×
Community Blog How to Create an SSL VPN server on Alibaba Cloud in 15 Minutes

How to Create an SSL VPN server on Alibaba Cloud in 15 Minutes

In this tutorial, we will demonstrate a quick way to build an OpenVPN server on Alibaba Cloud ECS by simply running 3 lines of codes.

By Oliver Zhang, Solutions Architect, Alibaba Cloud ANZ team

Disclaimer: In some countries, it may be illegal to use a VPN. Please consult and comply with your local laws and regulations before proceeding with this tutorial.

The purpose of this article is to demonstrate a quick way to build an OpenVPN server on Alibaba Cloud Elastic Compute Service (ECS). This tutorial provides a simpler alternative to the more detailed configuration of OpenVPN in this tutorial. To follow the steps below, you will need an Alibaba Cloud account and some basic knowledge of cloud computing.

Step 1: Create an ECS Instance

In this step we are going to configure an ECS instance with the correct OS and ACL. We will use us-east region to build the infrastructure.

i) Log in to Alibaba Cloud, clock on Products, go to ECS service

1

ii) Click on Instances

2

iii) Change to us-east region

3

iv) Click "Create Instance"

4

v) Choose "Pay As You Go", filter instance type "t5-lc1m2.large", select the instance type

5

vi) Choose Ubuntu 16.04 and click on "Next: Networking"

6

vii) Untick the "Assign public IP" and go to "Next: System Configurations"

7

viii) Configure "Login Password" and "Instance Name" then click on "Next: Grouping"

8

ix) Click on "Preview"

9

x) Tick "Terms of Service" then click on "Create Instance"

10

xi) You should be able to see the server is starting

11

xii) While we wait for the server to start, we can get a static IP, click on "EIP"

12

xiii) Click on "Create EIP"

13

xiv) Give it 200M and click on "Buy Now"

14

xv) Activate the EIP

15

xvi) Close the TAB

16

xvii) Refresh then you should be able to see the new EIP

17

xviii) Bind the new EIP to the ECS created above

18

19

20

21

xix) Confirm the status changes to "Allocated" after 10 seconds and close this tab

22

xx) Click refresh and confirm the EIP is on the ECS

23

24

xxi) Click on "Manage"

25

xxii) Click on "Security Groups" and then click on "Add Rules"

26

xxiii) Delete all default rules and allow all traffic from your laptop/PC's public IP and allow TCP 443 from 0.0.0.0/0. First rule is to allow your laptop/PC to be able to SSH to the VPN server and use the web interface. Second rule is to allow the VPN clients to login.

27

Step 2: Install and Configure OpenVPN

i) SSH to the VPN server using the EIP

28

ii) Download openvpn-as by running the command

wget http://swupdate.openvpn.org/as/openvpn-as-2.6.1-Ubuntu16.amd_64.deb  

29

iii) Install openvpn-as by running the command

dpkg -i openvpn-as-2.6.1-Ubuntu16.amd_64.deb

30

iv) Change the openvpn user password by running:

passwd openvpn  

31

v) Login to the web console by visiting the URL: https://ECS_EIP:943/admin

32

vi) Goto "Network Settings" and change the Hostname to the EIP of ECS.

33

vii) Save the settings

34

viii) Update running server

35

Step 3: Setup Test Environment on an iPhone

There are other articles out there showcase how to setup the VPN clients on PC and Mac. For this article, we are going to set up a test client on an iPhone.

i) Download OpenVPN APP from the app store.

36

ii) Open the OpenVPN app and click on "Access Server"

37

iii) Fill in the details and click on ADD.

38

iv) Click on the switch to connect.

39

v) The SSL VPN is now connected

40

vi) The public IP of the iPhone is the same as the ECS EIP.

41

1 0 0
Share on

Alibaba Clouder

2,599 posts | 764 followers

You may also like

Comments

5387531503597926 September 13, 2021 at 9:47 am

using EIP is required?