Connect with us

Hi, what are you looking for?


How to Create an Amazon VPN Server

How to Create an Amazon VPN Server


While current VPNs come with many subscription options, most of them – or at least fast and reliable – are only available with a monthly purchase. In this guide, we show you how to set up a VPN on Amazon web services, so you can avoid monthly subscription costs.

AWS . Requirements

Amazon Web Services offers two different VPN server options: OpenVPN and SSH Tunneling. Each option has its ups and downs, and both are worth researching extensively before making a decision. Regardless of whether you choose OpenVPN or SSH Tunneling, you will still need to meet the following requirements:

  • An account with Amazon Web Services
  • Credit card for Amazon Web Services enrollment (no fees unless you exceed preset amounts)
  • PuTTy (SSH client)
  • PuTTyGen (key generator)
  • WinSCP (FTP Server)

How to set up Amazon VPN on AWS

Setting up your VPN on Amazon Web Services is very easy. For Windows users, you will need to complete the following steps after signing up for an account and setting up your billing information.

  1. When prompted, choose the free basic plan
  2. In the search bar, type EC2 and click on it
  3. From the EC2 dashboard, select Launch Instance
  4. Select the first eligible free-tier option: Amazon Linux AMI
  5. Choose the eligible t2.micro free tier option (usually pre-selected)
  6. Select Review and Play at the bottom of the page
  7. Click Edit Security Groups
  8. Click Add Rule
  9. Under the type dropdown list, select Custom UDP
  10. Set the port range to 1194
  11. Under Source, select Anywhere
  12. select launch
  13. When prompted, select the dropdown menu and choose Create new key pair
  14. Name your key pair
  15. Select Download Key Pair and store it in a safe place
  16. Select Running Instances
  17. On the Playback status screen, select View Instances
  18. Verify that only one instance is running (if this is your first time using EC2)

How to use your Amazon VPN with an SSH tunnel

Many people use VPNs in hopes of accessing geo-restricted content. If the only reason you want to use a VPN is to access content that is not available in your country, then an SSH tunnel is probably the best and easiest option for you. While an SSH tunnel isn’t perfect, it’s great for light use like basic web browsing or searching your way around geo-locked websites/services.

To set up an SSH tunnel, complete the following steps:

  1. Download PuTTy and PuTTyGen .exe files
  2. Double click on PuTTyGen to open it
  3. select download
  4. In the dropdown menu in the lower right corner, select All File Types
  5. Choose your key pair file before
  6. Select Save private key
  7. The file name must match the .pem character
  8. Optional: Create a passphrase
  9. Exit PuTTyGen and open PuTTy
  10. Go to your AWS EC2 dashboard
  11. Copy IPv4 Public IP
  12. Paste the IPv4 Public IP into the PuTTy hostname (or IP address)
  13. Choose a session name
  14. Select Save
  15. In the right panel, go to SSH > Auth
  16. Under Authentication parameters, select Browse
  17. Navigate to the private key you created earlier and select it
  18. In the right panel, go to SSH > Tunnels
  19. Under Add new port forwarding: type 8080 and select Dynamic and Automatic
  20. Go back to the session and select Save
  21. select open
  22. When prompted for a username, type ec2-user for Amazon Linux AMI
  23. Go to the next steps based on your preferred browser

fire fox

  1. Open Firefox browser
  2. Go to Tools > Options > Advanced > Network > Connectivity > Settings > Manual Proxy Configuration
  3. Set the SOCKS host to
  4. Set the port to 8080
  5. Click Save


  1. Install Proxy SwitchySharp Extension
  2. Setup screen will appear
  3. Choose a name
  4. Select manual configuration
  5. Change the SOCKS host to
  6. Change the port to 8080
  7. Everything else should be left blank
  8. Select Save
  9. Click the extension icon and select your proxy profile

After completing the above steps, you will successfully pass your browser traffic through your EC2 instance tunnel. However, an SSH tunnel is only useful for light browsing and accessing some geo-restricted content. If your goal is to create a fully functional Virtual Private Network (VPN) with the ability to redirect all your internet traffic, then OpenVPN is the option you’ll want to consider. We get into the details below.

