After deploying this server using the Standalone AMI, you will get a fully functional OpenVPN server with a single IP address used for both the Endpoint and Outbound traffic.
If you want to run the OpenVPN server with separate IP addresses for the Endpoint and the Outbound connection - where the Endpoint IP is used by clients to connect to the VPN, and the Outbound IP is the address under which client traffic appears on the internet - you can deploy this server using a CloudFormation template. This configuration allows you, for example, to change or rotate the outbound IP address later simply by replacing the second Elastic IP, without needing to update the client configuration and without restarting the server.
Instructions for deploying from the AWS Standalone AMI:
Launch the server. This server does not require the powerful computing resources - you can choose a simple instance type. If the Elastic IP was assigned to a running instance, the instance must be restarted.
Linux username: admin
After launching the server, it is immediately ready for use, with no additional settings required.
OpenVPN ports:
User management Web Panel:
http://[Public IP address]
https://[Public IP address]:8443 (recommended)
(please use "admin" as username and your instance ID as password)
When accessing the Web Panel using HTTPS, your web browser may display a message about potential risks due to the use of an IP address in the URL. In this case, you should proceed and accept the risks, as our main objective is to encrypt traffic, and using an IP address in a web browser is safe for our purposes.
User authentication: OVPN file, containing user certificate + username/password. Server certificates are automatically generated and installed on the server when the instance is launched for the first time. Client certificates are generated in the web panel when a user is created and are embedded into the client configuration OVPN file. A ZIP archive containing two OVPN files (for TCP and UDP connections) can be downloaded for each client from the web panel.
Instructions for deploying from the CloudFormation Template on AWS:
This server uses 2 public IP addresses (Elastic IPs). The first IP is used for both the web interface and as the VPN Endpoint, which is the address specified in client configurations to connect to the VPN server. The second IP is used for the Outbound connection - this is the address under which client traffic appears on the internet. This allows you to change or rotate the outbound IP at any time by replacing the second Elastic IP, without updating the client configuration or restarting the server.
This server does not require the powerful computing resources - you can choose a simple instance type.
Linux username: admin
After launching the server, it is immediately ready for use, with no additional settings required.
OpenVPN ports:
User management Web Panel:
http://[First Elastic IP address]
https://[First Elastic IP address]:8443 (recommended)
(please use "admin" as username and your instance ID as password)
When accessing the Web Panel using HTTPS, your web browser may display a message about potential risks due to the use of an IP address in the URL. In this case, you should proceed and accept the risks, as our main objective is to encrypt traffic, and using an IP address in a web browser is safe for our purposes.
User authentication: OVPN file, containing user certificate + username/password. Server certificates are automatically generated and installed on the server when the instance is launched for the first time. Client certificates are generated in the web panel when a user is created and are embedded into the client configuration OVPN file. A ZIP archive containing two OVPN files (for TCP and UDP connections) can be downloaded for each client from the web panel.
OpenVPN-CLIENT SETUP
Before creating a VPN connection, you will need to install the OpenVPN client application on the client side. OpenVPN client applications are available on the web for Windows, Linux, Android, iOS and macOS. To create a VPN connection, simply import the OVPN configuration file into the client application.
ADDITIONAL INFO
This server uses user authentication and traffic accounting via a RADIUS server, which relies on a MySQL database. Although the main information is available through the web panel, phpMyAdmin (database management) is also installed on this server for convenience:
https://[Public IP address]:8443/phpmyadmin/
Default username for phpMyAdmin: "administrator", initial password is your instance ID. By default, access to phpMyAdmin is restricted in "/usr/share/phpmyadmin/.htaccess"