Phillip Smith

Security in the cloud: Openswan vs. SSH tunnel?

So, I've started doing some research into setting up a VPN in the cloud. Thankfully, several people have already beaten the path and left behind some great bread crumbs. Specifically, I found two helpful articles on setting up OpenVPN on Amazon EC2.

Unfortunately, OpenVPN is not natively supported (as far as I know) on any of the devices that I use, e.g.: Apple laptops, iOS, or Android devices. In each case, I would need to install (yet another) application to make the secure connection possible. Frankly, I'm lazy, and that's just too much hassle.

The VPN that I currently use is a PPTP-based solution. The nice thing about PPTP is that is "just works(tm)" on my devices. In fact, most operating systems have built-in support for PPTP and L2TP that you can just turn on with minimal configuration. However, I've not been 100% happy with the PPTP solution, as it regularly doesn't work -- for example, in the Mozilla office. I'm not 100% sure why -- I've read that certain routers simply don't support or allow PPTP. Thus, I'd like to give L2TP over IPSec a try.

Unfortunately, the documentation on getting Openswan up-and-running on an EC2 instance is far more obscure. I believe the other option is OpenL2TP (correct me if I'm wrong here). Anyway, if anyone knowledgeable with Openswan wants to give me a pointer, I wouldn't complain.

The other approach that was recommended to me yesterday was simply using an SSH tunnel. I've done that before, but thought it was considered to be too slow, or too much overhead, for regular use? It is nice and simple, but thinking about how to get that working on something like an iPad just makes me dizzy. Maybe it's not as complicated as I'm thinking? I do have iSSH for the iPad, so maybe I'll give SSH tunnels another try also.

All this to save $7/month (humorously, I got my VPN bill yesterday) and to have a bit more confidence about where my data is going.

The other nice thing I stumbled on was this nice little Android application for managing some Amazon Web Services, including starting and stopping EC2 instances. Looking forward to giving that a try.

Enhanced by Zemanta


Hi, I'm Phillip Smith, a veteran digital publishing consultant, online advocacy specialist, and strategic convener. If you enjoyed reading this, find me on Twitter and I'll keep you updated.


Want to launch a local news business? Apply now for the journalism entrepreneurship boot camp

I’m excited to announce that applications are now open again for the journalism entrepreneurship boot camp. And I’m even more excited to ...… Continue reading