Want amazing, share-able, conservative quotes? Check out QuotableRight on Twitter, Facebook, or the web.

Create a Personal VPN With Amazon EC2

First, you will need to create an account with Amazon Web Services at aws.amazon.com. Once you have an account, log in and select EC2 from the services menu.  Click “Launch Instance” and then continue with the “Classic Wizard.”  Create your new instance using the Ubuntu AMI.  Create and download a key file—you will need this to log in—and set your security group settings.  At this time, it is easiest to simply allow All TCP, All UDP, and All ICMP.

Once you have completed the wizard, open terminal and navigate to the folder containing your key file with the following code:


Use the following command to change the permissions to read-only and limit access to the local machine.

chmod 400 KEYFILE-NAME.pem

Head back to your browser, select “instance actions” and click connect. A window will pop up with connection details. Make sure to select connect with a standalone client, and copy the code snippet. It should look something like this:

ssh -i vpn-demo.pem root@ec2-54-242-50-114.compute-1.amazonaws.com

You will need to change the username from root to ubuntu:

ssh -i vpn-demo.pem ubuntu@ec2-54-242-50-114.compute-1.amazonaws.com

Once connected, you will likely be presented with an error message informing you the identity of the server cannot be verified. Type “yes” to add the server key to your list of known hosts.

To install the pptp server software, use the following command”

sudo apt-get install pptpd

Next, we need to edit a number of settings files:

sudo pico /etc/pptpd.conf

Uncomment the “remote ip” and “local ip” lines by deleting the “#” in front of them, and change the “local ip” to the private ip listed in the instance details on your AWS account.

sudo pico /etc/ppp/pptpd-options

Uncomment the two “ms-dns” lines and change the ip addresses to and

sudo pico /etc/sysctl.conf

Uncomment the line “net.ipv4.ip_forward=1”.

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo pico /etc/rc.local

Paste “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE” into the file above the “exit 0” line.

sudo pico /etc/ppp/chap-secrets

“Client” is the username you would like to use. “Server” should be “pptpd”. “Secret” is the password you would like to use to connect, and ip addresses should be “*” to allow connections from any network.

Restart the pptp server and the virtual server:

/etc/init.d/pptpd restart
sudo reboot

While the server reboots, enter your connection details in your VPN client. Your server setting should be your public DNS value from the instance details in your AWS account. Your username and password are the values set in “chap-secrets.” Once your details are entered, and the server has rebooted, you will be able to connect and reroute your internet traffic through a secure tunnel.

Comments on this entry are closed.

  • Thanks Erik. Is it also possible to create an L2tp connection?

    • There’s no reason why you shouldn’t be able to accomplish that. However, I believe you’d need to use a different VPN server software package.

  • Hi, thanks for this – I’ve completed all steps – but I’m not able to connect. Pinging my public DNS instance results in:

    Request timeout for icmp_seq 0

    Request timeout for icmp_seq 1

    Request timeout for icmp_seq 2

    Request timeout for icmp_seq 3

    Any suggestions?