How to Guides

Create Your Own FREE VPN Server Using Amazon Web Services – Configure AWS To OpenVPN

VPNs come with a lot of subscription alternative, the majority of them – or the rapid one, dependable ones at least – are only accessible with a monthly purchase or buy.

As a result of this, plenty of them steers towards free (and mostly undependable) VPNs in hopes of obtaining the best online anonymity. This is aimless trier, as most come to knowing that paid VPN services cost money for a reason. Fortunately, there is another alternative that is both free and dependable: making your own VPN server.

What is a VPN is all about?

A VPN is a Virtual Private Network that offers its users the capability to surf or browse the internet in near enormity. Using a VPN to dig your web traffic to an unconnected server, you’re allowed to get access to things like terrain that have constricted content and you are also to secure your online identity unknown and your system and activities away from investigating impertinently eyes.

What is Amazon Web Services?

When it comes to making VPN server for yourself, Amazon web services is the best choice you can think of. The reason has been that Amazon’s Elastic Compute Cloud is providing a whole year of free virtual server space as a portion of a trial time or period. Now, the reason why AWS is one of the top contenders in VPN choice or alternative, it’s also vital to know its shortcoming. AWS is a nice option that will offer you stay under the predefined amounts of bandwidth, space, and period.

That entire aside, AWS is still a free VPN service with better than an average speed that you can use for the whole year before you will start with the subscription. Additionally, even when the year of free service is complete, Amazon Web Services provides affordable payment alternative.

AWS Requirements

Amazon Web Services offers two non-identical VPN server alternatives: OpenVPN and SSH Tunnel. Each of the options has its advantages and disadvantages, and both of them are worth detail researching before making a concrete decision. Irrespective of whether you select OpenVPN or SSH Tunneling, you ought to have the following requirements:

  1. An account with Amazon Web Services
  2. A credit card to register for Amazon Web Services (with no charge unless you go over the preset amounts)
  3. PuTTy (SSH client)
  4. PuTTyGen (key generator)
  5. WinSCP (FTP server)

How to Setup Amazon Web Services

To set up your VPN server with Amazon Web Services is a very easy thing to do. For those using Windows, you’ll need to finish the following step by step after registering for an account and setting up your billing detail.

  1. When you are prompted, select the Free Basic Plan
  2. In the search bar, type EC2and click on it
  3. Choose Launch Instance from the EC2 dashboard,
  4. Choose the first free tier eligible option or alternative: Amazon Linux AMI
  5. Select the free tier eligible t2.micro from the alternative (normally pre-selected)
  6. Choose Review and Launch at the bottom of the page
  7. Click on Edit security groups
  8. Click on Add Rule
  9. Under the drop-down menu for Type, select Custom UDP
  10. 10.Set the Port Range to 1194
  11. Under Source, select Anywhere
  12. Select Launch
  13. When prompted, select the drop-down menu and select to Create a new key pair
  14. Name your key pair
  15. choose Download Key Pair and store it somewhere safe
  16. 16.Select Launch Instances
  17. On the Launch Status screen, choose View Instances
  18. Verify that only one instance is launched (if this is your first time making use of  EC2)

How to Use AWS with SSH Tunneling

A lot of people use VPNs with the hopes of having access to geographically restricted content. If your main reason for wanting to use a VPN is to have access to content that’s not accessible or available in your region or country, SSH tunneling is mostly your best and easiest alternative that can do this for you. While SSH tunneling isn’t perfect, it is best for lightweight use such as basic web surfing or weaseling your way around geographically blocked websites/services.

In other to create SSH tunneling, complete the following steps:

  1.     Download the PuTTy and PuTTyGen .exe files
  2.     Click on PuTTyGen twice to open it
  3.     Choose Load
  4.     On the drop-down menu in the lower right corner, select All File Types
  5.     Select your key pair file from earlier
  6.     Choose Save Private Key
  7.     Your file name must match your .pem key verbatim
  8.     OPTIONAL: create a passphrase
  9.     Exit out of PuTTyGen and open PuTTy
  10.      Go to your AWS EC2 Dashboard
  11.     Copy your IPv4 Public IP
  12.     Paste your IPv4 Public IP into PuTTy’s Host Name (or IP address)
  13.     Select a Session Name
  14.     Choose Save
  15.     In the left panel, go to SSH>Auth
  16.     Under Authentication parameters, Choose Browse
  17.     Go to the private key you generated earlier and choose it
  18.     In the left panel, go to SSH>Tunnels
  19.     Under Add new forwarded port: type in 8080 and choose

