Credits and Acknowledgments
This guide uses the OpenVPN installation script created by Angristan. The script is an enhanced fork of the original work by Nyr, with improved security features and broader OS support. The project is maintained by the open-source community and is available under the MIT License.
System Compatibility
Supported Linux Distributions
The Installation script supports the latest major Linux distributions, ensuring compatibility with both stable releases and Long-Term Support (LTS) versions. Here is a detailed list:
- ✅ Ubuntu: 24.10 (Oracular Oriole), 24.04 LTS (Noble Numbat), 22.04.5 LTS (Jammy Jellyfish), 18.04.6 LTS (Bionic Beaver)
- ✅ Debian: 12 (Bookworm), 11 (Bullseye), 10 (Buster)
- ✅ AlmaLinux: 9.x, 8.x (all major versions)
- ✅ Rocky Linux: 9.x, 8.x (continuing CentOS tradition)
- ✅ CentOS Stream: 9, 8
- ✅ Fedora: 39, 38, 37, 35 (latest four releases)
- ✅ Arch Linux: (Rolling release, always up-to-date)
- ✅ Oracle Linux: 9, 8
- ✅ Amazon Linux: Amazon Linux 2023, Amazon Linux 2
Note: For this guide, we’ll be using Ubuntu 24.04 LTS as our server OS.
Feature Comparison: Self-Hosted vs. Commercial VPN Solutions
Feature | Our Self-Hosted Solution | Commercial VPN (Avg. $10/month) |
---|---|---|
Monthly Cost | As low as $5 | $8-$15 |
Setup Time | 18-20 minutes | 5 minutes |
Users | Unlimited | 5-10 devices |
Bandwidth | Unlimited | Unlimited |
Server Locations | Single location | Multiple locations |
Speed | Full server bandwidth | Shared bandwidth |
Privacy | Complete control | Provider-dependent |
Encryption | Customizable | Pre-configured |
Server Control | Full access | None |
IP Address | Dedicated | Shared |
Technical Skills Required | Basic Linux knowledge | None |
Maintenance Required | Yes | No |
Why Choose Self-Hosted OpenVPN?
Advantages
Cost-Effective
Only pay for server hosting, no per-user licenses, and scalable as needed.
Complete Control
Full server management, custom security settings, flexible configuration, and no third-party involvement.
Privacy
No logging unless configured, personal dedicated IP, self-managed encryption, and no shared infrastructure.
Performance
Dedicated bandwidth, customizable server specs, no overcrowded servers, and direct access management.
Considerations
Technical Requirements
Requires basic Linux knowledge, server management skills, security awareness, and troubleshooting abilities.
Maintenance
Needs regular updates, security monitoring, performance tuning, and backup management.
Perfect For
Small businesses, tech enthusiasts, privacy-conscious users, development teams, educational institutions, remote workers, and self-hosted service users.
Introduction
This comprehensive guide will walk you through setting up your own OpenVPN server on AWS, from creating your AWS account to connecting your first client. We’ll focus on security best practices and provide clear, step-by-step instructions.
Time and Cost Estimates
- Setup Time: 18-20 minutes
- AWS Free Tier Eligible: Yes
- Monthly Cost (after free tier): ~$5
Prerequisites
- A computer with internet access
- A credit/debit card for AWS registration
- Basic command line knowledge
- Windows PC for client setup
Part 1: AWS Account Setup
Creating Your AWS Account
- Visit AWS Console
- Click “Create an AWS Account”
- Provide your email and account name
- Complete the verification process
- Add payment information
- Verify your identity via phone
- Select Basic Support Plan (Free)
SCREENSHOT: AWS Sign-In Page
Security Best Practice: Enable MFA
(Click here for a step-by-step guide to enabling MFA)
- Go to IAM Dashboard
- Select “Security credentials”
- Enable MFA for root user
SCREENSHOT: MFA Input
Part 2: Creating EC2 Instance
Launch EC2 Instance
- Navigate to EC2 Dashboard
- Click “Launch Instance”
- Configure instance:
- Name: “whizzygeeks-openVPN-server”
- OS: Ubuntu Server 24.04 LTS
- Instance type: t2.micro
- Create new key pair:
- Name: “openvpn-key”
- Type: RSA
- Format: .pem
-
- Note: For a production setup, it’s recommended to use a static IP for your EC2 instance. However, for this demo, we are proceeding without a static IP assignment.
