In this tutorial, we will learn “OpenVPN server setup on AWS”
OpenVPN is a full-featured, open-source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, you will set up an OpenVPN server on an Ubuntu 18.04 server and then configure access to it from Windows. When the OpenVPN Access Server is installed without a license key it goes into a sort of demonstration mode. Free or very Cheap VPN server software with high concurrent. Clients connecting to the Access Server. The free license key is designed to get you. All OpenVPN Access Server downloads come with 2 free connected devices for testing. Benefits of Access Server Subscriptions. Access Server pricing is based on the needed number of simultaneous VPN connections. While others charge based on the number of CPU cores or the bandwidth of the server, OpenVPN does not. Our customers come first. Say hello to a hassle-free way to manage your security with monthly and yearly subscriptions.
OpenVPN
OpenVPN is an opensource commercial software that is used to create Remote VPN as well as Site-to-Site VPN Tunnel.
Remote VPN enables an Individual User to connect private networks(e.g- Office Network) from remote locations. Using a Site-to-Site VPN, users from two different private networks ( e.g – two branch offices) can connect to each other.
An unlicensed OpenVPN server will only ever allow 2 simultaneous connections. If you want more than two simultaneous connections, you need to purchase OpenVpn Licence for at least 10 devices of around 180 dollars.
In this tutorial, we will learn to Setup OpenVPN Server on AWS for Remote VPN connection to AWS Resources from end-users.
Tanger serif font free download. Read About: 21 Important AWS Services you must know
&& How to extend AWS EBS Volume with Zero downtime
OpenVPN server setup on AWS
Step 1 – Launch OpenVPN Instance from AWS Marketplace.
Login to your AWS account and navigate to Services—–> EC2 —–> INSTANCES —–> Instance and then click on Launch Instance
Select AWS Marketplace and search for Openvpn
Select OpenVPN Access Server
After Selecting, the following screen will appear that shows the OpenVPN access Server pricing details.
However, there is no Software price and very minimal instance pricing for T2/T3 instances.EC2 Instance charges for Micro instances are free for up to 750 hours a month if you qualify for the AWS Free Tier.
Click on Continue
Choose your Instance Type and Next: configure Instance Details. I am using T2 Micro Instance(Free Tier) for this Setup.
To Configure and Launch your OpenVPN Server Instance please follow the the rest steps after the above step from this tutorial – How to Launch Linux Virtual Machine on AWS
Use the following Customization when you do the OpenVPN Server Setup
i) The VPN server VPC must be the same as the VPC ofresources that you want to access using VPN.
ii) Enable Auto Assign Public IP for the Server.
Note: You can also attach Elastic IP later if you do not Enable public IP at the time of the the Server launch. Elastic IPs are also used if you do not want to change the Public IP every time after the server reboot.
iii) Create a security group with the following :
Allow TCP/UDP port 1194, HTTPS Port 443 for anywhere. Also, allow TCP port 943 and 22 for your home or Office Network to access the VPN Server from Web Browser and SSH respectively
Step 2 – Configure OpenVPN Access Server
After launching the OpenVPN Server, use the following command to SSH it from your Local Machine ( Use Terminal in Linux /MAC OS and use Putty/GitBash from Windows OS to run below command)
$ sudo ssh -i your-private-key [email protected]
The following prompt will appear. Enter the required details as follows :
Welcome to OpenVPN Access Server Appliance 2.7.5
System information as of Sat May 23 08:50:39 UTC 2020
System load: 0.01 Processes: 90
Usage of /: 30.5% of 7.69GB Users logged in: 0
Memory usage: 17% IP address for eth0: 10.100.10.10
Swap usage: 0%
OpenVPN Access Server
Initial Configuration Tool
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)
Please enter ‘yes’ to indicate your agreement [no]: yes
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.
Will this be the primary Access Server node?
(enter ‘no’ to configure as a backup or standby node)
> Press ENTER for default [yes]: yes
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 10.200.22.231
Please enter the option number from the list above (1-2).
> Press Enter for default [1]: 1
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]: ———————–> Press Enter
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:———————> Press Enter
Should client traffic be routed by default through the VPN?
