How to Create a Free Personal VPN in the Cloud with EC2 and OpenVPN
For now, your VPN is public – no. Bueno. This means that anyone is able to access your server through an IP address.
Now we are going to make some changes that add some layers of security to your instance and the VPN you just installed. These changes will create a permanent IP address and a private IP address, create a user account to manage and access the VPN, and turn off settings on the server that disable public connections.
When an EC2 instance is started, it is assigned a public IP address so that that instance is available. Once the instance is closed, a new public IP address is assigned to the same instance. This means that if we set up the VPN server with the default IP, we will not be able to access the VPN if the instance is closed. Elastic IP solves this problem and assigns a permanent IP address.
Once your instance is started, you should see a list of instances associated with your account. select file OpenVPN Instance and on the left navigation window scroll down to “Network and Securityand select Flexible IPs.
OpenVPN is public at the moment.
Inside Elastic IP Addresses, we’ll “Customize a new addressand select our OpenVPN example. Once this is done, tap onassistant. “
sweet! Success is upon us. Hopefully your permanent public IP is now listed as one of your instance properties. Note that you can also view it from selecting the instance and viewing its description.
The instance now has a permanent IP address and a private IP address.
Now that we’ve created a permanent IP address, we’re going to make some changes to our OpenVPN configurations, disabling public access and actually creating a private network.
To complete these next steps, we use a protocol called SSH to log into our instance. SSH, or Secure Shell, is a secure, encrypted way to access and perform network operations over an unsecured network.
We’ll use this, along with the instance private (.pem) key to configure our OpenVPN configuration. To use our main right, we must first make sure that the key (.pem) is saved in the root user folder in the local computer files directory.
If your computer is set to default settings, the key will most likely be downloaded to your Downloads folder. Move the file to the user’s root directory. On my Mac it was MacintoshHD/Users/Tatiana. If necessary, you can open the root directory by searching the file path in the Finder.
Once the key is in your user’s root folder, launch a terminal window. You can do this with Finder and Write terminal.
Once the window opens, type the following command to log into the server with your instances IP . Flexibility. Replace the bolded parts below with the instance information.
ssh -i your key@openvpnas .pemYourElasticIP
If your situation is like yours, your key file has unlimited ownership privileges and you will receive a fine print file warning. This means that you will have to run an additional command, which I have listed below. You will be asked for the password to complete the command.
sudo chmod 600 ~/your key.pem
Chmod 600 changes the file’s privileges to “rw– – -” or in other words, the user can only read and write to this file. This is fine, because you should be the only user who has access to this file as an administrator.
After running these commands, you should be able to login successfully. When you do that, you should see this OpenVPN License Agreement.
Scroll down and tap “Enters“To agree.
Agree to the OpenVPN license.
This step is easy, just press enter for each of them until you are done. After completing this step, you will see the initialization complete message. Fabulous!
Hit Enter for all to keep the default settings.
In the terminal, type the following command to create a user with your name. This is a great practice, because you never want to administer a system as the root user all the time, as this can lead to excessive access privileges and accidental corruption of the system.
sudo passwd YourName
It will prompt you for a password, then prompt you again to confirm the password. Once you finish this type Exit To close the connection and log out.
Yay. The hard part is over, now we can focus on the good stuff.
To use the VPN server you just created, you need a client that will allow you to establish a connection to it. The client is an OpenVPN program that you can install on your computer like any other application. To do this, use your public IP address to access the installer link.
In your browser, open a new tab and type http://YourPublicIP and hit enter. This should take you to the next page that warns of a generic connection. Click on Advanced and select the link below to Advance.
Click to proceed.
Now we are directed to the login page of the OpenVPN server. Log in to the server using the username and password you just made in the machine.
In my case, I named my user openvpn. When you are finished, pressHe goes”.
Log in with your username and password.
At this point, you will be asked to click on a link to download the installer for OpenVPN. click The link, and when the installer has finished downloading, double-click Open He. She.
It should take you to the installation wizard. Success I continue every time and Installations Package.
OpenVPN Installer Wizard.
When you’re done, you should see a new icon at the top of the desktop bar. In my case, it’s the orange icon on the other side of the Help tab.
Look to the right here ^.
Great, VPN is on and we downloaded the app that lets us connect to it. Let’s log in!
Click on this new icon to start connecting to the OpenVPN we created. Under IP address, select Connection. Sign in with the username and password you created. After that, you should be connected to your VPN!
Log in to the VPN by selecting your IP and pressing connect.
You are now successfully logged in and the end of this tutorial is nearing. Let’s finish strong by adding the latest security touches!
We are very close!
Log in to the server again using your browser with the following URL:
Again, press advanced And Advance To be directed to the login page. sign in using your username and password. You should see this notification. Success Acceptance To access the VPN administration portal.
Click OK to continue.
Now that we are in the admin portal, we want to disable access to the gateway from your public/flexible IP address, and only allow use through the private IP address that has been set. To do this, in the left navigation panel, under “ranking” Determine “Server network settings. “
Scroll to the bottom of the page and turn off the admin web server and client options, as shown below.
Turn this off!
After that’s done, press save At the bottom. The page at the top will be refreshed to include this message. Success “Server update running. “
Click Update to keep the updated settings on the server.
When you press the button, the page breaks. This is a good sign, because we managed to disable the use through the public IP address.
Just like in step 9, you can still access the portal the same way, however, the public IP address no longer works. This means that you can only access it through the private IP. The URL is given below for clarity.
https://Your IP address: 943/Admin
Returning to your AWS EC2 console, select your instance. On the left navigation panel, under “Network and Security”, select “Security groups. “
Security groups for the OpenVPN instance.
Under the example, there should now be a tab titled “incoming. Select this tab and hit the edit button. You should now be able to delete SSH as a type by clicking X on the right. Success save to keep the changes.
Disable SSH in the security group.
Make sure to manually disconnect the client via the desktop icon when you shutdown your PC or put it to sleep! Failure to terminate the connection can create ports for the daemon and may cause the application to crash.