top of page
Search

AWS VPC designing to secure your services using Openvpn server


In this blog I am sharing information about "How we can secure access our private subnet on AWS Public cloud using openvpn. Openvpn is a server and client architecture, where client is asking for connection using different authentication methods. Once client established the connection with server, the client will reach all connected network to the openvpn server.


By using this scenario we don't have to publish our server with public connectivity, On other hand we can access these servers securely over the internet.

How to implement

Below are few things that should be implement to understand the solution.


★ A VPC with Private and Public subnet.

★ Internet Gateway attached to Public subnet.

★ Security groups for both subnet

★Update Route table

★ Install OpenVPN on Public Subnet.

★ Configure the VPN server

★ Install a destination machine on private subnet.

★ Install VPN client on Local machine

★ Connect to Public subnet and access private subnet using VPN.


These few steps will give you the overall understanding of scenario. This approach is really safe and secure.


Let's implement the stack step by step :


Goal 1: First create VPC with private and public subnet. Below are the steps:

  • Open AWS console and click on service VPC.

  • Click on Create VPC.

ree

  • Now you have to select VPC and More, As seen in below mentioned screenshot.

  • Now you can design your VPC with already build template. You just have to add or delete the subnet as per your solution design. In this screenshot you have four subnet on two different AZ as us-west-1b, us-west-1c and three route table. Every AZ is containing a public and private subnet.


ree

  • Define your Project name.

  • Select your VPC CIDR block. In my case I have chosen 10.0.0.0/16.

  • Number of AZ, I have gone with 2.

  • Number of public subnet.


ree

  • Now you just have to click on create VPC and our VPC will ready in few seconds.

Goal 2: Install Open VPN server.


For installing Openvpn server I am using an ec2 instance using Openvpn AMI from AWS Market place. It is not necessary to choose AMI from market place, you can make your own server on Linux platform.

  1. Launch EC2 Instance.

  2. Define the name of instance.

  3. Select OpenVPN AMI from AWS market place


ree

  • Choose your instance type. In my case I am using t2.micro.

  • Select key pair or you can create your own .

  • Select your VPC that you have created earlier.

  • Select the Public subnet for this machine.


ree

  • Select the Security group or You can create new SG for the same. As per your application requirement .

  • Launch your instance.

Goal 3: Linux machine for verify the testing.


Same steps to create a Linux VM as EC2. Please not few thing that should be in consideration.

  1. Select same VPC , But subnet should be private.

  2. No Public DNS enabled.

Goal 4: Configure OpenVPN


Once your VPN server is ready, you can login into it. In first login attempt you will have to give some input to the system as below:


Will this be the primary Access Server node?

(enter ‘no’ to configure as a backup or standby node)

Press ENTER for default [yes]: yes


Please specify the network interface and IP address to be

used by the Admin Web UI:

(1) all interfaces: 0.0.0.0

(2) eth0: 172.16.10.121

Please enter the option number from the list above (1-2).

Press Enter for default [2]:

Please specify the port number for the Admin Web UI.

Press ENTER for default [943]:


Please specify the TCP port number for the OpenVPN Daemon

Press ENTER for default [443]:


Should client traffic be routed by default through the VPN?

Press ENTER for default [yes]:


Should client DNS traffic be routed by default through the VPN?

Press ENTER for default [yes]:


Use local authentication via internal DB?

Press ENTER for default [no]:

Initial Configuration Complete!

You can now continue configuring OpenVPN Access Server by

directing your Web browser to this URL:

https://172.16.10.121:943/admin

Login as "openvpn" with the same password used to authenticate

to this UNIX host.

Now you can login into the Web GUI using https://172.16.10.121:943/admin.


Goal 5: Create VPN client user and connect from your local system .


  1. After login into the console, you just have to create a user for client by click on user tab.

  2. Install OpenVPN client on you local machine. You can download from this link https://openvpn.net/community-downloads/

  3. Connect to your Public IP address.

  4. Now you can reach on Linux machine which is in private subnet.







 
 
 

Recent Posts

See All

Comments

bottom of page