Hello,
I’m been playing with AWS today and built a free Linux VM. I’d like to connect the VM to my home over a VPN, can I do this with my pfSense FW at all?
I’m not sure if I can install something on the AWS VM or some sort of free/cheap VPN service?
It’s not permanent, just for testing and learning.
Thanks
You can install OpenVPN or Wireguard on your VM and on your local computer or router or a third local computer.
Or, you can use AWS’ built in VPN services - site to site (uses IPSec) or OpenVPN.
You should be able to use a site to site vpn connection between AWS and your pfsense firewall. It is charged at roughly 5 cents per hour, but it’s not totally unreasonable if it’s just for a short period of time. As an alternative, you could use something like strong swan on the ec2 instance directly to avoid paying the cost of the vpn connection itself.
IPSEC or OpenVPN tunnels would be the most versatile.
Another option I go to frequently for more specific / temporary things is to use SSH tunnels. They only are good for opening one port at a time (unless you setup all clients to use SOCKS proxy) but there is no software to install or extra configuration needed (other than potentially enabling gateway ports)
I have a Site-to-Site IPSec connection between my AWS VPC and my on-prem pfSense firewall. Very easy to set up, as AWS provides you a text file with pfSense-specific setup instructions.
Just setup System Manager session manager and avoid SSH or anything. AWS Systems Manager Session Manager - AWS Systems Manager
This was also recently shared: https://lebureau.dev/connecting-your-homelab-to-an-aws-vpc/
Why not connect with SSH? Unless you want the machine to act like an open machine on your native network. Then that would be VPN.
AWS’s site-to-site VPN is awesome, but it’s way too expensive for OP’s use case. However, it could be a good and cheap learning experience to get it working and then tear it down immediately.
Does it cost you much?
You know, I had heard it was pricey but don’t actually know what it costs.
$0.05/hr for whenever the connection is active. I only enable the link on the pfSense side when I want to use it, and it comes out very cheap. Do remember the $0.09/GB egress charge from your AWS VPC though.
It’s $0.05 per hour. And if you’re using AWS Transit Gateway, this adds $0.05 per hour per attachment. I have set it up for a client with two VPCs, so it needs three attachments (one per VPC and one to the VPN). That makes the base price $0.20 per hour or around $146 per month. Then you have to add bandwidth costs.
But at $0.05 per hour, it is a good way to learn how to configure a site-to-site VPN. You’re getting a fully functional VPN setup with clear instructions for your local hardware/software, so you’ll get acquainted quickly with the local side of things. You can then tear it down and build your own remote side, already knowing how to configure one side of it which should make troubleshooting easier.