Amazon AWS Certified Advanced Networking Specialty – Virtual Private Networks & IPSec Tunnels

1. Introduction to Virtual Private Networks

Hey everyone and welcome back. In today’s video we will be discussing about the virtual private network. Now Virtual Private network, which I also referred as the VPN, basically allows us to route the traffic from your network to the destination through the VPN server. Now it is something similar to the proxy. Now this can be understood with a simple example where you have your computer here and you have the destination server in the Internet. Internet. Now your computer which is connected to the Internet would have a unique IP address. So your laptop or computer, when you connect to the destination server, the destination server will have full access logs related to your connection details. Now in the case of a VPN server, what happens here is that let’s say that this is a VPN server and this VPN server has an IP address of 54 2030 56. Now when you send the traffic via the VPN, the destination server, it can be over the Internet. This destination server will not see your IP address here. It will see the IP address of the VPN because it is the VPN which is routing all the traffic over here. Now there are a lot of advantages and also there are a lot of use cases where attacker uses VPN extensively for the attack. So let me quickly give you a demo on how exactly this might look like. So this is a cyber ghost VPN. This is pretty famous.

Now if you see over here this VPN server as we see in the slide, this can be selected like you want it from us, or you want it from Europe, or you want it from Singapore, et cetera. So if I can quickly show you, you can select various locations over here. So if I click on more servers, you see there are a lot of servers which are available from United States to Vietnam, to France, Germany, Australia, et cetera, et cetera. Now let’s do one thing. Let me just click on connect so I’ll be connected to the VPN server. So let’s quickly wait for a moment here. Great. So I am connected to the VPN server residing in Canada. So now what happens? My laptop or my computer is in India and the VPN server is in Canada. Now if I browse the Internet, the destination server will assume that the connection is coming from Canada and hence the details would be shown accordingly. So let’s try it out. Let’s put Google. com and here let’s put what’s? My IP. So the IP address in the 71 page, if you just open up one of the websites here, you see it is showing that the IP address is 71 and it is showing the country as Canada, the region as Alberta.

And this is how the VPN works at a high level overview. Now one use cases, or in fact multiple use cases can be achieved with the help of VPN. One is that if you are connected to an insecure network, let’s say a public wireless hotspot, then it is better never to directly access it. You should always connect a VPN in such cases. Second reason why people typically use VPN is to unblock certain blocked websites. So if I can quickly show you, there’s a website called as Nine Gag TV. All right? So now what is happening is that it is redirecting to nine gag. com. Nine Gag. I’m sure a lot of people might be using it. So if you type Nine Gag TV from the Indian ISP, you will see that the website is specifically blocked. But since that I am connecting to a VPN, that website is unblocked for me. Third use case is something which attackers uses. Let’s say that they want to attack a server in a specific country. So what they use is they make use of VPN so that their IP address is not directly visible.

Now, one thing I’ll quickly share, let’s say this is just for an example. Let’s say that someone wants to attack a server which is residing in US. So what I’ll do is I’ll select a VPN which belongs to an enemy country. Let’s say China. So US and China, they are generally not a good friend. So now if you use a VPN server of China, and even if US government might want to get information, chinese government might not corporate. So this is what generally attackers do a lot of times. They generally choose the VPN server of a country which is an enemy of the target that they are trying to exploit into. Anyways, so this is just the high level overview and some of the things that I wanted to share. This is more appropriate for the certifications related to security anyways.

So when it comes to the VPN use in corporate network so this is like a good VPN use. So how exactly it is used is let’s say that you have an EC two instance in a private subnet and this has a private IP. So private IP cannot be communicated directly via the internet. So it is non routable IP. So what you do is you put a VPN server in the public subnet inside the VPN and then you route your traffic from your computer to the VPN and from the VPN towards the private instances. So now if you want to connect to private instance, your traffic will be routed from VPN to the private instance. And this is how the VPN is typically used in the AWS environment.

2. Implementing software VPN’s – Part 01

Hey everyone and welcome back. In today’s video we will be discussing on how we can implement the VPN architecture that we were discussing in the earlier video. So in this type of architecture you have your computer here, then you have a VPN server here and then you have an easy to instance in a private subnet. So this VPN server can be easy to instance directly. So let’s look into how we can do that. So the first thing, we’ll go to the EC to console and there are a lot of software based VPNs which are available. You also have hardware based VPNs so we’ll be using the software based VPN for our demo for simplicity. So let’s click on Launch instance here and we’ll go to the AWS marketplace and let’s type OpenVPN. So OpenVPN is quite a famous product.