Dynamic and Auto

  1. Go back to Session & choose Save
  2. Choose Open
  3. When prompted for a username, type ec2-user for Amazon Linux AMI
  4. Connect to the next steps based on your preferred browser


Open Firefox

Go to Tools>Options>Advanced>Network>Connection>Settings>Manual proxy configuration

Set the SOCKS Host to

Set the Port to 8080

Hit Save


  1. Install the Proxy SwitchySharp extension
  2. A setup screen will pop up
  3. Choose a name
  4. Change Manual Configuration
  5. Change the SOCKS Host to
  6. Change the Port to 8080
  7. Everything else should be left blank
  8. Choose Save
  9. Click the extension icon and choose your proxy profile

When the above steps are completed, you’ll be successfully tunneling your browser’s traffic through your EC2 instance. SSH tunneling can only function for lightweight internet surfing and having access in some geographically constrict content. If your intention is to make a fully functioning VPN with the capability to crawl all internet traffic, OpenVPN is the best alternative you’ll consider to look into. Let go into detail below.

How to Use AWS with OpenVPN

As a widely used free source application, OpenVPN is a wonderful VPN tool to utilize. It has the capability to reroute across all over your internet traffic through your EC2 instance, OpenVPN can as well be able to help in VPN usage for applications such as Steam or OpenVPN setup might look difficulty when gazing your eyes over the instructions, but the fact is that it’s moderately easy (it is a bit time delaying).

Installing OpenVPN On AWS

  1. By using the instructions above, link your EC2 instance to PuTTy
  2. A command prompt displaying Amazon Linux AMI should pop up
  3. Copy & paste the following commands one by one into your command prompt:

sudo modprobe iptable_nat

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

  1. When the first command mention above doesn’t work out, replace it with:

Connecting to OpenVPN via easy-rsa

When setting up your OpenVPN server, you have two different processes of doing this. The first one permits you to link to various devices at the same time via easy-rsa, while the second way only permits you to connection per time via static encryption.

Server Configuration

  1. Copy & paste the following commands one by one into your command prompt:

sudo cp -via /usr/share/easy-rsa/2.0 CA

  1. Allow root user by inputting it into your command prompt sudo su
  2. In the below step, you will be instructed to fill in information like your occupation/company – choose the default by pressing Enter key when you are prompted
  3. Copy & paste the following commands one after the other into your command prompt:

source ./vars



./build-key-server server

./build-dh 2048

  1. By setting up your device, copy & paste the following commands one after the other in your command prompt:

cd /usr/share/easy-rsa/2.0/CA/keys

openvpn –genkey –secret pfs.key

mkdir /etc/openvpn/keys

for file in server.crt server.key ca.crt dh2048.pem pfs.key; do cp $file /etc/openvpn/keys/; done

cd /etc/openvpn

nano server.conf

  1. Nano text editor will open – copy & paste the following text:

port 1194

proto udp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/server.crt

key /etc/openvpn/keys/server.key # This file should be kept secret

dh /etc/openvpn/keys/dh2048.pem

cipher AES-256-CBC

auth SHA512


push “redirect-gateway def1 bypass-dhcp”

push “dhcp-option DNS”

push “dhcp-option DNS”

ifconfig-pool-persist ipp.txt

keepalive 10 120




status openvpn-status.log

log-append openvpn.log

verb 3


tls-auth /etc/openvpn/keys/pfs.key

  1. To save and exit the config text, press key CTRL+O followed by CTRL+X
  2. Start OpenVPN by entering into your command prompt:

sudo service openvpn start

Client Configuration

  1. Copy & paste the following commands into your command prompt:

chmod 777 keys

cd keys

The file in client.crt client.key ca.crt dh2048.pem pfs.key ca.key; do sudo chmod 777 $file; done

  1. Download WinSCP with default installation options & open it
  2. WinSCP will prompt you to import your server authentication information from PuTTy
  3. Choose the one you make in earlier steps
  4. Choose Edit and type in under username: ec2-user
  5. Press Login
  6. Click on Edit & then Advanced
  7. Go to SSH>Authentication>Private key file
  8. Look for your PPK file
  9. Back on the main screen; enter your EC2 instance IPv4 address in the Host Name field
  10. Save your settings
  11. In the right panel, go to the directory that holds your key files
  12. You’ll need to highlight the five vital files: client.crt, client.key, ca.crt, dh2048.pem, and pfs.key
  13. Select the green Download button
  14. Save the files wherever you want
  15. Go back to the PuTTy Command Prompt
  16. Copy & paste the following command:

cd ..

chmod 600 keys

  1. On your computer, move the five files into your OpenVPN configuration folder (default location is C:\\Program Files\\OpenVPN\\config

SUB: Creating the Client Configuration File

One more thing we want to do is make the client configuration file. Luckily, this is easily done using your basic text editor.

  1. Right-click on any basic plaintext editor
  2. Choose Run as administrator
  3. Copy & paste the following configuration:


dev tun

proto udp

remote YOUR.EC2.INSTANCE.IP 1194

ca ca.crt

cert client.crt

key client.key

tls-version-min 1.2


cipher AES-256-CBC

auth SHA512

resolv-retry infinite

auth-retry none




ns-cert-type server


verb 3


tls-auth pfs.key

  1. Save the config as client.ovpn
  2. Save the config file in the same directory as your other five files (Default is C:\\Program Files\\OpenVPN\\config)
  3. Inclusion, right click on the OpenVPN GUI and choose Run as administrator
  4. In your system tray below, right click on the OpenVPN icon
  5. Link to the appropriate configuration
  6. When successful, the OpenVPN icon it will show green

Removing the Certificate Authority File

To always maintain a possible security, our team at advises you to always removing the ca.key file from your server. On the off chance that the certificate authority is harmed, you will never need to depend on the certificates offered by that CA in the future. Before accomplishing the following steps, be sure that you have the keys/certificates for every device you need to link.

  1. Choose ca.key
  2. Instead of choosing the Download button, Choose Download and Delete
  3. Store the file in a safe location or place.

Fixing Reboot or Maintenance Problems

If you experience or encounter issue after rebooting your PC or finishing maintenance, you can set up OpenVPN as a service by typing the following commands in your command prompt. Most times, this repairs the issue.

When the above commands don’t work out or you do like to link to the VPN but not the internet, try resetting your iptable settings by running the commands from the initial step:

Connecting to OpenVPN via Static Encryption

The reason this process is simpler to accomplish than the easy-rsa process, it has a low security and only permits one link to the VPN server at a time. Yet, it’s a very nice option over other free VPN services.

  1. In the PuTTy Command Prompt, paste:

sudo openvpn –genkey –secret ovpn.key

sudo nano openvpn.conf

  1. If the Nano text editor pops up, type the following configuration:

port 1194

proto tcp-server

dev tun1


status server-tcp.log

verb 3

secret ovpn.key

  1. Choose CTRL+O to save followed by CTRL+X to exit
  2. In the PuTTy Command Prompt, type:

sudo service openvpn start

sudo chmod 777 ovpn.key

  1. Download WinSCP by following default installation prompts
  2. A prompt will tell you to import your server authentication details or information from PuTTy
  3. Choose the one you made in the initial steps and click Edit
  4. Under username, enter ec2-user and hit Login
  5. In the right panel, scroll up and go to etc/openvpn
  6. Choose the ovpn.key file and drag it into a secure location

11.In the PuTTy Command Prompt, type:

  1. Download OpenVPN according to your system direction
  2. Move your ovpn.key into OpenVPN’s configuration folder (Default is C:/Program Files/OpenVPN/config…)
  3. Open Notepad and paste the following:

proto tcp-client

remote yourEC2IPhere

port 1194

dev tun

Secret “your pathway to OpenVPN config folder – see default above

Redirect-gateway def1


  1. Save the file in your OpvenVPN config folder as myconfig.ovpn
  2. In your system tray, make sure OpenVPN isn’t running – close it if it is
  3. On your desktop, right click on OpenVPN and Choose Run as administrator
  4. Back in your system tray, right click on OpenVPN and choose Connect
  5. When successful, the icon will show green

Testing Your AWS VPN is Working

Confirming your success with Amazon Web Services VPN is absolutely simple!

  1. Disconnect from your VPN
  2. Go to a website like
  3. Write down your IP address
  4. Log out of the browser
  5. Relink to your VPN
  6. Open your browser and go back to
  7. Differentiate your IP address from step 3 to the one displayed at present
  8. When the IP addresses are not the same, you’re successfully utilizing your homemade VPN!

Using Amazon Web Services to Create a VPN:


When you want the gains of using a VPN without the monthly subscription fees, you need to consider Amazon Web Services before browsing the free VPN services. Making your own Amazon Web Service VPN is straightforward and easy – and despite being somehow time delaying – it’s also totally worth it.

VPN Benefits

Get privacy protection, Wi-Fi security, unrestricted access to content, and much more.

Don’t let the internet browse you!