How to Create an SSL VPN server on Alibaba Cloud in 15 Minutes

By Oliver Zhang, Solutions Architect, Alibaba Cloud ANZ team

Disclaimer: In some countries, it may be illegal to use a VPN. Please consult and comply with your local laws and regulations before proceeding with this tutorial.

The purpose of this article is to demonstrate a quick way to build an OpenVPN server on Alibaba Cloud Elastic Compute Service (ECS). This tutorial provides a simpler alternative to the more detailed configuration of OpenVPN in this tutorial. To follow the steps below, you will need an Alibaba Cloud account and some basic knowledge of cloud computing.

Step 1: Create an ECS Instance

In this step we are going to configure an ECS instance with the correct OS and ACL. We will use us-east region to build the infrastructure.

i) Log in to Alibaba Cloud, clock on Products, go to ECS service

ii) Click on Instances

iii) Change to us-east region

iv) Click “Create Instance”

v) Choose “Pay As You Go”, filter instance type “t5-lc1m2.large”, select the instance type

vi) Choose Ubuntu 16.04 and click on “Next: Networking”

vii) Untick the “Assign public IP” and go to “Next: System Configurations”

viii) Configure “Login Password” and “Instance Name” then click on “Next: Grouping”

ix) Click on “Preview”

x) Tick “Terms of Service” then click on “Create Instance”

xi) You should be able to see the server is starting

xii) While we wait for the server to start, we can get a static IP, click on “EIP”

xiii) Click on “Create EIP”

xiv) Give it 200M and click on “Buy Now”

xv) Activate the EIP

xvi) Close the TAB

xvii) Refresh then you should be able to see the new EIP

xviii) Bind the new EIP to the ECS created above

xix) Confirm the status changes to “Allocated” after 10 seconds and close this tab

xx) Click refresh and confirm the EIP is on the ECS

xxi) Click on “Manage”

xxii) Click on “Security Groups” and then click on “Add Rules”

xxiii) Delete all default rules and allow all traffic from your laptop/PC’s public IP and allow TCP 443 from First rule is to allow your laptop/PC to be able to SSH to the VPN server and use the web interface. Second rule is to allow the VPN clients to login.

Step 2: Install and Configure OpenVPN

i) SSH to the VPN server using the EIP

ii) Download openvpn-as by running the command

iii) Install openvpn-as by running the command

iv) Change the openvpn user password by running:

v) Login to the web console by visiting the URL: https://ECS_EIP:943/admin

vi) Goto “Network Settings” and change the Hostname to the EIP of ECS.

vii) Save the settings

viii) Update running server

Step 3: Setup Test Environment on an iPhone

There are other articles out there showcase how to setup the VPN clients on PC and Mac. For this article, we are going to set up a test client on an iPhone.

i) Download OpenVPN APP from the app store.

ii) Open the OpenVPN app and click on “Access Server”

iii) Fill in the details and click on ADD.

iv) Click on the switch to connect.

v) The SSL VPN is now connected

vi) The public IP of the iPhone is the same as the ECS EIP.


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.