Building a Personal VPN Azure Solution

Since joining Denny Cherry & Associates Consulting, I tend to travel about once a month.  This isn’t a huge amount and is usually over a weekend (except for that opportunity to go to Australia that didn’t pan out).  Since I work in the IT field, security is highly important to me, especially my own security.  I am referring to my digital security.  For example, I don’t like using public WiFi’s because I don’t know who else is on that particular network, and well, I’m a paranoid IT guy.  Due to that, I’m cautious as to what I do on my various electronic devices (laptop, phone, tablet, etc) on the internet while out and about.

The solution?  A VPN Service.

There are various VPN Services that you can subscribe for a monthly/annual fee that offer you the ability to ensure that you have a secure connection.  Beyond just having a secure connection, you could also select which country you want the end point to be.  For example, if I was in Australia, I could select a server in the United States and I would “look” like I was in the United States.  Some services will log everything you do, some will not.  In any case, if you decide to use a 3rd party VPN service, make sure you fully understand what is or isn’t included in the service.

On top of wanting to see if I could build it, I also did not want to pay a monthly fee. Since I really only travel about once a month, the need for a constant service was not on my priority list.  Really, I wanted a low-cost solution that I could spin up or down whenever I need to.  Using the mobile app, this is really easy to accomplish.

I thought that Microsoft Azure would be a great fit for me.  A small virtual machine in conjunction with free VPN software would suit my needs.  I could spin up the virtual machine before leaving town and then turn it off when I’m back home.  Remember, even if you turn it off,  you still pay for the storage.  However, you can select to use normal hard drives and not fast solid state drives which helps save on the costs when not using it.

After doing some research, I stumbled across a Do-It-Yourself (DIY) blog post from Microsoft.  The solution uses a virtual machine in the Azure cloud with a free VPN open source software SoftEther.   Once I discovered this blog post, I got to work.

First I need to stand up a virtual machine.  Upon logging into the Azure portal, I started tonfigure a new virtual machine.  First I need to pick a size.

I choose to go with a DS2_v2.

From the sizing chart, we can see that this virtual machine has 2 vcpus, 7GB of memory and traditional spinning disks.  There are some other metrics listed there as well.  If you were to leave it up and running for the entire month, the costs would be approximately $75 US dollars.   Now, I’m not going to leave it up and running the entire month, just when I need it so this did not dissuade me.  You can certainly select a smaller size virtual machine.

 

Next, I had to choose an operating system.  Since I didn’t need a server grade operating system, I went with Windows 10. The amount of traffic going through this VPN server would be minimal most of the time and I would be the only user, unless I shared it with family & friends.  There isn’t a limit on the amount of users you can add to the VPN server other than hardware resources.

Once the virtual machine was up and running, I just followed the direction from the blog post to get SoftEther installed and configured.

 

Afterwards, I was able to download the OpenVPN client for my laptop, install the config file and get connected.  I can verify that it’s working by going to http://whatismyip.com.  Before connecting to the VPN service, my IP address reflects Louisville, KY since that’s where I am physically at.

Due to the fact that the virtual machine is in the East-US region for Azure and using a dynamic IP address, we can see that now I’m “located” in Bristow, VA.  This is because the virtual machine is running in a data center in Virginia.  If I were to reboot the server and obtain a different IP address or moved it to a different region, it would be something completely different.

Another option is to utilize the OpenVPN application for your mobile devices.  Download it from the store (Apple or Google), follow the documentation from the above blog post and then your phone can have a security connection as long as you have internet connectivity through your provider.

Ensuring that I have safe, easy, and secure access to the internet is important to me.  This solution was about 30 minutes worth of effort to complete and now I can travel knowing that any traffic I send over public Wifi can be secured.

Note, before embarking on this adventure, make sure that you do a cost estimate.  I have some free credits from Microsoft to play with so this solution fits within that budget. It’s quite possible that a 3rd party service is more cost effective for what you might need/want.  Your mileage may vary.  If you don’t have an Azure account yet, you can sign up for free and get $200 of credits for the first 30 days.  If you have a Visual Studio subscription, you can get $50/month! An excellent opportunity to start learning Azure!

Let’s face it, that’s pretty cool.

 

© 2018, John Morehouse. All rights reserved.

Share

One Response

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trust DCAC with your data

Your data systems may be treading water today, but are they prepared for the next phase of your business growth?