Last week I attended the 28th Chaos Communication Congress (#28c3) in Berlin, which is in my book the best volunteer based conference in our solar system. The conference had – as always – excellent internet connectivity. If you go to such conferences, you have to assume, that people watch your traffic, so it is a good idea to use a VPN. (The same is also true for the wireless network in your favorite coffee shop).

Getting a cheap VPN, for a month with multiple exit points on the planet, is possible, by paying a few Euro over at blackVPN and their service is excellent, but setting one up ourselves is also fun and only takes a few minutes. All we need are a server on the public internet with ssh access and a little piece of software called sshuttle.

To the cloud!

In order to get a server on the public internet, we can go over to amazon’s cloud and start a t1.micro instance, which is the smallest instance type they offer and costs you the incredible amount of 0.025$ per hour (in the EU region). If that is to much for your wallet I have good news for you: If you sign up for aws now, you are eligible for the so called free usage tier, which means you can run that thing at zero costs. (for more details on the free usage tier, see the introduction). Launch the instance via the webconsole or your preferred way and wait until it is up. We now have an exit point for our VPN on the public internet, but we still have to send our traffic over there, which is what we do next.

Building a tunnel.

As I said above, we are going to use sshuttle to set up the tunnel. It uses - as you might have guessed - ssh for tunneling all you traffic. This assumes that you have local sudo rights on your computer and that you have set up your ssh-config for aws.

git clone https://github.com/apenwarr/sshuttle.git cd sshuttle ./sshuttle -r ec2-user@[hostname-of-your-amazon-instance] --dns 0.0.0.0/0 (it now asks for local sudo rights )

curl ifconfig.me

That is all! All you traffic is now piped through the ssh connection. You can easily verify it, by running for instance, which will print your current external IP. It should be the one of your aws instance. Since the tunnel is on kernel level, it is transparent to all running applications, so you don’t have to configure anything further.

If you want to stop the vpn/tunnel, just "Ctrl-C" sshutle and everything is back to normal.

For more information on sshuttle, check the README and if you have other tips like this, please leave a comment.

NOTE: All traffic is send encrypted to amazon, but if you use plain text protocols, those could still be sniffed on the other side. It is a good idea to always use encrypted protocols and if you use firefox, you should install the HTTPS Everywhere extension made by the EFF.