SCREENSHOT: EC2 launch wizard
Security Group Configuration
Create a security group with these rules:
Inbound Rules:
- SSH (22): Your IP (Recommended)
- HTTPS (443): opneVPN will be accessible over port 443 (More Secure)
Outbound Rules:
- All Traffic: 0.0.0.0/0
SCREENSHOT: Security group settings
First let’s Learn how to SSH into an EC2 Ubuntu Server
Access your EC2 Ubuntu server using two methods:
Method 1: EC2 Instance Connect
- Go to the AWS EC2 Console, select your instance, and click Connect.
- Under EC2 Instance Connect, click Connect to open a browser-based terminal.
No SSH client needed—ideal for quick access!
Method 2: SSH via Terminal with .pem Key
- Open your terminal and navigate to where your
.pem
file is stored, for example: - Connect using this SSH command, replacing
<public-ip>
with your instance’s IP address:ssh -i "OpenVPN-key.pem" ubuntu@<public-ip>
- If prompted, type “yes” to accept the connection.
Installing OpenVPN
sudo apt update && sudo apt upgrade -y
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
sudo ./openvpn-install.sh
SCREENSHOT: Installation process
Installation Options
You’ll be prompted to choose:
- IPv4 address: Choose the public IP
- Port: 1194 (default) But we will opt for port 443
- Protocol: UDP (recommended) But we will opt for TCP as it will be more secure.
- DNS: Choose based on your needs:
- 1: Current system resolvers
- 2: Google
- 3: Cloudflare
- 4: OpenDNS
- 5: Quad9
- 6: AdGuard
- Client name: Choose a name for your first client
SCREENSHOT: Configuration options
Part 3: Client Management
Adding New Clients
sudo ./openvpn-install.sh
# Select Option 1
Revoking Client Access
sudo ./openvpn-install.sh
# Select Option 2
Uninstalling OpenVPN
sudo ./openvpn-install.sh
# Select Option 3
SCREENSHOT: Management menu
Part 4: Windows Client Setup
Installing OpenVPN Connect
-
- Download OpenVPN Connect from openvpn.net for windows click here for mac click here
-
Step 2: Obtain the OVPN Configuration File
-
On the server where OpenVPN is installed, locate the .ovpn configuration file (you can view it by running cat <filename> or opening it with vi <filename>
-
Copy the contents of this file and save it in a text editor, like Notepad, with a .ovpn extension.
-
Run installer
-
Launch OpenVPN Connect
-
Import .ovpn file
-
Connect to VPN
SCREENSHOT: OpenVPN Connect interface
Part 5: Monitoring and Maintenance
Checking Service Status
sudo systemctl status openvpn@server
Viewing Logs
sudo tail -f /var/log/openvpn/openvpn.log
Regular Maintenance
sudo apt update
sudo apt upgrade
sudo systemctl restart openvpn@server
Troubleshooting Common Issues
Connection Issues
- Can’t Connect:
- Check EC2 security groups
- Verify port 443 is open
- Ensure .ovpn file is correct
- Slow Speeds:
- Try different EC2 regions
- Check instance type limitations
- Test both UDP and TCP
- Frequent Disconnects:
- Check instance health
- Review OpenVPN logs
- Verify network stability
Security Best Practices
- Keep your .pem key secure
- Regularly update server packages
- Monitor server logs
- Use strong client passwords
- Implement 2FA where possible
- Regular backup of configurations
Conclusion
You now have a secure, personal VPN server running on AWS. Remember to regularly maintain and update your server, monitor for unusual activity, and keep your client configurations secure.
Additional Resources
Need Cloud, Devops, Linux or IT support ?
Fill in the requirement form or Drop us an email on [email protected]