How to Setup Termilus SSH VPN in AWS and Azure
The Termilus SSH VPN server is a remote access solution similar to a traditional VPN, however traffic traverses an SSH tunnel as opposed to PPTP, L2TP, IPSEC etc.
Currently, the Termilus SSH VPN has been tested and confirmed to be working with the following clients:
- Ubuntu 20.04
- CentOS Stream 8
- Fedora 34
- MacOS Big Sur
- The Termilus SSH VPN provides remote access to your AWS VPC or Azure subscription. This means once you've connected you'll be able to access internal systems to your subscription or VPC on private subnets.
- It provides a secure, encrypted tunnel to your subscription or VPC providing protection from unscrupulous internet service providers or Wi-Fi hotspots.
- It masks your actual origin IP address. Meaning, any sites you visit or systems you connect to will see the Termilus SSH VPN's public IP address as the connection's origin.
The following steps will explain how to create and deploy the Termilus SSH VPN clients. If you'd rather watch the video explainer, please scroll to the bottom.
- Deploy the Termilus SSH VPN into your Azure subscription or into AWS. The server will need to be assigned a publicly accessible IP address. If you're following along, make sure to update all subsequent commands with the public IP address or DNS record for your server. In this example, mine will be:
- Connect to the Termilus SSH VPN:
ssh -i ~/.ssh/Termilus.pem firstname.lastname@example.org
- Run the sshvpn command to create a new SSH VPN user. For this example, our client will be an Ubuntu machine, so we will call this client "ubuntu":
sudo sshvpn -a ubuntu
- Exit the SSH session with the server:
Use SFTP to retrieve the client installer script:
sftp -i ~/.ssh/Termilus.pem email@example.com:/home/ec2-user/SSHVPN-ubuntu-Client.sh ./SSHVPN-ubuntu-Client.sh
Or, copy and paste the client installer script to the destination host using ssh and cat:
ssh -i ~/.ssh/Termilus.pem firstname.lastname@example.org -t "cat /home/ec2-user/SSHVPN-ubuntu-Client.sh"
Now, paste the file contents into a new file on the client machine and save the file as:
- Make the client installer script executable:
chmod +x SSHVPN-ubuntu-Client.sh
- Run the installer script:
And that's it! The SSH VPN can now be toggled on with:
sudo service sshvpn-ubuntu start
sudo launchctl load /Library/LaunchDaemons/org.termilus.sshvpn.plist
To toggle off the SSH VPN, run:
sudo service sshvpn-ubuntu stop
sudo launchctl unload /Library/LaunchDaemons/org.termilus.sshvpn.plist