How to Create an SSL VPN server on Alibaba Cloud in 15 Minutes

By Oliver Zhang, Solutions Architect, Alibaba Cloud ANZ team

Disclaimer: In some countries, it may be illegal to use a VPN. Please consult and comply with your local laws and regulations before proceeding with this tutorial.

The purpose of this article is to demonstrate a quick way to build an OpenVPN server on Alibaba Cloud Elastic Compute Service (ECS). This tutorial provides a simpler alternative to the more detailed configuration of OpenVPN in this tutorial. To follow the steps below, you will need an Alibaba Cloud account and some basic knowledge of cloud computing.

Step 1: Create an ECS Instance

In this step we are going to configure an ECS instance with the correct OS and ACL. We will use us-east region to build the infrastructure.

i) Log in to Alibaba Cloud, clock on Products, go to ECS service

Image for post
Image for post

ii) Click on Instances

Image for post
Image for post

iii) Change to us-east region

Image for post
Image for post

iv) Click “Create Instance”

Image for post
Image for post

v) Choose “Pay As You Go”, filter instance type “t5-lc1m2.large”, select the instance type

Image for post
Image for post

vi) Choose Ubuntu 16.04 and click on “Next: Networking”

Image for post
Image for post

vii) Untick the “Assign public IP” and go to “Next: System Configurations”

Image for post
Image for post

viii) Configure “Login Password” and “Instance Name” then click on “Next: Grouping”

Image for post
Image for post

ix) Click on “Preview”

Image for post
Image for post

x) Tick “Terms of Service” then click on “Create Instance”

Image for post
Image for post

xi) You should be able to see the server is starting

Image for post
Image for post

xii) While we wait for the server to start, we can get a static IP, click on “EIP”

Image for post
Image for post

xiii) Click on “Create EIP”

Image for post
Image for post

xiv) Give it 200M and click on “Buy Now”

Image for post
Image for post

xv) Activate the EIP

Image for post
Image for post

xvi) Close the TAB

Image for post
Image for post

xvii) Refresh then you should be able to see the new EIP

Image for post
Image for post

xviii) Bind the new EIP to the ECS created above

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

xix) Confirm the status changes to “Allocated” after 10 seconds and close this tab

Image for post
Image for post

xx) Click refresh and confirm the EIP is on the ECS

Image for post
Image for post
Image for post
Image for post

xxi) Click on “Manage”

Image for post
Image for post

xxii) Click on “Security Groups” and then click on “Add Rules”

Image for post
Image for post

xxiii) Delete all default rules and allow all traffic from your laptop/PC’s public IP and allow TCP 443 from 0.0.0.0/0. First rule is to allow your laptop/PC to be able to SSH to the VPN server and use the web interface. Second rule is to allow the VPN clients to login.

Image for post
Image for post

Step 2: Install and Configure OpenVPN

i) SSH to the VPN server using the EIP

Image for post
Image for post

ii) Download openvpn-as by running the command

wget http://swupdate.openvpn.org/as/openvpn-as-2.6.1-Ubuntu16.amd_64.deb

iii) Install openvpn-as by running the command

dpkg -i openvpn-as-2.6.1-Ubuntu16.amd_64.deb
Image for post
Image for post

iv) Change the openvpn user password by running:

passwd openvpn
Image for post
Image for post

v) Login to the web console by visiting the URL: https://ECS_EIP:943/admin

Image for post
Image for post

vi) Goto “Network Settings” and change the Hostname to the EIP of ECS.

Image for post
Image for post

vii) Save the settings

Image for post
Image for post

viii) Update running server

Image for post
Image for post

Step 3: Setup Test Environment on an iPhone

There are other articles out there showcase how to setup the VPN clients on PC and Mac. For this article, we are going to set up a test client on an iPhone.

i) Download OpenVPN APP from the app store.

Image for post
Image for post

ii) Open the OpenVPN app and click on “Access Server”

Image for post
Image for post

iii) Fill in the details and click on ADD.

Image for post
Image for post

iv) Click on the switch to connect.

Image for post
Image for post

v) The SSL VPN is now connected

Image for post
Image for post

vi) The public IP of the iPhone is the same as the ECS EIP.

Reference:https://www.alibabacloud.com/blog/how-to-create-an-ssl-vpn-server-on-alibaba-cloud-in-15-minutes_594497?spm=a2c65.12602030.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store