You own secure proxy and vpn for free, fast and reliable

Discussion in 'Resources' started by Anonymous, Mar 25, 2011.

  1. Anonymous Member

    It has been a while that Amazon cloud services is free for one year from the day you register. (And for many uses it will cost pennies after.) You can do many things trivially, like backing up your entire digital life into S3. It's free within some large limits. Amazon provide user friendly web base front end, just like copying files. So nobody can find anything in your basement if they raid you, like porn that your mother disapproves.

    For other things, it's much easier to move to Linux. Most of the following also works on Windows desktop (any local machine). There are Windows servers (remote machine) on Amazon, but the limitations shows. Linux is much more secure anyway. Indeed, proxy and VPN is the only reason that I didn't move to Linux 100%. Now I can do without Windows totally. You can always try a dual boot first with Ubuntu.

    First, register for an Amazon AWS account. Use a prepaid credit/debit card for improved privacy. If you setup the account via a proxy, it will take time to approve.

    Next start an EC2 instant. There are plenty of instructions on Amazon and the web, and using the web front end is perfectly OK and very simple. The AMI, OS and hardware, you want is Ubuntu 10.10 Maverick Meerkat, and AMD64. The keyword is "Maverick" and "64". (Anything Ubuntu 10 and 32-bit is probably OK.) Make sure they are Free Tier Eligible with a star next to it.

    When you start you have to pick a security policy. I'm not sure if the default works. Just check that you have SSH and HTTP ports enabled. IMPORTANT: when you start, check the MICRO version. It's free. The default is small, which caused me to lose a dime.

    Now on your local Ubuntu machine (desktop or whatever), fire up a terminal. Type:

    ssh -D 9669 -i your-key-file.pem

    With this single command, you already have a encrypted tunnel with a 24/7 proxy for your own use. (Don't kill/close the terminal.) Just set your browser network proxy settings. Set SOCKS host to and port 9669, version 5. LEAVE ALL other hosts empty, including HTTP! For this reason, common proxy switching add-ons don't work.

    The port 9669 is arbitrary, that it's over 9000, and not anybody else is likely to use it. Amazon will ask you to save your-key-file somewhere when you start your EC2. It logs you into user ubuntu. Other AMI's have different user names, or root. You can lookup your-public-DNS name in the Amazon web control panel.

    You can use Windows too. Search instructions for puTTY. Now anybody can use this secure proxy if they have your key file. But you can compromise each other's contents, lock each other out, and charge to the registered credit card. Also, Amazon has servers in America, Europe and Asia.

    Now we move on to setup VPN. The reasons are many. VPN simply adds one more level of proxy to whatever your proxy chain is. All network traffic go through VPN so you secure your mother's or your wife's or your kid's traffic without them doing anything. Your skype, IRC are all secured. Secure is relative. Unauthorized enemies have to compromise your Amazon account data, and your ISP data.

    More importantly, browser plug-ins like flash, java, are the same as applications external to the browser. Just like firefox add-ons, you already granted them privileges when you install them. All these external (to browser) applications have access to the internet, and do not obey the proxy rules for your browser. It's trivial for them to get your IP if you are connected to the internet, irrespective of what you do with your browser. VPN changes all that.

    With VPN on, external applications cannot change the network settings without asking for permission from you, if you are on Linux. In Windows, you will know if you monitor the network settings. Also, a cheap wireless router will offer a lot of protection, because your desktop do not know your IP from your ISP. Make sure the router is cheap enough not to support Network monitoring functions, or you can disable it. So your router will not tell anyone your IP if any connected machines ask for it.

    The VPN instructions follow that from with exceptions. Now the previous terminal prompt changed to ubuntu@... , meaning that it's now a terminal for your server.

    On your server terminal, update software:

    sudo apt-get update
    sudo apt-get upgrade -y

    Install Openvpn and some settings:

    sudo apt-get install -y openvpn
    sudo modprobe iptable_nat
    echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
    sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

    (1 is a one in echo)

    Generate key file for vpn:

    sudo openvpn --genkey --secret ovpn.key

    Now start openvpn at server, at port 80:

    sudo openvpn --proto tcp-server --port 80 --dev tun1 --secret ovpn.key --ifconfig --daemon

    Using port 80 probably allows you to bypass restrictive firewalls at school or at work. But most service providers are aware that Amazon now becomes a huge ISP of proxies. Hulu doesn't allow it.

