Migrating this from my blog when I first posted it but was setting up a VPN so it’s ready while I do some traveling and figured it was worth resharing.
Recent news that the government has repealed regulations preventing the sale of customer browsing habits has some folks thinking about their internet use and privacy a bit more than usual. I think that most of us assume that the things we do in our home on our own devices are pretty safe from becoming shared with others. This has caused a rash of articles about running your own VPN. As these kept crossing my RSS feeds I got thinking that this is the perfect use case for Juju and JAAS.
Good news! The Tengu team has made it really easy to use Juju to setup your own VPN server. It’s nearly as fast as you can get an instance from a cloud provider. As I sit here at the coffee shop I timed it and it took me six minutes, including adding it to my client and hitting connect.
THE 6 MINUTE VPN SETUP
How do we do this? We use JAAS since it’s a great way to deploy something into any public cloud and especially different regions. I personally have my personal VPN in the AWS us-east-2 region since it’s the closest physically to where I am in Southern Michigan.
juju add-model myvpn aws/us-east-2
juju deploy openvpn
juju expose openvpn
juju config openvpn clients="rick"
juju scp openvpn/0:~/rick.ovpn myvpn.ovpn
This deploys the OpenVPN charm and sets up a config file for “rick” that I can use to connect with a VPN client. On my MAC I use Viscosity and on Ubuntu I use the Network Manager vpn plugin. Both of these clients can load the .ovpn file that you download from the deployed server.
Once connected you can see all of your traffic routed through the VPN securely.
% ping ubuntu.com PING ubuntu.com (91.189.94.40): 56 data bytes
64 bytes from 91.189.94.40: icmp_seq=0 ttl=47 time=193.328 ms
64 bytes from 91.189.94.40: icmp_seq=1 ttl=47 time=178.245 ms
64 bytes from 91.189.94.40: icmp_seq=2 ttl=47 time=140.312 ms
% traceroute ubuntu.com traceroute to ubuntu.com (91.189.94.40), 64 hops max, 52 byte packets
1 ip-10-200-200-1.us-east-2.compute.internal (10.200.200.1) 48.860 ms 47.036 ms 58.141 ms
2 ec2-52-15-0-2.us-east-2.compute.amazonaws.com (52.15.0.2) 103.381 ms 64.848 ms
ec2-52-15-0-6.us-east-2.compute.amazonaws.com (52.15.0.6) 69.651 ms
What is even better is that you can shorten this by automating the deploy, expose, and config with a Juju Bundle. I created one that sets up two clients out of the box. One for myself and one for a “guest”. If I ever want to add additional clients I could just update the config in the charm.
A few lines of yaml and a “charm push . cs:~rharding/rickvpn” and I’ve got a one line deploy of a VPN at my fingertips. If I deploy before I order my coffee the VPN is up and ready for use by the time it’s done.
REASON #2 - BLOCKED PORTS ON THE SHARED WIFI
I promised some other reasons for a VPN and blocked ports at a shared wifi location is #2. This Starbucks I’m sitting has had the wifi configured to block port 22 which can be a pain in the rear when you’re attempting to work with a lot of cloud instances over SSH. A quick VPN and suddenly the world of SSH is opened back up. Yes, some folks will tell me to change my SSH ports, but when you’re working on cloud servers across different clouds it’s definitely much more a pain to change SSH everywhere than to just launch this VPN.
REASON #3 - TESTING END USER EXPERIENCE
I’ve also found myself working with others across the world. What’s always fun is when they’re having issues I just can’t replicate. We have large numbers of our team in Europe and down in New Zealand and Australia. As you can imagine, their load times for things is a bit different than my midwest connection to things coming out of US based networks. Given the breadth of cloud regions these days, it’s actually not as hard as it seems to replicate the experience that the remote users are seeing. I can easily throw up a Europe based VPN and force myself to test things through it. Suddenly I can see that the timeout we have doesn’t work well for users whose bytes go through undersea cables.
I’m sure you can think of some other uses that a quick VPN would come in handy. Let me know what your favorite uses for the OpenVPN charm are. Reach out on Twitter @mitechie. And thank you Tengu Team for this great OpenVPN charm!
