DIY Project: How To Setup and Host Your Own Free VPN Server on AWS Using Terraform and OpenVPN

Watch the video demonstration here:

Read the full documentation for this project on My Project Documentation website

In this guide, I’ll walk you through creating a self-hosted VPN server using Terraform and OpenVPN Access Server on AWS. This is a great project for DevOps and cloud enthusiasts looking to enhance their skills while building a practical and secure solution.

---

Introduction

Setting up a self-hosted VPN server can be a cost-effective and secure solution for personal or organizational needs. In this blog, I’ll demonstrate how to use a Terraform configuration script to deploy an OpenVPN Access Server on AWS. By following this guide, you’ll learn how to:

• Configure and customize the Terraform script to suit your needs.
• Deploy a fully functional VPN server in under 5 minutes.
• Maintain internet privacy and security without relying on subscription-based VPN services.

This VPN server is also "disposable," allowing you to create and delete it with a single command. Let’s dive in!

---

Prerequisites

To get started, you’ll need the following:

• An AWS account (a free-tier account works).
• Terraform is installed on your local machine (How to Install Terraform).
• OpenVPN Connect Client installed (download here).
• Your AWS Access Key ID and Secret Access Key (learn how to get your AWS access keys here).
• AWS CLI installed and configured with your Access Key ID and Secret Access Key (AWS CLI Setup Guide).
• My OpenVPN-Terraform Setup Script (get the script here).

---

What the Terraform Configuration Script Does

The script automates the process of setting up a self-hosted OpenVPN server by:

• Creating a Ubuntu 22.04 EC2 instance and configuring OpenVPN Access Server on it.
• Using the t2.micro instance type to stay within AWS’ free-tier limits.
• Configuring the VPN server with an IP address in your selected AWS region.
• Generating and downloading an AWS keypair file for optional SSH access.
• Creating and downloading an OpenVPN User Profile file (*.ovpn) from the server to the local machine for establishing encrypted VPN connections.
• Enabling a one-command teardown to clean up all local and online resources that were created.

---

How the Script Works

If you are interested in the technical details of how the terraform script works, I wrote a detailed description in my Terraform-OpenVPN-setup documentation for the script here

The Terraform script handles everything from provisioning resources on AWS to configuring the OpenVPN Access Server. Here’s what happens under the hood:

1. Infrastructure Setup:
   The script provisions an EC2 instance with the necessary network configurations inlcuding opening the required ports on the server through the security group settings.

2. OpenVPN Installation:
   A userdata script is executed to bootstrap, install and configure the OpenVPN Access Server on the instance after it has been provisioned by terraform.

3. User Profile Creation:
   An OpenVPN User Profile (*.ovpn) file is generated on the server and downloaded to the local machine for further connection to the server.

4. Resource Cleanup:
   With one command, all AWS resources are destroyed, and local files are also deleted.

---

Customizing the Script

The script includes configurable options for flexibility:

• project_name: Used for labeling resources (e.g., “My-VPN-Project”).
• OpenVPN_instance_type: Default is t2.micro for free-tier compatibility, but you can choose another type if needed.
• openvpn_user: Username for generating the *.ovpn profile file.
• selected_region: Choose the AWS region where the server will be hosted (e.g., us-east-1, eu-west-2).

The region you select determines the VPN traffic’s exit point. For example, choosing ca-central-1 will route your internet traffic through a Canadian IP address.

These are all optional and can be configured in the terraform.tfvars file.

---

How to Setup the OpenVPN Server

Follow these steps to set up your VPN server:

• Set Up AWS CLI
  First, ensure that AWS CLI is installed and configured with your AWS access key ID and Secret access key (learn more about AWS CLI here)

• Install Terraform
  Install Terraform on your local machine How to Install Terraform

• Download the Script
  Clone the script repository to your local machine using this command:
  

   git clone https://github.com/opeyemitechpro/OpenVPN-Terraform.git

• Edit Variables (optional)
  Open the terraform.tfvars file in the script and update the values for project_name, openvpn_user, and selected_region.

• Switch to the cloned directory and initialize the Terraform script:
  

   terraform init

• Apply the terraform script with this command:

   terraform apply -auto-approve

• The script will prompt for a region where you want your VPN server to be hosted. Enter a suitable AWS region e.g. ca-central-1 for Canada Central.

(See list of acceptable AWS regions here)

Wait for the script to finish execution. The script will provision your OpenVPN Server and also download the OpenVPN user profile (*.ovpn) file to local computer in the terraform working directory (i.e. the directory from where the terraform script was executed)

---

Connecting to your Server

1. Install OpenVPN Connect Client on your local machine Download it here

2. Create a new VPN connection using the OpenVPN user profile file and connect to your server.

• Once connected, your internet traffic should now be routed through your VPN server.

Open your browser and check your public IP address through a website like https://whatsmyip.com to confirm that you are connected to your VPN server. Your public IP address should now be the server IP address of your VPN server. This proves that you are now connected to your VPN and your internet traffic is been routed through your server's IP address.

---

Cleanup Resources

When you are through with the server, you can safely delete it and cleanup all resources that were created.

1. First disconnect from the VPN Server

2. To delete the server and clean up all resources that were created, use the command below:
   

   terraform destroy -auto-approve

• This will prompt you again for the AWS region that was entered earlier; type the region and press enter.

This will delete all files that were created locally and also delete all resources that were created in your AWS account (the ec2 instance, the security group, etc)

---

Use Cases

A self-hosted VPN offers flexibility and control for various scenarios:

1. Secure Remote Access: Connect securely to corporate or on-premises resources.
2. Privacy & Anonymity: Encrypt internet traffic, especially on public Wi-Fi.
3. Cost Efficiency: Avoid subscription costs of commercial VPNs.
4. Location Masking: Access location-restricted content.
5. Development & Testing: Simulate network environments for application testing.
6. Enhanced Security: Add another layer of protection to your network.

---

Conclusion

Building your own VPN server using Terraform and OpenVPN Access Server is a rewarding and educational experience. It’s an excellent project for DevOps and cloud enthusiasts looking to gain hands-on experience with AWS and infrastructure automation.

This solution provides complete control over your VPN server, ensuring privacy, security, and flexibility. Whether for personal use, team collaboration, or development purposes, this setup is a cost-effective alternative to commercial VPN services.

Feel free to explore the script, customize it to your needs, and share your experience! For advanced insights and troubleshooting.

If you have any comments or questions, please drop them in the comments section below.

Happy building!