    Now you are done with the server. Keep the server terminal alive. You can store the last command in a pure text file on the server like startvpn. And then chmod +x startvpn.

    Now before you do anything on your desktop, store any files you are reading on your machine. Like this one that tells you how to get out of vpn. In the worst case, you may lost internet connection and rebooting may not always get you out of trouble.

    Fire up another terminal for your desktop - the client terminal. Install openvpn locally:

    sudo apt-get install -y openvpn

    Here your password will be asked.

    Some settings and start openvpn locally (you can put on a text file):

    sudo modprobe tun
    sudo iptables -I OUTPUT -o tun+ -j ACCEPT
    sudo iptables -I INPUT -i tun+ -j ACCEPT
    sudo openvpn --proto tcp-client --remote --port 80 --dev tun1 --secret ovpn.key --redirect-gateway def1 --ifconfig --daemon

    Now you have a VPN. To prevent any DNS leaking, use the Amazon DNS nameserver:

    sudo mv /etc/resolvconf/run/resolv.conf /etc/resolvconf/run/
    echo "nameserver" | sudo tee /etc/resolvconf/run/resolv.conf

    This is different from the original instructions, where the original file is only a soft link. To make it easier later, put the commands in two text files for swappinig nameserver:

    sudo cp /etc/resolvconf/run/ /etc/resolvconf/run/resolv.conf
    sudo cp /etc/resolvconf/run/ /etc/resolvconf/run/resolv.conf

    Now when you set your browser to direct connection with no proxy, your IP is still the Amazon IP when you check at etc. If you screw up, rest assure that any malware will be screwed up too, not reading your IP address. Your SSH proxy will still be working as above.

    You have SSH and VPN at your disposal. The difference is that SSH is about twice as fast. SSH will protect browser traffic, while VPN will protect any plug-in, external applications. You can also set browser to use proxy like cgi proxies, ultrasurf etc. In this case you are proxy chaining with your VPN.

    To stop VPN at your desktop:
    sudo killall openvpn

    and restore name server:
    sudo cp /etc/resolvconf/run/ /etc/resolvconf/run/resolv.conf

    You can leave your server on 24/7 for free (micro instant). But once you stopped vpn at your end, you have to restart the vpn at the server too. You can terminate the server and start all over again. Or you just need to restart the vpn. At the server terminal, kill the old vpn:

    sudo killall openvpn

    Restart vpn:
    sudo openvpn --proto tcp-server --port 80 --dev tun1 --secret ovpn.key --ifconfig --daemon

    in which you can put in a file called startvpn. Change mode. and type ./startvpn instead. Then you start vpn at your desktop end.

    I also got charged 1 penny for something and 1 penny for something else. All one off charges. After weeks of use, I'm sure they are free, if you are careful. Or you will lose a dime, or two.

    I will probably write up more at
  2. Anonymous Member

  3. Kilia Member

    Is this spam? Am I going to have to make a sandwich?
  4. Anonymous Member

    It's technical, but it seems to these eyes that what he describes could work.
  5. Anonymous Member

    Interesting. thx for sharing.
  6. underminer Member

    Be careful. Could be a honey trap.
  7. Lindworm Member

    Hmmm you sound like this anon...

    Posted here

    You also sound like you know your way around linux, I would be interested to communicate in the future
  8. Anonymous Member

  9. I bought a ipad a month ago, now I took ipad vpn connection from a company through online payment. I am trying to establish connection to remote server but It’s denying and ping replying through full speed. I am not able to connect can anyone tell me a way to connect it.
  10. Anonymous Member

    Delete system32.... nevermind
  11. xenubarb Member

    Far as I can tell, this cloud shit saves your stuff "somewhere else" where you can access it from multiple points; phone, lappie, flat dingus too big for your pocket, other ppl's computers.

    I can think of a whole lot of reasons why my stuff is better off on an external device I can bury in the yard.
    (FBI, dig in the side yard where those old geraniums need replacing. There are 19 SDRAM storage devices hidden there. You need to go deep, some of them are 5' underground.)

    Also, bring your own shovels. I'm not gonna help you defile my rights!
    • Like Like x 2

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins