Overview:

In the age of digital privacy, having control over your internet traffic is paramount. One effective way to secure your online activities is by setting up your own Virtual Private Network (VPN) server. In this guide, I’ll walk you through the process of creating your own VPN server using an AWS EC2 instance and OpenVPN. This setup will ensure your data is encrypted and your internet usage is private.

Why Set Up Your Own VPN?

  1. Enhanced Security: Encrypt your internet connection to protect sensitive data.
  2. Privacy: Hide your online activities from ISPs and other prying eyes.
  3. Access Control: Manage who can connect to your VPN and ensure secure access to your network.
  4. Cost-Effective: Using AWS's free tier, you can have a powerful VPN server at minimal cost.

STEP-BY-STEP guide:

STEP 1: Launch an EC2 Instance

Please refer to the blog  The Ultimate Guide to Setting Up a Virtual Machine on AWS with EC2 Instance, for detailed steps to creating EC2 Instance.

1. Log in to AWS Management Console: Navigate to the EC2 Dashboard.

2. Create a New Instance:

  • Click on Launch Instance.
  • Select the OpenVPN Access Server from the AWS Marketplace. This pre-configured AMI simplifies the setup process.  Q openvpn Quickstart AMIS (47) Commonly used AMIS DevOps (6243) Infrastructure Software (6202) My AMIS (0) Created by me AWS Marketplace AMIS (10258) AWS & trusted third-party AMIS Community AMIS (500) Published by anyone Business Applications (2150) Machine Learning (496) Industries (414) 10T (203) Cloud Operations (50) Professional Services (7) V Publisher cloudimg (1180) Apps4rent LLC (879) IOanyT Innovations, Inc. (536) Cognosys Inc Hardened Images (470) Askforcloud LLC (449) ProComputers (337) STREAMING ENGINE (i) OPENVPN Launch an instance Wowza Streaming Engine (Linux PAID) By Wowza Media Systems, Inc. I Ver 48.27 AWS reviews | 22 external reviews $85.00/mo + $0.69 to $4.69/hr for software + AWS usage fees Wowza Streaming Engine(TM) server software is a powerful, flexible, solution that powers reliable streaming of high-quality video and audio to any device, anywhere. Built for builders integrating video into their business, Wowza Streaming Engine software running on Amazon EC2 enables you to take... OpenVPN Access Server By OpenVPN Inc. I ver 2.13.1 AWS reviews | 185 external reviews OpenVPN Access Server, the OpenVPN self-hosted solution, simplifies the rapid deployment of a secure remote access solution with a web-based graphic user interface and OpenVPN Connect client installers. We also offer OpenVPN Cloud for small, medium, and enterprise businesses that prefer full cloud... Select Select 

Note: It shows $0.023 / Hr price, It is for the EC2 Instance. If you are on free-tier of AWS, you can launch upto two instances for free and OpenVPN access server is free to use upto 2 Clients.

  • Choose an instance type. For small-scale use, t2.micro is sufficient.
  • Configure instance details. The default settings should work for most cases.
  • Create a new pair of key and download the key. v Key pair (login) Info You can use a key pair to securely connect to your instance. Ensure that you have access to the selected key pair before you launch the instance. Key pair name - required Select Create new key pair
  • Add storage. The default 8 GB is typically enough.
  • Configure security group:
  • Allow inbound rules for ports 22 (SSH), 443 (HTTPS), and 943 (Admin Web UI).
  • Allow port 1194 (UDP) for OpenVPN connections.
  • Review and launch the instance.

STEP 2: Access the Instance 

 STEP 3: OpenVPN Configuration
    Please enter 'yes' to indicate your agreement [no]: yes Once you provide a few initial configuration settings, OpenVPN Access Server can be configured by accessing its Admin Web UI using your Web browser. Will this be the primary Access Server node? (enter 'no' to configure as a backup or standby node) > Press ENTER for default [yes]: yes Please specify the network interface and IP address to be used by the Admin Web UI: (I) all interfaces: ø.ø.ø.Ø (2) ethØ: 172.31.53.2 Please enter the option number from the list above (I- 2). > Press Enter for default [1] :
  • You need to configure the OpenVPN server using SSH client.
  • Please enter 'yes' to indicate your agreement : Yes
  • Will this be the primary Access Server node: Yes
  • Please specify the Network interface and IP address to be used by the Admin Web UI : 1
 
choi ces : Recomended - maximum compatibility rsa - elliptic curve, higher security than rsa, allows faster connection setup a secp384rI rofile files showal I - shows all options including non-recomended algorithms. Press ENTER for default [secp384rI] : What public/private type/algorithms do you want to use for the self-signed web certifi Recomended choices: rsa - maximum compatibility secp384rI - elliptic curve, higher security than rsa, allows faster connection setup a rofile files - shows all options including non-recomnended algorithms. showal I > Press ENTER for default [secp384rI] :

  • Just press enter for the above questions, It will take default settings.
 
Please specify the port number for the Admin Web UI. > Press ENTER for default [943]: Please specify the TCP port number for the OpenVPN Daemon > Press ENTER for default [443]: Should client traffic be routed by default through the VPN? > Press ENTER for default Should client DNS traffic > Press ENTER for default Admin user authentication Private subnets detected : [no]: yes be routed by default through the VPN? [no]: yes will be local ['172.31.ø.ø/16']
 
  • Please specify the port number for the Admin Web UI: 943
  • Please specify the TCP port number for the OpenVPN Daemon: 443
  • Should Client traffic be routed by default through the VPN: Yes
  • Should Client DNS traffic be routed by default through the VPN: Yes

        Should private subnets be accessible to clients by default? > Press ENTER for EC2 default [yes] : TO initially login to the Admin Web UI, you must use a username and password that successfully authenticates you with the host UNIX system (you can later modify the settings so that RADIUS or LDAP is used for authentication instead) . You can login to the Admin Web UI as "openvpn" or specify a di fferent user account to use for this purpose. DO you wish to login to the Admin UI as "openvpn"? > Press ENTER for default [yes] : Type a password for the 'openvpn' account (if left blank, 1 Confirm the password for the ' openvpn' account: a random password will be generated) :
 
  • Should private subnets be accesible to clients by default: yes
  • Do you wish to login to the Admin Web UI as "openvpn" or specify: just press > Enter

           Username is set as openvpn.

  • Enter the password and confirm the password.
  • Username: openvpn
  • Password: That you set right now.
Please specify your Activation key (or leave blank to specify later): Initializing OpenVPN.. Removing Cluster Admin user login. userdel: user 'admin_c' does not exist Writing as configuration file... Perform Sa init. Wiping any previous userdb... Creating default profile. 
  • Please specify your Activation key : Just Press > Enter.
  • Wait for few minutes , until it finishes configuration.
 
https : //løø. 24.205.221: 943/admin During normal operation, OpenVPN AS can be accessed via these URLs: Admin UI: Client UI: https://1ØØ.24.2Ø5.221:943/ To login please use the "openvpn" account with the password you specified during the setup. See the Release Notes for this release at: https : //openvpn. net/vpn-server- resources/release -notes/ openvpnas@ip-172-31-53-2 : 

STEP 5: Accessing the OpenVPN server through Web UI.

Note: IP Address might be different in your case.

Your connection is not private Attackers might be trying to steal your information from 100.24.205.221 (for example, passwords, messages or credit cards). Leatn-mQE.e Hide advanced Back to safety This server could not prove that it is 100.24.205.221; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. 

 

 Bye...

see you in the next blog..