How to Create an SSL VPN server on Alibaba Cloud in 15 Minutes
By Oliver Zhang, Solutions Architect, Alibaba Cloud ANZ team
Disclaimer: In some countries, it may be illegal to use a VPN. Please consult and comply with your local laws and regulations before proceeding with this tutorial.
The purpose of this article is to demonstrate a quick way to build an OpenVPN server on Alibaba Cloud Elastic Compute Service (ECS). This tutorial provides a simpler alternative to the more detailed configuration of OpenVPN in this tutorial. To follow the steps below, you will need an Alibaba Cloud account and some basic knowledge of cloud computing.
Step 1: Create an ECS Instance
In this step we are going to configure an ECS instance with the correct OS and ACL. We will use us-east region to build the infrastructure.
i) Log in to Alibaba Cloud, clock on Products, go to ECS service
ii) Click on Instances
iii) Change to us-east region
iv) Click “Create Instance”
v) Choose “Pay As You Go”, filter instance type “t5-lc1m2.large”, select the instance type
vi) Choose Ubuntu 16.04 and click on “Next: Networking”
vii) Untick the “Assign public IP” and go to “Next: System Configurations”
viii) Configure “Login Password” and “Instance Name” then click on “Next: Grouping”
ix) Click on “Preview”
x) Tick “Terms of Service” then click on “Create Instance”
xi) You should be able to see the server is starting
xii) While we wait for the server to start, we can get a static IP, click on “EIP”
xiii) Click on “Create EIP”
xiv) Give it 200M and click on “Buy Now”
xv) Activate the EIP
xvi) Close the TAB
xvii) Refresh then you should be able to see the new EIP
xviii) Bind the new EIP to the ECS created above
xix) Confirm the status changes to “Allocated” after 10 seconds and close this tab
xx) Click refresh and confirm the EIP is on the ECS
xxi) Click on “Manage”
xxii) Click on “Security Groups” and then click on “Add Rules”
xxiii) Delete all default rules and allow all traffic from your laptop/PC’s public IP and allow TCP 443 from 0.0.0.0/0. First rule is to allow your laptop/PC to be able to SSH to the VPN server and use the web interface. Second rule is to allow the VPN clients to login.
Step 2: Install and Configure OpenVPN
i) SSH to the VPN server using the EIP
ii) Download openvpn-as by running the command
wget http://swupdate.openvpn.org/as/openvpn-as-2.6.1-Ubuntu16.amd_64.deb
iii) Install openvpn-as by running the command
dpkg -i openvpn-as-2.6.1-Ubuntu16.amd_64.deb
iv) Change the openvpn user password by running:
passwd openvpn
v) Login to the web console by visiting the URL: https://ECS_EIP:943/admin
vi) Goto “Network Settings” and change the Hostname to the EIP of ECS.
vii) Save the settings
viii) Update running server
Step 3: Setup Test Environment on an iPhone
There are other articles out there showcase how to setup the VPN clients on PC and Mac. For this article, we are going to set up a test client on an iPhone.
i) Download OpenVPN APP from the app store.
ii) Open the OpenVPN app and click on “Access Server”
iii) Fill in the details and click on ADD.
iv) Click on the switch to connect.
v) The SSL VPN is now connected
vi) The public IP of the iPhone is the same as the ECS EIP.
