Published on

How to Setup Own VPN Server on AWS EC2? | What is VPN?

A VPN (Virtual Private Network) is important if you want to have more secure and safe browsing and also using it when you want to create access to your private network. Sometimes getting a VPN can be hard at times, espacially when you have to pay to use the service. In this article, I will show you how to setup your own VPN server on AWS EC2. I will also show you how to spoof your IP address and how to use VPN to protect your network.

How Does a VPN Work?

First, let's make a distiction between Privacy and Anonymity.

Privacy = Encrypted = Confidetnal

You can be know as a sender of a message, but the message itself is secret and only you can see it.

Anonymity = Unknown Sender / Unknown Reciever

But it's not necessarily private and confidential.

A VPN can provide bot or just one. Most web traffic is already encrypted with HTTPS. So at best without a VPN your ISP or anyone on your Local Area Network can see the domains. Not content. They know what sites you visit but can't see plain text content.

Adding a VPN creates an encrypted tunnel to the VPN server. The VPN server acts as a proxy and forwards traffic to its destination.

how-vpn-works

So if you connect to a VPN server hosted by a 3rd party then your ISP can see the IP of the VPN server but nothing else. However, the VPN server can keep logs and they basically get to snoop on your traffic since you've given them the trust.

Self-hosted VPNs are those where you host your own VPN server. So you know for certain if you logs or not. This is by far the best way to go but it also limiting in some ways.

You can host OpenVPN server on AWS EC2

That gives some level of anonymity because you can pick a server located in USA for example but if you want many server locations to choose from then you'd have to host a server for each geographic location which can get expensive.

How to Setup a VPN Server on AWS EC2?

Requirements

To get started with this tutorial, you need a Free Tier account so you won't be charged for running the VPN on AWS. if you don't have an AWS account, not to worry. you can create one here which comes with a Free Tier Eligibility for 12 months.

Step 1: Launch OpenVPN Access Server on AWS EC2

  1. Sign in to the AWS Management Console and navigate to the EC2 service.
aws-ec2-service
  1. If you are located in India change your region to Asia Pacific (Singapore) ap-southeast-1.
change-server-location-on-aws

OpenVPN unfortunately isn't a very light weight protocol, so it can cause some annoying slowdowns in speed. Of course, depending on you original ISP speeds, some of you might experience a big drop in speeds, while others will barely notice it.

So here's what you can do to get smoother and more stable speeds :

Use a server that's closer to you. For example, if you're in India, don't use a server in the US. Use one in Singapore or Hong Kong or Mumbai itself since they all lie in the Asia Pacific Region.

You should do this because: - Data packets will travel faster between your device and the server. - It's less likely that your connection will drop due to packet loss.

  1. In the dashboard, click AWS Marketplace menu and serach OpenVPN. Select first one with the Free Tier Eligibile tag.
search-openvpn-on-aws-EC2
  1. On the next page scroll down to click continue button.
continue-to-openvpn-aws
  1. Now select t2.micro instance type and click on Review and Launch button.
select-t2micro-instance-and-launch-instance
  1. After reviewing the details, click Launch button.
after-reviewed-openvpn-launch
  1. Create a new key pair (or use an existing one if you already have one), enter a name and click download key pair button. Then click Launch Instance and wait for the instance to be running state.
generate-key-pair-for-instance

Congratulations! You've successfully launched an OpenVPN server on AWS EC2.

Step 2: Configure the OpenVPN Server

  1. After you instance is running and you have a public IP address, you can access the OpenVPN server by SSH. Open your terminal and SSH to your server as root user in order to configure the admin side of the the VPN, to do that use the command below:
ssh -i <key-pair-name>.pem root@<public-ip-address>

Or, your can click on connect button.

click-connect-for-copy-public-ip

And copy your SSH command.

copy-ssh-command

if you are using a Linux or Mac machine, opern your terminal and if you are using Windows, open the PowerShell and type the following command:

open-terminal-and-type-command

Note : Your key pair is the one you either recently downloaded or you have on your computer, also ensure you specify the path of your key pair for it to work, that's if it's in a different directory.

  1. Next, type yes for SSH key confirmation and enter the following command:
type-yes-for-ssh-key-confirmation
  1. Again, type yes for the agreement.
type-yes-for-agreement
  1. Now, just hit enter for the all the default confirmed settings except only 2 prompts.
type-yes-for-prompts
  1. After it's done you'll see an instruction to no longer login as root but as user openvpnas which is created by default. You can login as user openvpnas and enter the following command:
ssh -i <key-pair-name>.pem openvpnas@<public-ip-address>
after-configure-openvpn-server
  1. When you've logged in successfully, create a password for the user openvpn, this is going to be the admin and client password to have access to VPN portal, you can do that by typing the following command:
sudo passwd openvpn
create-password-for-openvpn-user

You'll see a prompt to create a new password. And that's it, you've successfully configured the OpenVPN server.

  1. Next, open a Browser and go to the following URL:
https://<public-ip-address>:943/admin

Login with openvpn and the password you created. You should see the following page:

openvpn-admin-page

After login, you'll be asked to accept license agreement then you should see the following page:

openvpn-admin-page-after-login
  1. Now on left page, go to configuration and click on VPN Settings.
openvpn-admin-page-click-on-settings
  1. Then scroll down to Routing and enable Should client Internet traffic be routed through VPN option.
openvpn-admin-page-enable-routing
  1. Now scroll down again to Change the toggle for Have clients use specific DNS servers to Yes. Then enter custom DNS server and set Primary DNS server to 1.1.1.1 (Cloudflare DNS) and Secondary DNS server to 8.8.8.8 (Google DNS).
openvpn-admin-page-change-dns-server

Scroll down and click on Save Settings button.

openvpn-admin-page-save-settings

When you change the settings, you'll need to update the server, so click on Update Running Server and you're done!!!

openvpn-admin-page-update-server

Step 3: Configure the OpenVPN Client

  1. Go to your browser and go to the following URL:
https://<public-ip-address>:943/

You should see the user login page, enter the same credentials you used to login as admin.

openvpn-client-login-page
  1. Now select the OS of your choice you want to use the VPN on, and download the VPN client. In this tutorial, we'll use Windows. when downloading is done, click on the downloaded file and install it.
openvpn-client-download-and-install
  1. After the VPN client is installed, you w'll need to connection profile for connect to the VPN server. You can download the profile from the following link:
openvpn-client-download-profile
  1. Now, open the VPN client.
openvpn-client-open-profile
  1. Next you'll need import the profile. click on import and click on From Local File and select the profile you downloaded.
openvpn-client-import-profile
  1. After the profile is imported, you'll need to connect to the VPN server. Click on Connect as openvpn option.
openvpn-client-connect-to-server
  1. You'll see the VPN client authentication page. Enter the same credentials you used to login as admin. Then click on Connect button.
openvpn-client-connect-to-server-after-login

Once you're connected, you can access the internet through the VPN. And your IP address is changed by the AWS VPN.

openvpn-client-connected-to-server
Discuss on TwitterView on GitHub