Step by Step Tutorial for installing OpenVPN on the Amazon EC2 Cloud

By | March 16, 2014

OpenVPN Linuxbrainbox

Step by step tutorial to install OpenVPN on redhat/centos 6.X servers in the Amazon EC2 Cloud.

Login to the Amazon EC2 Cloud

Install the following

# yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y


Next download LZO RPM and the repo RPMForge has to be configured


# wget

Prior to adding correct repo to OpenVPN Server Check if the server supports 64 bit or 32 bit using the command

# getconf LONG_BITo4

if it is 32 download

# wget

if it is 64 bit then download

# wget

Next build the package lzo

# rpmbuild –rebuild lzo-1.08-4.rf.src.rpm

# rpm -Uvh lzo-*.rpm

# rpm -Uvh rpmforge-release*


Post the above initial configuration install OpenVPN

# yum install openvpn -y

Copy easy-rsa folder to /etc/openvpn/

# cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/


# vi /etc/openvpn/easy-rsa/2.0/vars

Replace the line

export KEY_CONFIG=’$EASY_RSA/whichopensslcnf $EASY_RSA’


export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf


Now create certificates

# cd /etc/openvpn/easy-rsa/2.0

# chmod 755 *

# source ./vars

# ./vars

# ./clean-all


Next build the ca file

# ./build-ca o19

Fill the Details as per your organization or Personal Details

Country Name: enter your country details or Just Press Enter for Defaults

State or Province Name: Enter your State or Just Press Enter for Defaults

City: Enter your City or Just Press Enter for Defaults

Org Name: Enter your Organization Name or Just Press Enter for Defaults

Org Unit Name: Enter your Org Unit Name or Just Press Enter for Defaults

Common Name: Enter a Name for Your VPN Server

Email Address: Enter your admin email details

Build Key Server

# ./build-key-server server

Values can be entered same as you entered for the command ./

with few changes

Common Name: server

A challenge password: press enter to leave it blank

Optional company name: Optional value

sign the certificate: y

1 out of 1 certificate requests: y


build Diffie Hellman

# ./build-dh


Edit /etc/openvpn/server.conf  and insert the lines followed by

# vi /etc/openvpn/server.conf

port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/ /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
#plugin /etc/openvpn/ /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
push “redirect-gateway def1”
push “dhcp-option DNS”
push “dhcp-option DNS”
keepalive 5 30
status 1194.log
verb 3


Start the OpenVPN Service


# service openvpn start


enable IP forwarding in the file /etc/sysctl.conf

Edit and save the file /etc/sysctl.conf

# vi /etc/sysctl.conf


net.ipv4.ip_forward = 0


net.ipv4.ip_forward = 1

load the modified changes

sysctl -p

Create a Normal Username ( i have used linuxbrainbox ) which will also allow to login to OpenVPN

# useradd linuxbrainbox -s /bin/false


create password for the user linuxbrainbox

# passwd linuxbrainbox

Route command for iptables

# iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

# iptables -t nat -A POSTROUTING -o venet0 -j SNAT –to-source 54.84.***.***

# iptables -t nat -A POSTROUTING -s -j SNAT –to-source 54.84.***.***

Note : Replace 54.84.***.*** with your OpenVPN Server’s Public IP

Save Iptables

# service iptables save

Client Side Configuration

on a windows Client

Create a file server.opvn and copy the below

dev tun
proto udp
remote 54.84.***.***  1194 # – Replace with Your OpenVPN Server IP & Port
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
reneg-sec 0
verb 3

Save the above file in the OpenVPN installed config directory

Using winscp ( file copy software from windows client and linux machine) and logging in to the openvpn server copy the file ca.crt from the folder /etc/openvpn/easy-rsa/2.0/keys/ca.crt  to the OpenVPN config folder of your windows client machine

Now Check logging in with username linuxbrainbox and its password ( which i created on the server side: replace with the username you created in the server side)

user login openvpn

One important point to be noted if after connecting to the VPN if client machine is not getting the internet do the following once again

# iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

connected to server

Prior to connecting to VPN check IP Address using www.whatismyip.comLocal IP

After connecting to OpenVPN Check your IP Address once again using to be using the OpenVPN Server Internet Service Provider IP Address

Amazon IP Address



2 thoughts on “Step by Step Tutorial for installing OpenVPN on the Amazon EC2 Cloud

  1. Mauvis Ledford

    Just wanted to say thanks. Your directions were a little sloppy but 100% helpful in getting OpenVPN working on EC2!


Leave a Reply

Your email address will not be published. Required fields are marked *