So we’ll be using the Bring your own license one which is under the free tire. I’ll click on select. So within here if you see the software charges is zero and the charges that you see over here under the total column is basically the EC to instance charge. So let’s click on continue. So I’ll be using the T two micro which comes under the free tire. Now within here I’ll basically have the subnetting settings as enabled so that the public IP can be assigned to the VPN instances. I’ll click on storage. Storage is fine. I’ll click on Review and Launch SSD seems good.

Let’s click on Launch. I’ll click on I acknowledge and I’ll launch the instance. So the initial launch might take a little amount of time because when you launch AMI from the marketplace it has to subscribe so it might take a little amount of time. So you see after the subscription has been successful, then the initiating launch happens. So this is our VPN instance. Let’s click here, I’ll just call it as Public VPN. So let’s quickly wait for a moment for the status checks to be two out of two. Great. So it has been few minutes and our instance state is running. Status check is still initializing but we should be able to connect. So let’s try it out. I’ll copy up the public IP and let’s quickly do an NC on port 22. Great.

So we are able to connect to the server on port 22. So let’s try to log in. I’ll specify the key. I’ll put it as yes. Great. So it is basically asking for the license agreement. Do remember that if it is an open VPN then the user would be OpenVPN yes. I’ll say yes for the license agreement and these are basically the configuration details. I’ll just use it as a default one. I’ll put it as one for the UI port. I’ll leave it as default. So here in terms of license key, you can just press Enter and it is initializing your OpenVPN. Great. So this is the administrator UI. Let me just open this up.

So, since the certificate is not configured, this is something that you will see and it is asking you for the username and password. So for the password, what we need to do, go to the root and we’ll change the password for the OpenVPN user. I’ll put in my password here. Great. So this is the password for the OpenVPN user, and the username that you can put within the GUI authentication page is the OpenVPN. So let’s try it out. I’ll put the OpenVPN user and I’ll configure a password here. So this is the same password that we had done the reset for.

So this is the license agreement that you will have to accept. And this is how the console drill looks like. Now, since we had not configured any license key, you can still connect to the Open VPN server. Now, they have certain restrictions, like you can connect a maximum of two connections, so those restrictions would be there. But anyways, if you need more users for your organization, you can put in a license key. Anyway, so this is how the console really looks like.

Now, OpenVPN is a great solution. In fact, I have been using this for enterprises for more than four years, where we had more than 100 or 150 connected users and it really works very well. So, this is the high level overview on how you can configure the VPN. However, this practical is still incomplete because we have not yet tested the connectivity to the private instances. So let’s go ahead and do that in the next video.

3. Implementing software VPN’s – Part 02

Hey everyone and welcome back. Now in the earlier video, we had configured our OpenVPN instance. So in today’s video we will look into whether the connectivity works as expected in the architecture. So in order for us to do that, let’s launch one instance of type T two micro. So I’ll just do a review and launch and I’ll just select my key area. Great. So let’s name this instance. Let’s assume that this is a private instance. All right. Now the next thing that we need to do is we have to connect to this VPN server. Now if you remember when we had done the CyberGhost VPN video, we had connected to the CyberGhost VPN. So this is just the browser. This is not a connection to the VPN. So in order to connect to the VPN, you will typically need a VPN client.

So in my case, I have the OpenVPN connect. So this is how the OpenVPN Connect looks like. So I’ll just click here and I’ll click on connect. So this is where you will have to give the IP address of the VPN server that you have. In my case I’ll put it as 54 184, 71 21 and I’ll click on Continue. So now you have to put the username and password. Let’s use a default username and password. It is basically saying that the certificate is untrusted. We’ll just select yes. I’ll click on yes again. And now if you see there is a green symbol over here which is basically saying that it is connected. So in order to verify if things are working, let’s do one thing. Let’s try to connect to this EC Two instance over the private IP. So even though it has a public IP, will not use the public IP, let’s try to connect via the private IPR. So from my CLI I’ll quickly do ANC ZB on the private IP on port 22. Great.

So it says that the connection has been succeeded. So let’s quickly try to log in here and you see it is working as expected. Great. So this is how the VPN works at a very high level. Overview. I hope you understood the architecture on the VPN part. So first is the EC to instance. On EC two instance, you can install a software VPN. It can be OpenVPN or others. And then you have a VPN client. The VPN client connects to this VPN server and then your traffic can be routed. Now along with that, I’ll also basically I’ll show you the link in case you want to download the OpenVPN Connect client. So if you look here, this is the OpenVPN client for Windows. And basically if you click here, it will go ahead and install it for you. In my case I already had it installed because I use it with some of my clients. So that’s about it for the VPN video. I hope this video has been informative for you and I look forward to seeing you in the next video.

• Category: Uncategorized