Platform Supported

Repo Stats

Deployments

VPN Server

You need a VPN but don't want to pay for it?
OpenVPN is the solution, but configuring it manually can be a lengthy process.
Once configured, keeping the instance up all the time costs $$.
Scaling up/down a VPN server on demand can make that lengthy process an absolute nightmare.
This module allows you to create your own on demand VPN server in under 2 minutes.
The solution is fully automated and runs with OpenVPN using AWS EC2.

How it works

Create an AWS EC2 instance using a pre-built OpenVPN AMI.
Create a security group with the necessary ports allowed.
Configure the vpn server using SSH.
Download the OpenVPN client and connect using public IP of the ec2 instance.
All set! Now the internet traffic will be routed through the VPN. Verify it using an IP Lookup

To take it a step further, if you have a registered domain in AWS, vpn-server can be accessed with an alias record in route53 pointing to the public IP of the ec2 instance.

All the above steps are performed automatically when creating a new VPN server.
This module can also be used to clean up all the AWS resources spun up for creating a vpn server.

ENV Variables

Environment variables are loaded from .env file if present.

More on Environment variables

IMAGE_ID - AMI ID to be used. Defaults to a pre-built AMI from SSM parameter for OpenVPN Access Server AMI Alias.
INSTANCE_TYPE - Instance type to use for the VPN server. Defaults to t2.nano, use t2.micro if under free-tier.
VPN_USERNAME - Username to access OpenVPN Connect client. Defaults to log in profile or openvpn
VPN_PASSWORD - Password to access OpenVPN Connect client. Defaults to awsVPN2021
DOMAIN - Domain name for the hosted zone.
RECORD_NAME - Alias record name using which the VPN server has to be accessed.

To get notification about login information:

GMAIL_USER - Username of the gmail account.
GMAIL_PASS - Password of the gmail account.
RECIPIENT - Email address to which the notification has to be sent.
PHONE - Phone number to which the notification has to be sent (Works only for US based cellular)

Optionally env vars for AWS config (AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_REGION_NAME) can be setup.

Install

python -m pip install vpn-server

Usage

import vpn

# Instantiates the object, takes the same args as env vars.
vpn_server = vpn.VPNServer()  # Defaults to console logging, but supports custom logger.

vpn_server.create_vpn_server()  # Create a VPN Server, login information will be saved to a JSON file.

# Re-configure an existing VPN Server (not required, unless the configuration steps have been interrupted)
# vpn_server.reconfigure_vpn()

# Test an existing VPN Server (not required, as a test is run right after creation anyway)
# vpn_server.test_vpn()

vpn_server.delete_vpn_server()  # Deletes the VPN Server removing the AWS resources acquired during creation.

Manual Configuration

Following are the prompts and response required to configure the VPN server.

Are you sure you want to continue connecting (yes/no)? yes

Please enter 'yes' to indicate your agreement [no]: yes
Will this be the primary Access Server node? Default: yes
Please specify the network interface and IP address to be used by the Admin Web UI: Default: all interfaces: 0.0.0.0
Please specify the port number for the Admin Web UI. Default: 943
Please specify the TCP port number for the OpenVPN Daemon. Default: 443
Should client traffic be routed by default through the VPN? yes
Should client DNS traffic be routed by default through the VPN? Default: No
Use local authentication via internal DB? Default: yes
Should private subnets be accessible to clients by default? Default: yes
Do you wish to login to the Admin UI as "openvpn"? Default: yes
Specify the username for an existing user or for the new user account: {USERNAME}
Type the password for the 'vicky' account: {PASSWORD}
Confirm the password for the 'vicky' account: {PASSWORD}
Please specify your Activation key (or leave blank to specify later): {ENTER/RETURN}

Download the OpenVPN application and get connected to the VPN server.

AWS Resources Used

EC2
- Instance - To redirect traffic through the instance's IP
- SecurityGroup - To allow traffic over specific TCP ports
- Systems Manager - To access OpenVPN SSM parameter store to retrieve the AMI ID
- Route53 [Optional] - To access VPN server using an A record in Route 53
VPC [Default]
Subnet [Default]

Release Notes

Requirement

python -m pip install changelog-generator

Usage

changelog reverse -f release_notes.rst -t 'Release Notes'

Linting

PreCommit will ensure linting, and the doc creation are run on every commit.

Requirement

pip install sphinx==5.1.1 pre-commit recommonmark

Usage

pre-commit run --all-files

Links

Repository

Runbook

Package

License & copyright

Licensed under the MIT License

Project Name	Stars	Most Recent Commit	Open Issues	License	Language
Awsvpnlauncher	7	7 months ago	1	apache-2.0	Java
A quick launcher for a OpenVPN Server on AWS EC2
Vpn Server	3	a month ago		mit	Python
Automate OpenVPN using AWS EC2 and Python
Terravpn	1	5 years ago		apache-2.0	HCL
AWS EC2 OpenVPN on demand with terraform

Vpn Server