How to use AWS with OpenVPN

As an open source application, OpenVPN is a great VPN tool to use. With the ability to redirect all your internet traffic through your EC2 instance, OpenVPN is also able to help with VPN use for apps like Steam or Setting up OpenVPN may seem complicated when you direct your attention to the instructions, but the truth is that it is fairly simple (if not time consuming).

Install OpenVPN on AWS

  1. Using the instructions above, connect your EC2 instance to PuTTy
  2. A command prompt showing Amazon Linux AMI should appear
  3. Copy and paste the following commands individually into the Command Prompt:
  • sudo yum install -y openvpn
  • sudo modprobe iptable_nat
  • echo 1 | sudo tee / proc / sys / net / ipv4 / ip_forward
  • sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  • sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  1. If the first command above didn’t work, replace it with:
  • sudo apt-get install -y openvpn

Connecting to OpenVPN via easy-rsa

When it comes to setting up an OpenVPN server, you have two different approaches. The first method allows you to connect to different devices simultaneously via easy-rsa, while the second method only allows one connection at a time via static encryption.

Server Configuration

  1. Copy and paste the following commands individually into the Command Prompt:
  • sudo yum install easy-rsa -y –enablerepo = epel
  • sudo cp -via /usr/share/easy-rsa/2.0 CA.
  1. Enable the root user by typing in your command prompt sudo su
  2. In the next step, you will be asked to fill in information such as your job/company – select the default by pressing Enter when prompted
  3. Copy and paste the following commands individually into the Command Prompt:
  • cd /usr/share/easy-rsa/2.0/CA
  • Source ./vars
  • ./clean everything
  • ./build-ca
  • ./build-key-server server
  • ./build-dh 2048
  1. To set up your device, individually copy and paste the following commands into the Command Prompt:
  • ./build-key client
  • cd /usr/share/easy-rsa/2.0/CA/keys
  • openvpn –genkey – pfs.key secret
  • mkdir / etc / openvpn / keys
  • for the file in server.crt server.key ca.crt dh2048.pem pfs.key; make cp $ file /etc/openvpn/keys/; he did
  • cd / etc / openvpn
  • nano server.conf
  1. Nano text editor will open – copy and paste the following text:

Port 1194

proto udp

Dave Ton

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/server.crt

key /etc/openvpn/keys/server.key # This file must be kept secret

dh /etc/openvpn/keys/dh2048.pem

AES-256-CBC encryption

SHA512 Authentication


push “redirect-gateway def1 bypass-dhcp”

Push “dhcp-option DNS”

Push “dhcp-option DNS”

ifconfig-pool-persist ipp.txt

Survive 10120


persistence key

continuation ton

status openvpn-status.log

Log and append openvpn.log

verb 3

TLS Server

tls-auth /etc/openvpn/keys/pfs.key

  1. To save and exit the configuration text, press CTRL + O followed by CTRL + X
  2. Start OpenVPN by typing in the command prompt:
  • start sudo openvpn service

Client configuration

  1. Copy and paste the following commands into the command prompt:
  • cd /usr/share/easy-rsa/2.0/CA
  • chmod keys 777
  • CD keys
  • for the file in client.crt client.key ca.crt dh2048.pem pfs.key ca.key; Does sudo chmod 777 $ file ; he did
  1. Download and open WinSCP with default installation options
  2. WinSCP will prompt you to import server authentication details from PuTTy
  3. Select the one you created in the previous steps
  4. Select Edit and type under the username: ec2-user
  5. Click on login
  6. Click Edit, then Advanced
  7. Go to SSH > Authentication > Private Key File
  8. Find your PPK file
  9. Back on the main screen, enter the IPv4 address of the EC2 instance in the Hostname field
  10. Save your settings
  11. In the right panel, go to the directory containing your key files
  12. You will need to highlight the five necessary files: client.crt, client.key, ca.crt, dh2048.pem and pfs.key
  13. Select the green download button
  14. Save files wherever you want
  15. Go back to the PuTTy Command Prompt
  16. Copy and paste the following command:
  • for the file in client.crt client.key ca.crt dh2048.pem pfs.key; Does sudo chmod 600$ file; he did
  • compact disc..
  • chmod switches 600
  1. On your computer, move the five files to the OpenVPN configuration folder (the default location is C: \ Program Files \ OpenVPN \ config

SUB: Create a client configuration file

The last thing we need to do is create the client configuration file. Fortunately, this can be done easily with a basic text editor.

