Background
To make the development environment identical to the production environment, configure your client to override the authoritative DNS server(s) for the commonidtrust.org domain to the development environment.
...
Installation
yum install -y install --enablerepo=epel openswan xl2tpd bind
Configure /etc/named.conf and the zone file /var/named/masters/commonidtrust.org (see examples attached). Configure xl2tpd and Openswan.
chkconfig named on
chkconfig ipsec on
chkconfig xl2tpd on
Recursion is disabled and rate limiting is set at 5 per second. Since there are a total of 3 records, this is basically impossible to use in any form of attack, ever, and it's in a personal account anyway.
Logging
named logs to /var/log/messages
...
/etc/init.d/named stop
This is configured to serve up the A and/or CNAME records for account.commonidtrust.org, helpdesk.commonidtrust.org, and login.commonidtrust.org for the specific VPC environment.
...
VPN Docs:
pretty much just stole http://www.stormacq.com/build-a-private-vpn-server-on-amazons-ec2/