OpenVPN on AWS

This will install OpenVPN server on an EC2 instance or any other server that can connect to your company subnets.

Server Setup

1.install OpenVPN server

run install script,

https://gist.github.com/perfecto25/30e622feee286d75897bc112929e1b38

for interface IP select the public IP address (if AWS, select the IPv4 Public IP)

select defaults

add users, which will create <user>.ovpn files

2.

enable ipv4 forward in /etc/sysctl.conf

net.ipv4.ip_forward = 1

3.

configure Iptables, open iptables for OVPN access

iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT

iptables -A INPUT -i tun+ -j ACCEPT

iptables -A FORWARD -i tun+ -j ACCEPT

iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

iptables -A OUTPUT -o tun+ -j ACCEPT

restart the iptables service

4.

add Company subnets to server.conf

vi /etc/openvpn/server.conf

push "route 192.168.22.0 255.255.255.0" # NYC office network

push "route 192.168.31.0 255.255.255.0" # Dallas office network

etc

5.restart OpenVPN

systemctl start openvpn@server

Client setup

on Linux

• 1. If you are on Linux, install OpenVPN client

  2. (Fedora, RHEL, Centos) yum install openvpn

  3. (Ubuntu, Debian) apt install openvpn

1. connect to OpenVPN

   1. sudo openvpn --config <username>.ovpn

      1. enter password

   2. Connection should be established.

on Windows

• 1. If on Windows, install the windows OpenVPN client

  2. choose the EXE installer

  3. https://openvpn.net/community-downloads/

  4. Right click on OpenVPN icon, click Import File and select your <username>.ovpn file

  5. right click on icon again and click Connect, enter your password. It should now connect to QB network

on Mac

1.Download and install Tunnelblick software. Please go to below link to download the latest installer.

Tunnelblick installer