> Press ENTER for default [no]: ———————> Press Enter
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [no]: ——————> Press Enter
Use local authentication via internal DB?
> Press ENTER for default [yes]: ——————–> Press Enter
Private subnets detected: [‘10.200.0.0/16’]
Should private subnets be accessible to clients by default?
> Press ENTER for EC2 default [yes]: ———————-> Press Enter
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).
Openvpn Access Server License Key Generator
You can login to the Admin Web UI as “openvpn” or specify
a different user account to use for this purpose.
Do you wish to login to the Admin UI as “openvpn”?
> Press ENTER for default [yes]: ——————> Press Enter
> Please specify your OpenVPN-AS license key (or leave blank to specify later): ———————> Press Enter
Initializing OpenVPN…
…………………………………………………………
useradd -s /sbin/nologin “openvpn”
Writing as configuration file…
Getting hostname…
—————————————————————--
Starting openvpnas…
NOTE: Your system clock must be correct for OpenVPN Access Server
You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://131.17.132.112:943/admin
Login as “openvpn” with the same password used to authenticate
to this UNIX host.
Step 3 – Reset the password of Openvpn user
Reset the password of the VPNUser on the VPN Server to login and manage it from the Web browser.
$ sudo su
$passwd openvpn
Enter new UNIX password: ————->Enter New password
Retype new UNIX password: —————-> Confirm Password
passwd: password updated successfully
Step 4 – Login to the admin console using Web Browser
Open the following link obtained in Step 2- Configure OpenVPN Access Server to login to the admin console to manage it.
https://Open-VPNServer-Public-IP:943/admin
e.g – https://131.17.132.112:943/admin
Username : openvpn
Password: ———–> Use Password that you reset in Step 3
Step 5 – Create a VPN user to access AWS network resources.
Add a User say DevOps-user and save and then Update Running Server. Click on the checkbox for Auto Login profile for a User
Step 6 – OpenVPN client setup for the VPN connection to access AWS resources.
Ask the user to login using the following URL to download the autologin profile for connecting VPN
https://Open-VPNServer-Public-IP:943/
Note: Rename your downloaded autologin profile (e.g- Washington VPN, New York VPN, etc. ) accordingly so that you can recognize it.
i) For Linux Users
Use the following command to install and connect OpenVPN client
To Install VPN Client
For Ubuntu/Debian
$ sudo apt-get install openvpn -y
For Centos/RHEL
$ sudo yum install openvpn -y
To Connect OpenVPN Client
$ sudo openvpn –config autologinprofile.ovpn
ii) For Windows/Mac Users
Users can download OpenVPN client software (By Clicking on the Windows icon / Apple icon on the top) after login into their profile (https://Open-VPNServer-Public-IP:943/) and install it on their Computer. After Installation, they also need to import their downloaded profile to the VPN client.
Double click on your imported profile on VPN client so as to connect your AWS resources.
Note: For MAC OS you can also use TunnelBlick(OpenSource) and for Windows, you can use Viscosity(Paid) as an alternative of OpenVPN Client software.
Step 7 – Allow VPN server IP in security group of AWS resources( eg.- Ec2 Instance) to access particular service/port.
Suppose we have to provide access to a user to ssh an EC2 Instance in the private subnet using VPN. For this, we need to allow OpenVPN server IP Address for TCP Port 22 in the security group of the EC2 Instance.
Open the security Group of EC2 Instance or any Other resources (If you want to access that resource using VPN) and allow OpenVPN server IP for port 22(or any other port that you want to access) as follows:
Now you will able to SSH the EC2 Instance using its Private-IP directly after connecting VPN
Connect Open VPN and run the following command to SSH the EC2-Instance.
I hope you enjoyed this tutorial and learned about the “OpenVPN server setup on AWS”. If you think this is really helpful, please do share this article with others as well. Please also share your valuable feedback, comment, or any query in the comment box. I will really happy to resolve your all queries any.
Thank You
If you think we have helped you or just want to support us, please consider these:-
Connect to us: Facebook | Twitter
HP 15s eq0024au 15.6-inch Laptop (3rd Gen Ryzen 5 3500U/8GB/512GB SSD/Windows 10/MS Office 2019/Radeon Vega 8 Graphics), Natural Silver
(as of September 9, 2020 - )
Learning has never been so easy!
