How to setup an OpenVPN server with Docker on an AWS EC2 in 15 minutes

Virtual Private Network (VPN) helps to secure your web traffic by providing a secure tunnel between your machine and the network. It’s a way to connect networks securely over the internet, especially in this day and age of remote work. Using a VPN can also help to secure your traffic and prefer snooping by anyone or any organization which would want to spy on you.

While there are many VPN providers out there offering their services, this tutorial will show you how to set up your own VPN server step by step on AWS EC2 in 15 minutes.

The cost of running a spot AWS EC2 micro instance is around USD $3.20/month at this time of writing in the AWS region of my choice (Sydney)

1) Spin up an EC2 instance (around 2 minutes)

1.1 Login to AWS and from the console, navigate to the EC2 service

Search for EC2 in the AWS management console

1.2 Launch an instance, I used a t2-micro with the Amazon Linux 2 AMI

1.3 Once the instance is up, connect to your EC2 via ssh. Do take note of your EC2’s public ip and also ensure that the security group attached to it has the necessary ports and inbound ip whitelisted. Details are left out for well.. security reasons.. The default configuration in this tutorial will require the security group to open up port 1194 for the UDP protocol.

Example security group configuration attached to the EC2

2) Install Docker on EC2 (around 2 minutes)

2.1 Run the following commands in the EC2 shell to install Docker.

sudo yum update -y
sudo amazon-linux-extras install docker
sudo service docker start
sudo usermod -a -G docker ec2-user

2.2 Exit the machine and reconnect. Verify that docker is installed and running with the command.

docker info

Partial output is shown below

3) Install OpenVPN via Docker (around 10 minutes)

The source repository for the OpenVPN is from kylemanna. Do check out the source code, or if tldr, just follow the rest of the steps.

3.1 Set environment variable

export OVPN_DATA=”ovpn-data

3.2 Create the configurations and Certificate Authority. You would be prompted to enter a pass phrase for the certificates. Replace the <EC2 IP ADDR> in the second command with the public ip address of your EC2 instance.

docker volume create -name $OVPN_DATAdocker run -v $OVPN_DATA:/etc/openvpn -log-driver=none -rm kylemanna/openvpn ovpn_genconfig -u udp://<EC2 IP ADDR>docker run -v $OVPN_DATA:/etc/openvpn -log-driver=none -rm -it kylemanna/openvpn ovpn_initpki

3.3 Start the OpenVPN server

docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp -cap-add=NET_ADMIN kylemanna/openvpn

3.4 Generate the client OpenVPN config file. Replace the <CLIENT_NAME> with something of your choice. The file <CLIENT_NAME>.ovpn will be used by your machine to access the OpenVPN server.

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full <CLIENT_NAME> nopass
In my case, <CLIENT_NAME> was home_machine

3.5 Extract the certificate from the EC2 into your machine. One easy way is to use secure copy (scp), since ssh is already there.

scp -i ec2-proxy-sydney.pem ec2-user@<EC2 IP ADDR>:/home/ec2-user/<CLIENT_NAME>.ovpn ~/Downloads/<CLIENT_NAME>.ovpn

You can then use the <CLIENT_NAME>.ovpn file in the OpenVPN client of choice to connect to your OpenVPN server.

Do remember to verify and check that your ip has changed .

That’s it and done within 15 minutes.

Originally published at http://blog.howanalytics.com on October 31, 2020.

Data Scientist

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store