How do I configure OpenVPN in AWS VPC?
In this guide, we will set up an OpenVPN server in an AWS VPC using Pulumi. We will create a VPC, subnets, an EC2 instance, and necessary security groups to allow OpenVPN traffic.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create a new VPC
const vpc = new aws.ec2.Vpc("my-vpc", {
cidrBlock: "10.0.0.0/16",
enableDnsHostnames: true,
enableDnsSupport: true,
tags: {
Name: "my-vpc",
},
});
// Create an Internet Gateway
const internetGateway = new aws.ec2.InternetGateway("internet-gateway", {
vpcId: vpc.id,
tags: {
Name: "internet-gateway",
},
});
// Create a public subnet
const publicSubnet = new aws.ec2.Subnet("public-subnet", {
vpcId: vpc.id,
cidrBlock: "10.0.1.0/24",
mapPublicIpOnLaunch: true,
tags: {
Name: "public-subnet",
},
});
// Create a route table
const routeTable = new aws.ec2.RouteTable("route-table", {
vpcId: vpc.id,
routes: [
{
cidrBlock: "0.0.0.0/0",
gatewayId: internetGateway.id,
},
],
tags: {
Name: "route-table",
},
});
// Associate the route table with the public subnet
const routeTableAssociation = new aws.ec2.RouteTableAssociation("route-table-association", {
subnetId: publicSubnet.id,
routeTableId: routeTable.id,
});
// Create a security group for the OpenVPN server
const openVpnSecurityGroup = new aws.ec2.SecurityGroup("openvpn-security-group", {
vpcId: vpc.id,
description: "Allow OpenVPN traffic",
ingress: [
{
protocol: "tcp",
fromPort: 22,
toPort: 22,
cidrBlocks: ["0.0.0.0/0"],
},
{
protocol: "udp",
fromPort: 1194,
toPort: 1194,
cidrBlocks: ["0.0.0.0/0"],
},
],
egress: [
{
protocol: "-1",
fromPort: 0,
toPort: 0,
cidrBlocks: ["0.0.0.0/0"],
},
],
tags: {
Name: "openvpn-security-group",
},
});
// Create an EC2 instance for the OpenVPN server
const openVpnInstance = new aws.ec2.Instance("openvpn-instance", {
instanceType: "t2.micro",
ami: "ami-0c55b159cbfafe1f0", // Amazon Linux 2 AMI
subnetId: publicSubnet.id,
vpcSecurityGroupIds: [openVpnSecurityGroup.id],
associatePublicIpAddress: true,
tags: {
Name: "openvpn-instance",
},
userData: `#!/bin/bash
yum update -y
amazon-linux-extras install -y epel
yum install -y openvpn easy-rsa
make-cadir /etc/openvpn/certs
cd /etc/openvpn/certs
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-dh
./easyrsa build-server-full server nopass
./easyrsa build-client-full client nopass
openvpn --genkey --secret ta.key
cp pki/private/server.key pki/issued/server.crt pki/ca.crt pki/dh.pem ta.key /etc/openvpn/
echo "port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
user nobody
group nogroup
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3" > /etc/openvpn/server.conf
systemctl start openvpn@server
systemctl enable openvpn@server`,
});
// Export the public IP of the OpenVPN instance
export const publicIp = openVpnInstance.publicIp;
Key Points
- We created a VPC and a public subnet.
- We set up an Internet Gateway and a route table to allow internet access.
- We created a security group to allow SSH and OpenVPN traffic.
- We launched an EC2 instance with OpenVPN installed and configured.
Summary
In this guide, we configured an OpenVPN server in an AWS VPC using Pulumi. We created the necessary network infrastructure, security groups, and an EC2 instance to host the OpenVPN server. This setup allows secure VPN connections to your AWS VPC.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.