OpenVPN on EC2/AWS

EC2 Instance
  1. Allow UDP to port 1194 under the instance's security group
    1. to the world 
    2. or just your IP network
Install and configure OpenVPN instance/server
  1. apt-get install openvpn
  2. cd /etc/openvpn
  3. openvpn --genkey --secret my.key
  4. Put code below into /etc/openvpn/server.conf
  5. Run: openvpn --config /etc/openvpn/server.conf
    1. Leave running while taking remaining steps
  6. Allow NAT
    1. modprobe iptable_nat
    2. echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
    3. iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
  7. Checks for the paranoid
    1. lsof -nP -i
    2. lsof -c openvpn

port 1194
proto udp
dev tun
secret /etc/openvpn/my.key
keepalive 10 120
status server-tcp.log
verb 3

  1. If on Mac, use tunnelblick to open a file like myopenvpn.ovpn with below code
    1. Replace hostname with yours
    2. You'll need the my.key file in the same directory as the myopenvpn.ovpn file
  2. On Linux
    1. Put below in /etc/openvpn/client.conf
    2. Put my.key in /etc/openvpn as well
    3. Run: openvpn --config /etc/openvpn/client.conf
    4. Leave running
  3. For all operating systems
    1. When/if you see this in the client connection logs/messages, you've made it
      1. "Initialization Sequence Completed"
  4. Confirm
    1. You can ping, the openvpn server/instance via the ssh tunnel
    2. You can ssh into the openvpn server/instance via
    3. You have a new network interface with defined on it
    4. Goto:
      1. Does it look like your IP?
      2. If uncertain, use "whois" command to find out
dev tun
proto udp
remote 1194
resolv-retry infinite
secret my.key
verb 3
dhcp-option DNS
redirect-gateway def1


Popular posts from this blog

Debugging pfsense firewall rules clearly and easily

Direct ssh to a server via proxy using putty/plink on Windows

telnet vs netcat