Setting up OpenVPN on AWS
I’ve just spent a frustrating couple of hours trying to set up my own VPN on AWS using the free tier and am writing this to hopefully save someone else some of that pain.
Here’s the shortened version:
- I tried: OpenVPN (my install), Wireguard (my install) and then OpenVPN Marketplace.
- Each time, I seemed to be able to connect, but had no real throughput and no change in IP address.
- I think the problem was (mainly) that I didn’t check a setting to route ALL traffic through the VPN.
Here’s how I solved it for me but note, I am only adding in some snippets which you need to apply in conjunction with the guide below.
To begin, create an account at OpenVPN and purchase a BYOL license. It’s free for 2 users and you don’t need to enter any credit card information.
Make sure you keep the subscription page handy and specifically, the copy key button - you will need that for the installation.
Now move onto this guide which will show you how to create an EC2 market place instance on AWS.
At the point of configuration, you will now need to connect to the instance. For that, I used BitVise, added the key pair to my Client Key Manager and found this guide helpful. Note: the username will be openvpnas
.
After SSHing in and watching the wizard begin, I followed all the defaults in the installation as per the written guide above.
Note: don’t forget to change the password for the openvpn
user again, as per the guide.
Next, when the EC2 instance was running, I connected to the admin URL in my browser and ignored any complaints about SSL certificates. You should have been shown the URL just after you completed the wizard but my output looked a little like this in case you missed it:
1 | During normal operation, OpenVPN AS can be accessed via these URLs: |
From here, there are a few settings you may want to pay attention to in the admin panel.
Using the hostname
Make sure you use the hostname rather than the IP address in case it changes. You can find yours on your AWS instance summary page for the instance. For me, in an EU region, it’s something like: ec2-XXX-XXX-XXX-XXX.eu-west-2.compute.amazonaws.com
.
Click Save Settings down the bottom of the webpage.
Note: set this first before you connect any clients, or you will need to re-import the configuration.
Make sure all traffic goes through the VPN
Under the VPN settings of the admin screens, make sure you have this setting like so:
Updating the server
This is really important. Just because you changed a few settings doesn’t mean the server knows about them! Make sure you click this at the top of the page, too:
Connecting to the VPN via a Windows client
I used this guide for Windows
Connecting to the VPN with Android
After installing OpenVPN Connect in the Play Store:
- Open the app
- Connect to your VPN via your EC2 DNS name, using the URL tab of the app.
- Click Next
- Type in
openvpn
as the username - Type in your password
- Select the checkbox to save the password (if you prefer and if offered)
- Click import
You should now be disconnected, but on the Profiles page.
- Press the toggle to connect.
- It may ask for your password again - look out for the save password checkbox if offered.
Check your IP address changed
Use a service such as this to see if your IP address has altered. It should have, hopefully.
Other problems
Lastly, I found this site for a Macintosh program called TunnelBlick really useful for common problems.
Hopefully that will be enough to get you over any bumps should you find any!
Hi! Did you find this useful or interesting? I have an email list coming soon, but in the meantime, if you ready anything you fancy chatting about, I would love to hear from you. You can contact me here or at stephen ‘at’ logicalmoon.com