Machine Image (AMI) by DragonVPN that will act as your VPN server. To do this you need to login to AWS select EC2 and click on Launch Instance.

You can now search for 'ami-0528e1875b6761bac' and select the DragonVPN:Foehammer image as a basis for the EC2 Instance.

Click Next and on the 'Choose an Instance Type' screen select the type of instance you require. For personal use a t2.small or t2.micro is probably enough.

On the 'Configure Instance Details' screen you have options to select for setting up the networking. To get started quickly its OK to select the default VPC and No preference for the Subnet placement. Make sure that Auto-assign Public IP is set to Enable or the EC2 instance will not be reachable.

Optional email delivery. FoeHammer has the ability to send your connection details file to you via email. This is a totally optional step in the setup process and should only be used if you wish to receive your connection details file via email. If you do not want to do this then you are free to use another method such as SCP as described further down this guide.

To enable email delivery click on the Advanced Details drop down menu, select As text and in the text box add the following script, replacing _your_email_address_ with an email address that you want you want to receive the connection details file.

#!/bin/bash
echo "_your_email_address_" >> /home/ubuntu/userdata.txt

E.g If your email address is userone@mycompany.com then it would look like this:

#!/bin/bash
echo "userone@mycompany.com" >> /home/ubuntu/userdata.txt

Click next and go the 'Add storage' screen. It's advisable to have a minimum of 16GB for this instance. You are free to allocate less but you may increase the chance of instability with your VPN.

Click next and go to the 'Add Tags' screen. It’s a good idea to add a tag for the instance so you can identify it later. Click 'Add Tag' and in the Key field, put Name and in the Value field put FoeHammer. Now when the instance is launched you will be able to see which of your EC2 instances is hosting the VPN.

The final step is to configure the security group and this allows you to restrict which IP addresses can connect to your VPN. It's advisable to limit this to your current location and you can do this by adding a custom TCP rule, setting the Port Range to 1194 and in the Source drop down select 'My IP'.

Note that unless you have a static IP address it will change from time to time and if you suddenly find that you no longer have access you probably just need to change this setting.

That’s it. After the VPN server has started you will be able to get your connection config file after a couple of minutes by running a command similar to this:

scp -i ubuntu@:client.ovpn .

If you included an email address in the optional setup step when creating the VPN server then it will be delivered to you when its ready. In the unlikely event that the email is not received then you are able to use the command outlined above to retrieve it.


Getting More From Your VPN


If you are frequently creating and destroying VPN instances you can alternatively run this from CloudFormation and automate the process. The benefit of this approach is that you could trigger the creation of the VPN sever from an Instant Message or a webhook and the same process could be triggered to shut the VPN down and also save you money.

If you would like to explore the option of using CloudFormation for this then we have a helpful project in GitHub that you can use to get started.


brought to you with ♥ by