Skip to content

Latest commit

 

History

History
64 lines (47 loc) · 1.99 KB

README.md

File metadata and controls

64 lines (47 loc) · 1.99 KB

android_ec2_vpn

Overview

IPsec is a total pain in the ass, and Android devices are finicky about their VPN servers. Add that with EC2 both the server and the device are NATted, and... well... you have trouble sleeping.

Inspiration

There are lots of fun tutorials and war stories about how to set this up. Here are the ones that guided me:

I probably missed some (in addition, of course, to the google+ post I can find any more about incorrect/missing SPD entries when the server is NATted). Many thanks to the Internet.

How to use it

Server

The VPN server is an EC2 instance. Start one up with a security group that has these ports open for inbound traffic:

  • TCP port 22
  • TCP port 500
  • UDP port 500
  • UDP port 4500

Install this module using the command puppet module inkblot/android_ec2_vpn. This will ensure that all of its dependencies are satisfied.

Using puppet and this module, apply something like this on the server:

class { 'android_ec2_vpn':
	username       => 'guesswho',
	password       => 'qwertyuiop',
	pre_shared_key => 'asdfghjkl;',
}

Client

The VPN client is an Android device. Create a new VPN connection:

  • Name it whatever you want
  • Set type to: L2TP/IPSec PSK
  • Set the Server address to the EC2 instance's public IP
  • Leave L2TP secret blank
  • Leave IPSec identifier blank
  • Set the IPSec pre-shared key to the value of pre_shared_key parameter you used with the puppet class.

When you tell your device to connect, it will prompt for a username and password. Use the username and password parameter values that you used with the puppet class.