In this HOWTO, I have demostrated how to deploy a OpenVPN server on AWS, and how to connect your AWS resources from end user devices through OpenVPN client program.
What is OpenVPN Server ?
OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange.
AWS provides this OpenVPN server as an AMI to provide secured point-to-point connection between your AWS site to your site situated anywhere in the world. Thiruppavai lyrics in tamil pdf. This will be helpful for mobile users want to connect your company AWS resources in a secure way.
So, this HOWTO explains how to setup a Software Defined Private Network in AWS cloud environment, and how a client can connect his AWS resources through OpenVPN server. Warpaint the fool deluxe rar.
8 Steps total
Step 1: Preparing your Environment
What are all the components involved in this preparation -
OpenVPN Access Server Appliance [In the form of : AMI] OpenVPN Client Software VPC Configuration hosted at AWS
Licensing :
OpenVPN Access Server licensing comes pre-bundled with your Amazon EC2 instance providing the flexibility of hourly billing with no upfront costs or long-term investments i.e in one word : Pay As You Go.
Let’s assume that you already have a basic hands-on experience in AWS cloud services like hosting VPC and launching instances. Below diagram shows clearly how a remote user connected to AWS private network using Open VPN Gateway client through a secured VPN tunnel.
Step 2: Launching Open VPN Server Appliance
On our first step, we are launching Open VPN Server Appliance from AWS Market place. Note that, Open VPN Server instance will be charged as per the no of concurrent connection license it has. You can choose any Open VPN server appliance as per your need.
First login to AWS Market Place with a valid AWS console login.
Openvpn Access Server License
https://aws.amazon.com/marketplace/
Enter OpenVPN Access Server in the search window, and press Enter.
Openvpn Access Server License Key Free
Step 3: Launching Open VPN Server Appliance - Step 2
Search result will shows available Open VPN Server instances with various connection count. Please note that, depends on connection count and Region of deployment your monthly bill will vary.
Select any one of the Open VPN Server appliance for deployment.
Step 4: Launching Open VPN Server Appliance - Step 3
Click continue to launch the instance. For a simple launch process, choose “1-Click Launch” option and proceed with default option, However user can always have flexibility to make fine adjustments like Changing AWS “Region”,EC2 Instance Type, VPC Settings and security group information.
While launching the Server Appliance, you will be noted to create a new key pair to connect the instance. Create a new pair and keep it safely to connect the instance later.
Click “Launch with 1 click” button after you have confirmed all of the selected options are correct.
To confirm that the instance has successfully launched, watch the Instances section for status. You should see something similar to the following as your instance is being launched. Once you see 'Instant status' is running, your Open VPN Server Appliance is ready for configuration.
Step 5: Assigning an Elastic IP to the Instance
Though its option, you should allocate a static IP address for your appliance so the IP address can be reclaimed in case of AWS machine failure/shutdown/reboot. To do so, visit the Elastic IPs section in the left navigation panel.
Step 6: Configuring OpenVPN Access Server Instance
Once your new instance is successfully launched and running, you will need to SSH into the console using a SSH client software and the private key pair you have used/created previously.
When login screen is prompted, use openvpnas as the username, and then press Enter. (NOTE: If you are using previous versions of our appliance, the username used is root instead of openvpnas)
If the private key you have specified was correct, you should now be logged in and the OpenVPN Access Server Setup Wizard should now be started. Follow the instructions below to begin configuring your server.
Read through the EULA, and enter yes to indicate your agreement acceptance.
>> Will this be the primary Access Server node?
Default: Yes, Press Enter to accept the default setting. Otherwise, if you are setting up your failover node, change this to say no. Here we are setting up primary Access Server node. So default selected.
>> Please specify the network interface and IP address to be used by the Admin Web UI:
Default : 2, Choose 1 – “all interfaces: 0.0.0.0” to listen in all interface.
>> Please specify the port number for the Admin Web UI.
Default: 943, It is usually safe to leave this at the default port unless customization is desired.
>> Please specify the TCP port number for the OpenVPN Daemon
Default: 443, It is usually safe to leave this at the default port unless customization is desired.