  1. Right click on any basic plain text editor
  2. Select Run as administrator
  3. Copy and paste the following configuration:


Dave Ton

proto udp



Customer testimonial. crt

customer key

tls-version-min 1.2.0 Update


AES-256-CBC encryption

SHA512 Authentication

Solve and try again infinite

Authentication – Retry anything


persistence key

continuation ton

ns-cert server type


verb 3


tls-auth pfs.key

  1. Save the configuration file as client.ovpn
  2. Save the config file in the same directory as the other 5 files (default is C:\Program Files\OpenVPN\config)
  3. Finally, right-click on OpenVPN GUI and select Run as administrator
  4. In the system tray below, right-click on the OpenVPN icon
  5. Connect to the appropriate configuration
  6. If successful, the OpenVPN icon will turn green

Remove the CA file

To stay as secure as possible, our team at recommends removing the ca.key file from your server. In the event that a CA has been compromised, you will never want to trust the certificates this CA provides in the future. Before completing the following steps, make sure you have the keys/certificates for each device you want to connect.

  1. select ca.key
  2. Instead of selecting the Download button, select Download and Delete
  3. Store the file in a safe place

Fix restart or maintenance problems

If you encounter problems after restarting your computer or completing maintenance, you can set up OpenVPN as a service by typing the following commands at the command prompt. Most of the time, this fixes the problem.

If the above commands don’t work or you seem to be connecting to the VPN but not the internet, try resetting the iptable settings by running the commands from earlier:

  • echo 1 | sudo tee / proc / sys / net / ipv4 / ip_forward
  • sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  • sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Connecting to OpenVPN via Static Encryption

While this method is easier to achieve than the easy-rsa method, it is less secure and only allows one connection to the VPN server at a time. Still, a great choice over other free VPN services.

  1. In the PuTTy command prompt, paste:
  • cd / etc / openvpn
  • sudo openvpn –genkey – ovpn.key secret
  • sudo nano openvpn.conf
  1. When the Nano text editor pops up, type the following configuration:

Port 1194

TCP Server Proto

dev tun1


Server Status – tcp.log

verb 3

ovpn.key secret key

  1. Select CTRL + O to save followed by CTRL + X to exit
  2. At the PuTTy command prompt, type:
  • start sudo openvpn service
  • sudo chmod 777 ovpn.key
  1. Download WinSCP by following the default installation prompts
  2. The prompt will ask you to import server authentication details from PuTTy
  3. Select the option you made in the previous steps and click Edit
  4. Under the username, type ec2-user and press login
  5. In the right panel, scroll up and go to etc / openvpn
  6. Select the ovpn.key file and drag it to a safe place
  7. At the PuTTy command prompt, type:
  1. Download OpenVPN according to your system specifications
  2. Move ovpn.key to OpenVPN config folder (default is C:/Program Files/OpenVPN/config…)
  3. Open Notepad and paste the following:

Proto TCP Client

remote yourEC2IPhere

Don’t forget to share this post with friends !

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *



AnyConnect certificate-based authentication. Cisco community πŸ‘¨β€πŸ’» The information in this document is based on the following software and hardware versions: ASA 5510 running software...


Top 5 Free AV Packages – πŸ‘Œ Bitdefender Antivirus Free Edition best interface Positives Works on Windows 7 and 8.1 Very easy to use...


Avira Free Antivirus Review for Mac / Windows and Android are the most common targets for malware programmers, but that doesn’t mean macOS is...


Avira Free Security Review You need antivirus protection on all of your devices, whether you’ve budgeted for it or not. If ready cash is...