You can deploy the VPN agent directly in your cloud environment to scan resources inside your VPCs and virtual networks. Both AWS and Azure are supported through their respective marketplaces.
VPN profiles require the Internal network scanning add-on.
Deploying on AWS
The VPN agent is available as a pre-configured AMI on the AWS Marketplace.Launch from AWS Marketplace
Launch the instance
You will be redirected to the agreement screen (TBD name in aws). From here, you need to Launch new instance. Configure the instance
We recommend using One-click launch from AWS Marketplace. Choose your instance type (t3.micro or larger) and select the VPC and subnet where your targets are located. One-click launch
After the setup is done, click Launch. Configure the security group
The agent only needs outbound TCP port 22 to vpn2.pentest-tools.com. No inbound ports are required, though you may want SSH access (port 22 from your IP) for management.
Activate the agent
SSH into the instance via your terminal as ubuntu using your key pair. An interactive prompt asks for your VPN UUID (found on the VPN Profiles page). Enter the UUID, and the agent starts automatically.SSH access is removed from the instance after initial setup. Complete all network or OS-level configuration before entering the VPN UUID.
Verify connection
Check that your VPN profile shows as Online in the dashboard.
Instance recommendations
| Specification | Recommendation |
|---|
| Instance type | t3.micro or larger |
| Storage | 10 GB gp3 |
Multi-VPC scanning
To scan resources across VPCs, you can use VPC Peering or Transit Gateway to route traffic, or deploy a separate agent in each VPC.Deploying on Azure
The VPN agent is available on the Azure Marketplace.Launch from Azure Marketplace
Create the VPN Agent
In the configuration page of the Pentest-Tools.com VPN agent you have to click on Create. Configure the VM
Select the virtual network and subnet where your targets are located. Standard_B1s or larger is sufficient. We recommend the following settings:
-
Add a Resource group (replace the “vpn-agents” example in the screenshot with your a resource group on your own account)
-
Set a name for your virtual machine in the Virtual machine name field
-
Choose your region, availability and zone options, availability zone
-
In the Username field, change the value from “azureuser” to “ubuntu”
-
Generate a new key pair or use an existing one
All the other options can be left as default.
Activate the agent
SSH into the VM as ubuntu using your key pair. An interactive prompt asks for your VPN UUID (found on the VPN Profiles page). Enter the UUID, and the agent starts automatically.SSH access is removed from the VM after initial setup. Complete all network or OS-level configuration before entering the VPN UUID.
Verify connection
Check that your VPN profile shows as Online in the dashboard.
VM recommendations
| Specification | Recommendation |
|---|
| Size | Standard_B1s or larger |
| Disk | 32 GB Standard SSD |
Multi-VNet scanning
To scan across virtual networks, set up VNet peering, or deploy a separate agent in each VNet.You can also deploy the VPN agent using the Docker image on any cloud VM instead of using the marketplace images. The marketplace images are pre-configured. 
