setup a FREE VPN server in the cloud (AWS)

TL;DR

Use an AWS EC2 free-tier eligible Ubuntu image from AWS Marketplace that already includes OpenVPN Access Server to avoid manual installation.

Briefing Cornell Notes

Briefing

A free, self-hosted VPN is achievable by running OpenVPN Access Server on an AWS EC2 instance using the AWS Marketplace “free tier eligible” option—then routing all client traffic through the tunnel for encrypted browsing. The practical payoff is simple: anyone can connect a laptop, phone, or other device to a cloud-based VPN, mask their public IP, and securely access private AWS resources without paying for a commercial VPN subscription.

The setup starts in AWS with an EC2 “launch instance.” Instead of installing OpenVPN from scratch, the workflow uses AWS Marketplace to find an Ubuntu server image that already includes OpenVPN Access Server. The key selection is the “free tier eligible” variant, which avoids ongoing software licensing costs for basic use. While OpenVPN itself is free and open source, OpenVPN Access Server is commercial; this particular Marketplace image is configured as a “bring your own license” style that allows two free client connections—enough for a user and a friend. After choosing a free-tier instance size (t2.micro), the only other required AWS artifact is an SSH key pair. The key must be downloaded immediately because it’s the only chance to retrieve it later.

Once the EC2 instance is running, the next step is connecting via SSH and initializing the OpenVPN Access Server. The process involves accepting prompts, switching from root to the openvpn user, and setting an admin/client password using a command that updates the openvpn user’s credentials. After that, the admin interface is reached through the instance’s public IPv4 address on port 943, using the /admin path. Logging in with the openvpn username and the password created during initialization unlocks the configuration.

The crucial security change happens in the admin panel under routing: enabling “all client traffic should be routed through the VPN.” Saving settings and applying the update ensures that connected devices send their internet traffic through the VPN tunnel, not directly to the public internet. With the server configured, clients use the user portal (same IP, port 943, but without /admin) to download the appropriate OpenVPN client for their device.

A Windows client install is shown as an example, but the same portal supports other platforms like iOS and Android via an app. After installing and signing in with the same openvpn credentials, connecting should shift browsing traffic through the VPN. Verification is done by checking “what’s my IP” in a browser; the public IP should change to match the AWS VPN server rather than the user’s home ISP.

Finally, the cost logic is grounded in AWS Free Tier rules: a free-tier account provides 12 months of access, and a single t2.micro instance can run up to 750 hours per month for free (744 hours is roughly a month). After the free period, the instance cost is estimated around $10/month, still positioned as competitive with many paid VPN services. The result is a cloud-based VPN that can also support secure access to AWS private networks (VPC) while keeping traffic encrypted and private.

Cornell Notes

Running OpenVPN Access Server on an AWS EC2 free-tier instance provides a working VPN without paying for a commercial subscription. The setup uses an AWS Marketplace Ubuntu image that already includes OpenVPN, then configures the admin password over SSH and enables “route all client traffic through the VPN” in the admin console. Clients connect through the user portal by downloading the OpenVPN client for their device and signing in with the same openvpn username and password. IP checks confirm traffic is tunneled through the AWS server, not the user’s home network. AWS Free Tier rules (12 months, ~750 hours/month for t2.micro) make the first year effectively free for light usage.

Why use an AWS Marketplace OpenVPN image instead of installing OpenVPN manually on EC2?

The Marketplace image comes pre-configured with OpenVPN Access Server on an Ubuntu server, which avoids the time-consuming setup steps. In the transcript, the selection specifically targets the “free tier eligible” option so the instance can run under AWS Free Tier while still providing the OpenVPN tooling needed to stand up a VPN quickly.

What’s the practical difference between OpenVPN being free and OpenVPN Access Server being paid?

OpenVPN software is free and open source, but OpenVPN Access Server is a commercial product. The Marketplace option used is described as a “bring your own license” style that allows two clients for free—enough for the user and one additional person. If more than two clients are needed, that configuration wouldn’t fit.

What is the most important admin setting to make the VPN actually protect browsing traffic?

In the admin panel under VPN settings → routing, the key toggle is “should client internet traffic be routed through the vpn.” Setting it to “yes” forces all client internet traffic through the VPN tunnel, ensuring browsing is encrypted and not sent directly to the public internet.

How does the transcript verify that the VPN is working?

After connecting with the OpenVPN client, the user checks “what’s my IP” in a browser. The IP shown should match the AWS VPN server’s public IP rather than the user’s home ISP IP, indicating traffic is routed through the VPN.

How do the AWS Free Tier limits translate into “free” VPN hosting?

AWS Free Tier provides 12 months of access. For the example configuration using a t2.micro instance, the transcript cites 750 hours per month for free. Since a month is about 744 hours, the instance can run continuously within the free allowance for that first year.

Review Questions

What steps are required after the EC2 instance is “running” to make the OpenVPN server usable (including the password setup)?
Which admin routing option ensures all client traffic is tunneled through the VPN, and where is it located in the console?
How would you confirm from a client device that your public IP has changed due to the VPN connection?

Key Points

1
Use an AWS EC2 free-tier eligible Ubuntu image from AWS Marketplace that already includes OpenVPN Access Server to avoid manual installation.
2
Select the free-tier instance size (t2.micro) and download the SSH key pair immediately after creating it, since it’s only available at creation time.
3
Connect to the instance via SSH, initialize OpenVPN Access Server, and set the openvpn admin/client password (then log in as the openvpn user, not root).
4
Access the admin console at https://<public-ip>:943/admin and the client portal at https://<public-ip>:943 for downloading device clients.
5
In the admin panel, enable routing so “all client internet traffic” is routed through the VPN; save settings and apply the update.
6
Install the OpenVPN client from the user portal, sign in with the same openvpn username/password, and connect to start tunneling traffic.
7
Validate the VPN by checking your public IP in a browser; it should match the AWS server’s IP rather than your home ISP.

Highlights

The fastest path to a working VPN is choosing the AWS Marketplace “free tier eligible” Ubuntu image that already has OpenVPN Access Server installed.

The single most important security toggle is routing: enabling “all client internet traffic should be routed through the VPN.”

A quick “what’s my IP” check confirms whether traffic is actually tunneled through the AWS-hosted VPN server.

AWS Free Tier can cover roughly a year of light VPN hosting: about 750 hours/month for a t2.micro instance.

OpenVPN Access Server licensing is handled via the Marketplace configuration, which allows two free clients in this setup.

Topics

AWS EC2
OpenVPN Access Server
VPN Routing
AWS Free Tier
Client Setup

Mentioned

AWS
EC2
VPC
IP
SSH
OpenVPN