>> Should client traffic be routed by default through the VPN?
Default: No, If you only have a small network you would like your remote users to connect over the VPN, select no. Otherwise, if you would like everything to go through the VPN while the user is connected (especially useful if you want to secure data communications over an insecure link), select yes for this option.
>> Should client DNS traffic be routed by default through the VPN?
Default: no, If you would like your VPN clients to able to resolve local domain names using an on-site DNS server, select yes for this option. Otherwise, select no. Do note that if you selected yes for the previous option, all traffic will be routed over the VPN regardless what you set for this setting here.
>> Use local authentication via internal DB?
Default: yes, If you would like OpenVPN Access Server to keep an internal authentication database for authenticating your users, select yes for this option. When this option is turned on, you will be able to define and/or change username and passwords within the Admin Web UI.
>> Should private subnets be accessible to clients by default?
Default: yes, This option defines the default security setting of your OpenVPN Access Server. When Should client traffic be routed by default through the VPN.
>> Do you wish to login to the Admin UI as “openvpn”?
Default: Yes, This defines the initial username in which you would use to login to the Access Server Admin UI area. This username will also serve as your “lock out” administrator username shall you ever lock yourself out of your own server. If you would like to specify your own username, select no. Otherwise, accept yes for the default.
> > Please specify your OpenVPN-AS license key (or leave blank to specify later):
Explanation: If you have purchased a license key for your OpenVPN Access Server software, enter it here. Otherwise, leave it blank. OpenVPN Access Server includes two free licenses for testing purpose.
>> Create password for the OpenVPN admin user, invoking the below command.
sudo passwd openvpn Enter new UNIX password: Retype new UNIX password:
Last thing we need to do before we can connect to the admin area and to our VPN is disable the Source/Destination check in AWS. Without doing this we would not be able to access our private subnets.
To change this go to the EC2 console in AWS, select your instance, choose *Actions>Networking>Change Source/Dest. Check* as seen below. Choose “Yes, Disable” on the next screen.
Step 7: Testing OpenVPN server connectivity
Here, we are setting up a test instance on the same private subnet VPC where the OpenVPN server exist.
1.Login to your AWS account and navigate to the EC2 Dashboard and click “Launch Instance” on the left.
Press “Select” next to the top item *Amazon Linux AMI*
2. Leave on t2.micro and click “Next: Configure Instance Details.”
3. Make sure to set your subnet into your private subnet mentioned in the prerequisites. Then click “Review and Launch” as defaults for everything else are fine for this test.
Step 8: Connecting AWS instance from the client
Install the OpenVPN client on end user machine and connect to the instance running in the private subnet on AWS.
In your web browser enter the Elastic IP from your OpenVPN Access Server https://elastic-ip-here:943 Note: On your first attempt to connect you will be warned by your browser that the SSL certificate cannot be validated. This is OK for our demo but in a real world you will want to setup a real SSL certificate in your setup.
On the screen enter “openvpn” for the Username and the password you created for the user.
After your credentials are accepted you will see the screen below. Go ahead and click “Click here to continue” which will download the OpenVPN client installer to your machine.
Thus, Open VPN Server appliance is deployed on our AWS account, and you can create as many AMIs on that created VPC. Now authenticated users can login to connect their AWS AMIs securely through the installed VPN Client.
Deploying a Open VPN server providing an extra security for the end users, and it is easy to deploy a OpenVPN server on your AWS account.
References
Vembu Blog
4 Comments
Anaheim
WRXDriver414 Jun 22, 2017 at 06:52pm
Any steps to setup LDAP auth in a windows domain environment by chance?
Pimiento
selvarajmanoharan Jul 24, 2017 at 02:49pm
Hi, Can you please clear about your question ? You want to know LDAP auth for functionality in windows? or AWS auth with LDAP Protocol ?
Anaheim
reeceline Feb 6, 2018 at 08:05pm
Great guide, easy to follow was able to setup OpenVPN.
Pimiento
mhghg-2020 Apr 25, 2020 at 06:57am
Can you show us how to set up openvpn server on ubuntu Server 20.04 LTS if possible please?