Building a Personal VPN Azure Solution

Since joining Denny Cherry & Associates Consulting, I tend to travel about once a month.  This isn’t a huge amount and is usually over a weekend (except for that opportunity to go to Australia that didn’t pan out).  Since I work in the IT field, security is highly important to me, especially my own security.  I am referring to my digital security.  For example, I don’t like using public WiFi’s because I don’t know who else is on that particular network, and well, I’m a paranoid IT guy.  Due to that, I’m cautious as to what I do on my various electronic devices (laptop, phone, tablet, etc) on the internet while out and about.

The solution?  A VPN Service.

There are various VPN Services that you can subscribe for a monthly/annual fee that offer you the ability to ensure that you have a secure connection.  Beyond just having a secure connection, you could also select which country you want the end point to be.  For example, if I was in Australia, I could select a server in the United States and I would “look” like I was in the United States.  Some services will log everything you do, some will not.  In any case, if you decide to use a 3rd party VPN service, make sure you fully understand what is or isn’t included in the service.

On top of wanting to see if I could build it, I also did not want to pay a monthly fee. Since I really only travel about once a month, the need for a constant service was not on my priority list.  Really, I wanted a low-cost solution that I could spin up or down whenever I need to.  Using the mobile app, this is really easy to accomplish.

I thought that Microsoft Azure would be a great fit for me.  A small virtual machine in conjunction with free VPN software would suit my needs.  I could spin up the virtual machine before leaving town and then turn it off when I’m back home.  Remember, even if you turn it off,  you still pay for the storage.  However, you can select to use normal hard drives and not fast solid state drives which helps save on the costs when not using it.

After doing some research, I stumbled across a Do-It-Yourself (DIY) blog post from Microsoft.  The solution uses a virtual machine in the Azure cloud with a free VPN open source software SoftEther.   Once I discovered this blog post, I got to work.

First I need to stand up a virtual machine.  Upon logging into the Azure portal, I started tonfigure a new virtual machine.  First I need to pick a size.

I choose to go with a DS2_v2.

From the sizing chart, we can see that this virtual machine has 2 vcpus, 7GB of memory and traditional spinning disks.  There are some other metrics listed there as well.  If you were to leave it up and running for the entire month, the costs would be approximately $75 US dollars.   Now, I’m not going to leave it up and running the entire month, just when I need it so this did not dissuade me.  You can certainly select a smaller size virtual machine.

 

Next, I had to choose an operating system.  Since I didn’t need a server grade operating system, I went with Windows 10. The amount of traffic going through this VPN server would be minimal most of the time and I would be the only user, unless I shared it with family & friends.  There isn’t a limit on the amount of users you can add to the VPN server other than hardware resources.

Once the virtual machine was up and running, I just followed the direction from the blog post to get SoftEther installed and configured.

 

Afterwards, I was able to download the OpenVPN client for my laptop, install the config file and get connected.  I can verify that it’s working by going to http://whatismyip.com.  Before connecting to the VPN service, my IP address reflects Louisville, KY since that’s where I am physically at.

Due to the fact that the virtual machine is in the East-US region for Azure and using a dynamic IP address, we can see that now I’m “located” in Bristow, VA.  This is because the virtual machine is running in a data center in Virginia.  If I were to reboot the server and obtain a different IP address or moved it to a different region, it would be something completely different.

Another option is to utilize the OpenVPN application for your mobile devices.  Download it from the store (Apple or Google), follow the documentation from the above blog post and then your phone can have a security connection as long as you have internet connectivity through your provider.

Ensuring that I have safe, easy, and secure access to the internet is important to me.  This solution was about 30 minutes worth of effort to complete and now I can travel knowing that any traffic I send over public Wifi can be secured.

Note, before embarking on this adventure, make sure that you do a cost estimate.  I have some free credits from Microsoft to play with so this solution fits within that budget. It’s quite possible that a 3rd party service is more cost effective for what you might need/want.  Your mileage may vary.  If you don’t have an Azure account yet, you can sign up for free and get $200 of credits for the first 30 days.  If you have a Visual Studio subscription, you can get $50/month! An excellent opportunity to start learning Azure!

Let’s face it, that’s pretty cool.

 

© 2018, John Morehouse. All rights reserved.

5 Replies to “Building a Personal VPN Azure Solution”

  1. Hello, how does Azure go about pricing the data flowing through Azure? Is it counted as both ingress and egress data? I’ve already installed my Algo VPN on Azure and details show only ingress data has been used, is this accurate?

  2. Hey Luke! Thanks for stopping by!

    The pricing would be minimal in theory because the data never lands in Azure really, it’s just a pass-though. That’s why my Azure VPN server is one of the smallest sized VM’s available. I don’t need a work horse of a machine since it’s only pass the data back and forth. What data is landing in Azure storage? Also, Ingress data should be free. How is your server configured?

  3. Hi John,

    Thanks for clearing that up! I have a Standard B1s VM running, it’s nearly one of the cheapest and it’s handling all traffic just fine. I was amazed by how fast this more or less private VPN is when I compare it to commercial VPN’s.
    I found the open source project Algo VPN online (https://github.com/trailofbits/algo) and I set up my base configuration with their setup wizard that works with the Azure CLI. There is very little activity on the OS Disk and activity is not influenced by usage of the VPN.
    What I find so weird is that the Azure monitor says I consumed 7.6 GiB (https://i.imgur.com/30cYYom.png) but my usage reports show something else (https://i.imgur.com/AcEvLZ7.png). I do have a promotion on my account (which grants me 15 GB of outbound data) but I’m not sure whether this outbound data counts towards that 15 GB.

  4. Hey Luke – not sure about the promotion your account has. In looking at this pricing model, https://azure.microsoft.com/en-us/pricing/details/bandwidth/ it looks like outbound traffic is indeed billable, however it’s super cheap in my opinion. I’m not sure what region your VM is in, but in northern Europe (I guessed) it’s only 0.074/GB for amounts between 5GB – 10TB. At that rate, you are probably looking at around 0.56 euros for the month. For myself, I don’t tend to do a ton of work through my VPN so I don’t ever worry about hitting that 10TB limit.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.