i can not set shared secret on Mac ,where can i find on AWS?

Hi, I'm trying to configure a TL-ER604W but can't find which is the remote subnet configured in the template.

Hello. I know that user may choose on its side if to route all traffic via VPN, or to route to addresses from specific subnet only. Could you hint what to change in the configuration on server side (template) to restrict user routing for VPC resources only.

The case is to have secure bridge to access local AWS resources from mobile devices, while not relying on any complex configuration on user side to switch off VPN-zing of all client traffic.

I used the latest JSON template with Key Pair name from this repo, and the instance started fine. I connected over L2TP from OS X 10.11.6 and it connects succesfully, however my traffic doesn't seem to be routing through my VPN instance. Both my browser and my command line continue to report my original IP address, not the IP of my EC2 instance. I also cannot access my ElasticCache redis cluster behind our VPC, which I could access with OpenVPN. Are there more configuration settings needed either on my desktop or on the server?

I have followed the steps on the video and it worked perfectly! Just wondering is it ok that the VPN drops the connection after a random amount of time?

I have also made a connection with my VPN server via SSH, and added 2 extra usernames and passwords. After this, VPN started to present instability, but it would get worst when 3 of us were connected at the same time. Does this have been designed for just one user? Or could maybe this is a known issue?

Thanks in advance for any help you can provide.

How can I change the password/passphrase after the server has been deployed?

Using the template file with cloud formation, I'm trying to connect to the output server but it doesn't respond at all

After rebooting the ec2 instance connects fine to the VPN but the client doesn't have internet access anymore.

It would be great to add a dynamic DNS function to the server, so I tried adding inadyn to the CF template, but I think I broke it. Is there already a feature to use Dynamic DNS installed or can you suggest the best point to add the "apt-get install inadyn" etc to the script?

I know that "broke it" isnt much help, but since I cant SSH into it, I cant retrieve any logs (another question I guess).

us-east-2 is missing from configuration.

I have issues with the stack it requires to have the EC2 instance built inside a VPC but the template doesn't ask for the VPC or creates one.

Hi, as soon as the Cloud formation is created, it works fine with PPTP but not with L2TP.

It connects successfully but it can not browse to any site.

Also I have tried to set up with Elastic Ip , which worked great (with PPTP) but if I stop the instance and start again, it connects but again it doesn't resolve to any site.

Do you have any idea why and how we can fix this?

When using the template that's hosted on S3 bucket https://s3.amazonaws.com/webdigi/VPN/Unified-Cloud-Formation.json, the CloudFormation stack fails with "unsupported configuration".

Does anybody know why I got an email notification from AWS about activating of DynamoDB a couple days after I unsuccessfully tried this instruction?.......

Hi, When i am trying to use your template, cloudformation tries to create a security group gives me this error.

10:59:54 UTC+0100   ROLLBACK_IN_PROGRESS    AWS::CloudFormation::Stack  MyVPN   The following resource(s) failed to create: [VPNSecurityGroup]. . Rollback requested by user.

Do you know if this template support the logic of VPC, associated with the security groups?

Is good to add in the documentation how can we add more that one user :)

I can do a pull request if you what after i resolve this problem.

Thanks

I had to pin the version to 2.0.5 in the Gemfile to get it to work. With lono 3, it just quietly does nothing when run.

Any chance of developing a template for the newly released UKAWS region?
Thanks

Normally when u use a VPN u expect to see the browsing history... in this cloudformation method using the template where do I get the browsing history when i keep the VPN on?

Hey just wanted to say thank you for posting this, when I first set it up originally about 2 months ago was working beautifully.

When I originally set it up I used the N Virginia region and everything was working fine with no issues.

Just recently when trying to use the VPN I keep getting the following error message:

The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.

I decided to create another stack using the N California region and it work perfectly for about 20 minutes then I was booted off with the same error message and I couldn't reconnect.

not sure if anyone else has encountered this?

Hi thanks for the tutorial. I go through the steps exactly as described but cannot connect to the VPN. I also tried pinging it and got no response. Do you know how I can fix this?

Hi , i want to know if it's possible to stop the vpn and restart it later with the same ip thanks

We had setup VPN server over AWS but Skype For Buisness 2016 not working through VPN.
All other Office365 applications are working.

Hi, I'm having problems getting the vpn to connect on both OSX and iOS (iphone). Telnetting to port 1723 work, so proves PPTP is listening, but port 500 gives me a connected refused response immediately. Neither L2TP or PPTP will connect on iOS. L2TP won't connect on OSX either.

I've tried different locations, shorter less complex password, and recreating the stack numerous times. But nothing seems to help.

I'm dual-booting Ubuntu and Windows 10 on the same machine, and the VPN works when I connect to it from Windows. So I tried using the default template and connecting to the VPN in Linux (Ubuntu 17.04). After connecting to the VPN, every time I tried to load a website I'd get a bad DNS probe error in Chrome, and the page just wouldn't load in Firefox. Because I'm located in China, I thought it might have to do with the fact that China blocks Google servers, so I changed the DNS addresses in the template to use Open DNS, to no avail.

