Setting up an OpenVPN server in Amazon’s EC2

Amazon Instance Config

  • Create account in if you don’t have one already
  • Go to Amazon and log in
  • Create a new instance
  • Choose the Ubuntu 64bit system (free tier 2 is fine)
  • Don’t need to change any of the defaults for storage and such.
  • Launch the instance (create or use a predefined key; set the security group (firewall))
  • Ensure that your Security Group (Amazon’s firewall) allows traffic to and from your instance on the ports you will be using (53/udp and 443/tcp are mine)

Server Config

    • Stop when you get to “First trouble shooting
  • The /etc/openvpn/server.conf file has the config settings for your VPN instance
  • To direct all client traffic to the VPN, uncomment (remove the leading semi-colon “;”) in front of push “redirect-gateway def1 bypass-dhcp”
  • Change where the client looks to for DNS by uncommenting and modifying the ‘push “dhcp-option DNS
  • If you want to have your VPN server listening on multiple ports (like 53/udp and 443/tcp) just create a different file in /etc/openvpn/ for each port/protocol.
  • Restart your OpenVPN server (as the root user, over an SSH session/connection, type: service openvpn restart)

Client Config

  • Go to a site that will tell you your current IP address (like my simple and look at what your current IP address is.
  • Some of the client config is done in the “Server” section above. You’ll need those files (ca.crt, client.crt, client.key) on the client.
  • For the client, I’m guessing you have a Windows 7/8.x system just because I can.
  • Visit and download the appropriate client for your Operating System.
  • Once installed, you’ll need to launch it as an Administrator (right click and run as administrator).
  • Create a config file (*.ovpn). It needs to match the settings in the server.conf file on the server.
    • Make a Notepad/Wordpad document with the following info
    • The top of the file should have something like:

comp-lzo yes
dev tun1
dev-type tun
mute 10

ns-cert-type server 


verb 3

proto PROTOCOL(udp or tcp) 


reneg-sec 86400

[paste your CA cert content here from ca.crt]

[paste your client cert content here from client.crt]

[paste your client key content here from client.key]

  • Save your file to your desktop
  • Copy/move the file to C:\Program Files\OpenVPN\config
    • You can definitely have multiple config files here, one per port/protocol (one for 53/udp and one for 443/tcp)
  • In your Windows tray (Windows 8 users need to go to their “Desktop”) you will see a grayed-out computer screen. Right click, navigate up to the configuration file that you created and select Connect.
Everything should work (the little computer icon in the tray turns green). Revisit the site that will tell you your current IP address (like my simple and look at what your current IP address is. Should now be the Amazon one.

Comments are closed.

Up ↑

%d bloggers like this: