·6 min read · Vangaveti Vardhan

Build Your Own VPN Using OpenVPN and AWS

Learn how to create a personal VPN using OpenVPN Access Server on AWS in under 30 minutes, with full control over your traffic and infrastructure.

#aws#openvpn#vpn#cloud#security

alt text

Most VPN services are paid and opaque, requiring you to trust a third party with all your internet traffic.

I wanted to understand how VPNs actually work while maintaining full control over my data, so I built my own VPN using OpenVPN Access Server on AWS.

This guide walks through the exact setup process using the AWS Marketplace version of OpenVPN Access Server—no manual OpenVPN installation or complex networking configuration required.

Who This Guide Is For

This tutorial is ideal for:

  • Beginners to intermediate users who want a personal VPN
  • Developers familiar with basic AWS and EC2 concepts
  • Anyone who wants a simple OpenVPN deployment instead of a manual server installation

If you’re comfortable launching an EC2 instance and following step-by-step instructions, you’ll be able to complete this setup without difficulty.

What You’ll Need

Before getting started, make sure you have:

  • An AWS account with EC2 access
  • OpenVPN Access Server available through AWS Marketplace
  • Basic familiarity with Amazon EC2
  • A Windows, macOS, or Linux machine
  • Around 20–30 minutes

OpenVPN Access Server includes 2 free simultaneous VPN connections, which is sufficient for most personal-use scenarios.

I. Launch OpenVPN Access Server

Open the AWS Management Console and navigate to EC2 → Launch Instance.

When selecting an Amazon Machine Image (AMI):

  1. Choose AWS Marketplace
  2. Search for OpenVPN Access Server (BYOL)
  3. Select the official OpenVPN image

After selecting the AMI:

  1. Choose an instance type such as t2.small
  2. Review networking, storage, and security group settings
  3. Click Launch Instance
  4. Create or select an existing key pair
  5. Download the .pem file

You’ll need the key pair to connect to the instance via SSH.

Connect via SSH

Replace the hostname and key filename with your own values:

ssh -i "your-key.pem" openvpnas@ec2-public-ip.ap-south-1.compute.amazonaws.com

II. Complete Initial OpenVPN Setup

After connecting through SSH, OpenVPN Access Server displays its End User License Agreement (EULA).

To continue:

yes

The setup wizard will then prompt for configuration options.

For most prompts:

  • Press Enter to accept defaults

When prompted:

Should client traffic be routed by default through the VPN? [no]:

Enter:

yes

You’ll then be asked to create an administrator password.

This password will be used for the default:

Username: openvpn

account.

After setup completes, OpenVPN will display two URLs:

Admin Portal

https://<public-ip>:943/admin

User Portal

https://<public-ip>:943/

Because the server uses a self-signed SSL certificate initially, your browser will likely display a security warning. Proceed by accepting the exception.

III. Log In

Open the Admin Portal and sign in using:

Username: openvpn
Password: <password created during setup>

Once authenticated, you’ll have access to the OpenVPN Access Server dashboard.

IV. Download the VPN Client

Navigate to the User Portal.

You’ll see a Download section containing clients for:

  • Windows
  • macOS
  • Linux
  • iOS
  • Android

Download and install the appropriate client for your device.

V. Download Your VPN Profile

After installing the client:

  1. Return to the User Portal
  2. Open the Yourself section
  3. Select Download Profile or Connect

Depending on the client version, OpenVPN may:

  • Download a .ovpn configuration file
  • Automatically import the profile

VI. Connect to Your VPN

Open the OpenVPN client.

If required:

  1. Import the downloaded .ovpn profile
  2. Enter your username and password
  3. Click Connect

Once connected, your internet traffic will be routed through your AWS-hosted VPN server.

Verifying the Connection

A simple way to verify functionality is to check your public IP address:

  • Before connecting, note your current IP
  • Connect to the VPN
  • Refresh the IP lookup page

The displayed IP should now match the AWS instance’s public IP.

Why Build Your Own VPN?

Building a personal VPN offers several advantages:

  • Full control over your infrastructure
  • No reliance on third-party VPN providers
  • Better understanding of VPN networking concepts
  • Secure remote access from anywhere
  • Easy user and device management

AWS also provides reliable uptime, flexible scaling, and straightforward administration through the AWS Console.

Final Thoughts

OpenVPN Access Server on AWS is one of the fastest ways to deploy a fully functional VPN.

Instead of manually configuring certificates, routing tables, and authentication systems, the Access Server handles most of the complexity for you. Within about 30 minutes, you can have a secure VPN running on your own cloud infrastructure.

For personal use, the free two-connection license is usually more than enough, making this a practical and educational project for developers and security enthusiasts alike.

Disclaimer

This article is provided for educational and informational purposes only.

Actual security requirements, network configurations, and compliance obligations may vary depending on your environment. You are solely responsible for ensuring lawful, authorized, and secure use of any VPN infrastructure you deploy.

The information in this guide must not be used for illegal, unauthorized, or malicious activities. The author assumes no responsibility for data loss, service interruptions, security incidents, or other consequences resulting from the use of this material.

If this helped you, consider supporting my work ☕

Support me on Ko-fi

Discussion

Ko-fi