I used Ubuntu's native network connection managers to create the VPN connection, using MPPE, stateful encryption, BSD compression, deflate compression, and TCP header compression. I've also tried manually inputting the Open VPN addresses into the Ubuntu VPN configuration manager, which didn't work either.

I want to konw how to achieve multi-users on AWS-VPN-Server using this method?
Thanks!

Hi - Is IP address assigned by cloud formation stack elastic IP? If not, would it change on instance restart? Thank you.

Hi. Thanks for the excellent blog post and this script. However I am now getting an error creating the instance:

The following resource(s) failed to create: [VPNServerInstance]. . Rollback requested by user.
--
| 18:01:07 UTC+0100 | CREATE_FAILED | AWS::EC2::Instance | VPNServerInstance | The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.

It seems that

You must launch your T2 instances into a virtual private cloud (VPC); they are not supported on the EC2-Classic platform

as per http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-instances.html

Hi,

is it possible to plug this into LDAP for user auth and to support a Shared Cert ?

Cheers

SC

Hi,

My mac, running macOS 10.12.1, is unable to connect to the vpn server. "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your administrator."

How can I debug this connectivity matter? I attempted to create a stack in two different regions and experienced the same connectivity rejection. The default VPC NACL permits inbound and outbound. What else should be verified in the aws console?

PPTP is not an option with the latest version of macOS.

Thx

I just set up my EC2 instance with your json template and tried to connect my Mac and iPhone and I get the message:

The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.

Thanks for a great solution. It's been rock-solid with my iOS and Mac OS X devices but I'm banging my head against the wall with my Win10 machine. I've tried turning of the Windows Firewall and moved to different WiFi networks but without success. Also did my best to figure out which ports to open in the firewall through rules but I may not have been using the right ones.

I'm running the Shrew VPN client and a commercial VPN service (Witopia) on the same machine and both connect successfully (to other servers). Suggestions welcomed!

Thanks,

Steve

After setup the cloud formation. I was able to successfully connect to the VPN server with pptp protocol. However when trying to use L2TP/IPsec with presharedkey. Windows VPN keeps on giving errors on can not establish connections with the server

I keep getting this error when trying to connect on the Mac:

The PPTP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.

I also cannot connect on my Nexus 5X phone.

I am able to ping the instance, as well as log in via SSH. Just cannot connect to the VPN. Any pointers how to debug this?

I tried PPTP as well as IPSEC. Either way it won't connect. Redeploying/rebooting the server does not help either. I tried it on both mac and ios.

I have setup the VPN server as detailed. I have been able to connect with both ios devices and my win 10 PC, but I have failed miserably with the router VPN client.

At the heart of the issue is both the ios devices and Win 10 effectively dynamically "handshake" with the server but the DD-WRT router requires the exact parameters (and I couldn't find them anywhere). I have looked at the template you provided (thank you) but there are a number of settings I am unsure of:

As you can see with the attached image I know :

1. the server IP.
2. Looking at the template I assume the Remote Subnet is the server IP of 10.0.0.1 but not sure, with the Remote Subnet Mask 255.255.255.255 (but the client will not allow me to save this config)
3. Unsure whether I need to insist on mppe. (I can see when my win10 client connects its at MPPE 128. So, while I have items inthe MPPE Encryption box, unsure if I should and have tried with and without.
4. MTU in the template is 1280
5. MRU in the template is 1280
6. Assume I need to enable NAT (although not sure)
7. I know my username and pwd
8. Additional PPTP options: not sure?

Any help you can give me in filling in the details would be great. Many thanks

I tried deploying the template to Mumbai, but that failed.

Error:

Template validation error: Template error: Unable to get mapping for AWSRegionArch2AMI::ap-south-1::HVM64

Hi, Is there a way to set up this VPN in London region?

Thank you very much.
Sampath

I am getting this error after creating the Stack.
on the Template Json it was mentioned that I have to wait for 5minutes

Description": "Allow upto 5 minutes after setup to connect. Please contact us at https://www.webdigi.co.uk/blog/2015/how-to-setup-your-own-private-secure-free-vpn-on-the-amazon-aws-cloud-in-10-minutes/ for any help!

is there a configuration that I have to change on that template?

Love the article, and really appreciate the fact that you've provided updates to it as things have changed (i.e., loss of support for PPTP from Apple iOS).

I have set up L2TP VPN for a few Apple devices. It works great when connected, but the VPN connections do not persist - meaning: if I set my iPhone aside for a while, the VPN drops and I have to reconnect it manually when I go to use the iPhone again.

The upside is that it makes me pay close attention to my VPN icon at the top of the screen, so my situational awareness is high, but the downside is, "what if I forget?".

Any ideas on implementing workarounds for persistence that won't be complete resource hogs?

I've been using this setup for a few months without incident, however over the last few days I've run into a situation where I have to rebuild the server every 24 hours or so. I haven't made any changes to the server, it just stops responding and the only thing that seems to work is blowing the server away and rebuilding from scratch. Any idea as to why this might be?

"The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."

