OpenVPN on AWS EC2



A Virtual Private Network (VPN) allows you to give yourself a sense of anonymity while browsing the internet. Personally, I have been using a VPN to evade my school’s network policy of blocking all ports other than ports used for HTTP or FTP.. and to play online games (sad to say it’s MapleStory) with my FYP group mates. I was introduced to create a VPN server on Azure by my friend Zane the author of this awesome guide on Spiffy teaching you how to do so.

However, I was looking for an alternative VPS service as my subscription to Azure is ending. I chose Amazon Web Service (AWS) because of it’s year long free tier so I adapted the Azure guide for AWS.

*Note this guide was created in 2015.


First off we need to obtain the following:

Getting Started

Important Notes

If your school/organisation blocks ports then the default port 1194 used for this guide will probably be blocked too. In order, to fix this problem change all the port 1194 to 443 (used for HTTPS so it should not be blocked). If you do change the port to 443 ensure that you have changed all the ports during the configuration of the OpenVPN server and the creation of OVPN files.

Setting up the VM in AWS EC2

  1. Login into AWS and access EC2.
  2. Once you are in EC2 Management Console. Click Launch Instance
  3. Select an Ubuntu Server 14.04 LTS Image.
  4. Select the instance type that you desire (Recommend: T2.Micro as it is eligible for the free tier)
  5. Click 6: Configure Security Group at the top
  6. Add a new TCP Port

    • Port: 1194* (Change to 443 if your school/organisation blocks port 1194)
    • Source: Select Anywhere.
  7. Click Review and Launch.
  8. Click Launch.
  9. A pop up regarding the creation of a new key pair appears create a new one, download it and keep it in a safe place as we will need it later.
  10. Now we wait for the instance to launch…

Connecting to the VM

  1. Before you continue obtain the following details from your newly created VM in the EC2 Console:
    • Public DNS
  2. Remember the Key Pair we created and downloaded just now? We need it now.

      • Launch PuTTYGen
      • Click Load
      • Choose ‘All File Types‘ and then load the key pair you download (.pem file)
      • (Optional) Enter a key phrase
      • Click ‘Save private key‘ and remember the location of where it is saved to
      • Launch PuTTY
      • Click SSH and then click Auth at the left side
      • Click Browse and select the private key file (.ppk) you generated file
      • Click Session at the left side then move on to the next step below
    • Fire up Termnial and run the command:
  3. If you are using Windows fire up PuTTy and OS X users should fire up Terminal.
  4. Once your SSH Client has fired up. Enter the following details/command in order for you to connect to the VM.

    • Enter the following code to connect to the VM:
      (Change ‘/path/key-pair.pem’ and ‘Public_DNS’ accordingly)
  5. An error would most likely appear. Just click Yes for PuTTY and type yes for Terminal.

Installing & Configuring OpenVPN

For this part of  the guide I will be using Windows only. The linux commands will be same so fear not.

Continuing from where we left off in the previous step.

  1. Click Open (only for PuTTY)
  2. When promoted with ‘login as:’ type ubuntu (Default user is ubuntu)
  3. Enter the passphrase you set if you entered it previously.
  4. Enter the following commands.
    Note: build-ca and build-key-server will prompt you to enter details to generate the certificate. Enter the details appropriately and answer ‘y’ when prompted. 
  5. Find the line
    and remove the “#
  6. Save by pressing Ctrl + O and then Ctrl + X
  7. Enter the following commands:
  8. Edit the following:
    *Only if you specify another port above
    *Only if you specify another port above
  9. Save by pressing Ctrl + O and then Ctrl + X
  10. Enter the following command:
  11. Edit the following:

We have finally configured OpenVPN. We are almost there. Hold on! Let’s move on to the next section we will be generating the certificates and keys to connect to our VPN server.

Keys & Certificates

  1. Run the following commands to generate the certificates and keys:
  2. Note: In this step pay extra attention to ensure that you have copied the certificates and keys contents correctly
    Run the command:

  3. Copy the contents of each file into a text editor of your choice and save it with same name (ca, user) with the proper extensions  (.crt, .key).
  4. You should end up with 3 files ca.crt, user.crt and user.key.
  5. Run the following commands and you’re done with the VM:

VPN Client Configuration

  1. Create a new text file called user.ovpn with the following content:
    Edit Public_DNS and Port_Num below according to fit your VPN Server.
    Public_DNS: Is the public DNS of your VM.
    Port_Num: 1194* ortheportyouhavechosenpreviously (443).
  2. Using the VPN configuration files we have just created:
      1. Copy the 4 files you have created into this directory (Depending on OpenVPN Gui version):
        For 64 bit: “C:\Program Files\OpenVPN Gui\Config”
        For 32 bit: “C:\Program Files (x86)\OpenVPN Gui\Config”
      2. Run OpenVPN as Administrator.
      3. You’re done!
      1. Double click the ovpn file and TunnelBlick will automatically import the connection.
      2. You’re done!
    • Double click the ovpn file and Viscosity will automatically import the connection.However, in the case where .ovpn is not associated with Viscosity follow the steps below:

      1. Click the Viscoisty icon in menu bar and then click preferences
      2. Click the + button at the bottom left
      3. Click Import Connection and then click From File
      4. Select the ovpn file you have created
      5. You’re done!
  3. Connect to the VPN server using the following steps:
      1. Ensure that you run OpenVPN Gui as Administrator *Important
      2. Right click the OpenVPN Gui connect at the bottom left and click Connect

      3. You should see the following as you are connecting
      4. Once you’re connected the OpenVPN Gui icon will turn green with this pop up
      1. Click the Tunnelblick button at the menu bar and click Connect

      2. You should see the following as you are connecting
      3. Once you’re connected you will see the following
      1. Click the Viscosity button at the menu bar and click Connect

      2. You should see the following as you are connecting (the bottom panel will only be shown if you click Details)
      3. Once you’re connected this pop up will appear
  4. After we have connected. Let’s double-check to see whether our IP has changed.
    Go to What Is My IP or (AWS seems to be blocking to check your IP.

Note: In order to allow more than one user to get access to your VPN server you have to create multiple sets of keys & certificates. Change ‘user’ in the command in step 1 of Keys & Certificate section to any name you desire (e.g. user1, user2) and follow the steps until the end of VPN Client Configuration section.

If your IP changed then you have successfully created and accessed your VPN Server. Well done! Go ahead and enjoy your personal and free (if you’re using AWS free tier) VPN service with your friends.

Comment below on your purpose of creating a VPN service or if you are facing any problems.


Adapted from Zane’s OpenVPN guide for Windows Azure. If you want to find out how to run a OpenVPN server on an Azure virtual machine you can look at his post here. Zane’s OpenVPN Community on Windows Guide


Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.