Hi, i was using your vpn for 3 days now but yesterday they stopped working i don't know why.
i tried to reconfigure it multiple time without success

Similar to #48, this codebase does not appear to work with Lono 4:

▶ lono generate
Generating CloudFormation templates, parameters, and scripts
ERROR: The config/settings.yml does not exist in this project.  Are you sure you are in lono project?

▶ lono --version
4.0.6

Should we pin the version to the last version of Lono 3.x (3.5.0) or it may also be simple to upgrade this module to work with Lono 4 via the lono upgrade4 command. I know very little about Lono or Ruby so I'm hesitant to try to fix it myself.

Hello
I managed to create the instance quickly as well as connecting to it form windows.
I also tried it from my Android device and it connects. Please note that once connected the internet is not accessible. Looking at the IP config I see that the gateway is set to 0.0.0.0.

When choosing PPTP on my router and providing the same user/psw it does NOT connect.

Any idea what could be the issue? Could it be related to the IPSEC? There is no place to provide it in my router setting.

Thanks,
Mickey.

Hey there!

Enjoyed the Youtube video and the article on how to get this setup. Instead of opting for a brand new VM, I attempted to follow your script on an existing VPN. I'm having issues connecting and I believe it has something to do with iptables.

My current script I used to setup my rules is:

#!/bin/sh
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# FTP
iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -A INPUT -p tcp --dport 989:990 -j ACCEPT

# SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Reroute HTTP to 9000 and HTTPS to 9001
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 9000
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 9001

# HTTP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 5984 -j ACCEPT
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT

# FTP Passive Ports
iptables -A INPUT -p tcp --dport 13000:13100 -j ACCEPT

# Route VPN connections
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Drop rest
iptables -A INPUT -j DROP

# Restart Fail2ban
service fail2ban restart

On this box, I've got a web server on 80/443, FTPS on 990, and now pptpd on 1723. My Amazon Policy rules are:

What could possibly be causing the connection issues? Do you see anything wrong with the policies or the iptables?

I've attempted to log the data from the server and I'm not getting any logs being created.

On the client I get PPTP connect errno = 60 Operation timed out

Thanks!

Edit: Found some logs in the syslog file

Mar 26 23:28:26 ip-172-31-22-92 xl2tpd[2085]: network_thread: select returned error 4 (Interrupted system call)
Mar 26 23:28:26 ip-172-31-22-92 xl2tpd[2085]: death_handler: Fatal signal 15 received
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2549]: setsockopt recvref[30]: Protocol not available
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2549]: This binary does not support kernel L2TP.
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2550]: xl2tpd version xl2tpd-1.3.6 started on ip-172-31-22-92 PID:2550
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2550]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2550]: Forked by Scott Balmos and David Stipp, (C) 2001
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2550]: Inherited by Jeff McAdams, (C) 2002
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2550]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Mar 26 23:28:27 ip-172-31-22-92 xl2tpd[2550]: Listening on IP address 0.0.0.0, port 1701
Mar 26 23:28:39 ip-172-31-22-92 pptpd[2571]: MGR: connections limit (100) reached, extra IP addresses ignored
Mar 26 23:28:39 ip-172-31-22-92 pptpd[2572]: MGR: Manager process started
Mar 26 23:28:39 ip-172-31-22-92 pptpd[2572]: MGR: Maximum of 100 connections available
Mar 26 23:28:51 ip-172-31-22-92 ipsec_setup: Stopping Openswan IPsec...
Mar 26 23:28:52 ip-172-31-22-92 kernel: [8565537.364416] NET: Unregistered protocol family 15
Mar 26 23:28:52 ip-172-31-22-92 ipsec_setup: ...Openswan IPsec stopped
Mar 26 23:28:52 ip-172-31-22-92 kernel: [8565537.391134] NET: Registered protocol family 15
Mar 26 23:28:52 ip-172-31-22-92 ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-36-generic...
Mar 26 23:28:52 ip-172-31-22-92 ipsec_setup: Using NETKEY(XFRM) stack
Mar 26 23:28:52 ip-172-31-22-92 kernel: [8565537.434369] Initializing XFRM netlink socket
Mar 26 23:28:52 ip-172-31-22-92 kernel: [8565537.447638] AVX2 instructions are not detected.
Mar 26 23:28:52 ip-172-31-22-92 kernel: [8565537.456706] AVX2 or AES-NI instructions are not detected.
Mar 26 23:28:52 ip-172-31-22-92 ipsec_setup: ...Openswan IPsec started
Mar 26 23:28:52 ip-172-31-22-92 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Mar 26 23:28:52 ip-172-31-22-92 pluto: adjusting ipsec.d to /etc/ipsec.d
Mar 26 23:28:52 ip-172-31-22-92 ipsec__plutorun: 002 added connection description "vpnpsk"

I have been trying to make my server (IIS) reachable from the outside, with my domain name directed to my AWS IP. I have my WRT54g set up as my client gateway and a computer running a VM with a bridged NIC is attached to it with full internet connectivity. I have added security policies for HTTP/S in AWS and port forwarding anywhere else applicable. I realize now this VPN isn't like one in the VPC on AWS, so I don't know how to set up any routing (if needed). Please help!!

It seems that I can only set single VPN connection account on it. Is there any way to set up more account? And I do not know the ubuntu system account's password....