By Oliver Zhang, Solutions Architect, Alibaba Cloud ANZ team
Disclaimer: In some countries, it may be illegal to use a VPN. Please consult and comply with your local laws and regulations before proceeding with this tutorial.
The purpose of this article is to demonstrate a quick way to build an OpenVPN server on Alibaba Cloud Elastic Compute Service (ECS). This tutorial provides a simpler alternative to the more detailed configuration of OpenVPN in this tutorial. To follow the steps below, you will need an Alibaba Cloud account and some basic knowledge of cloud computing.
In this step we are going to configure an ECS instance with the correct OS and ACL. We will use us-east region to build the infrastructure.
i) Log in to Alibaba Cloud, clock on Products, go to ECS service
ii) Click on Instances
iii) Change to us-east region
iv) Click "Create Instance"
v) Choose "Pay As You Go", filter instance type "t5-lc1m2.large", select the instance type
vi) Choose Ubuntu 16.04 and click on "Next: Networking"
vii) Untick the "Assign public IP" and go to "Next: System Configurations"
viii) Configure "Login Password" and "Instance Name" then click on "Next: Grouping"
ix) Click on "Preview"
x) Tick "Terms of Service" then click on "Create Instance"
xi) You should be able to see the server is starting
xii) While we wait for the server to start, we can get a static IP, click on "EIP"
xiii) Click on "Create EIP"
xiv) Give it 200M and click on "Buy Now"
xv) Activate the EIP
xvi) Close the TAB
xvii) Refresh then you should be able to see the new EIP
xviii) Bind the new EIP to the ECS created above
xix) Confirm the status changes to "Allocated" after 10 seconds and close this tab
xx) Click refresh and confirm the EIP is on the ECS
xxi) Click on "Manage"
xxii) Click on "Security Groups" and then click on "Add Rules"
xxiii) Delete all default rules and allow all traffic from your laptop/PC's public IP and allow TCP 443 from 0.0.0.0/0. First rule is to allow your laptop/PC to be able to SSH to the VPN server and use the web interface. Second rule is to allow the VPN clients to login.
i) SSH to the VPN server using the EIP
ii) Download openvpn-as by running the command
wget http://swupdate.openvpn.org/as/openvpn-as-2.6.1-Ubuntu16.amd_64.deb 
iii) Install openvpn-as by running the command
dpkg -i openvpn-as-2.6.1-Ubuntu16.amd_64.deb
iv) Change the openvpn user password by running:
passwd openvpn 
v) Login to the web console by visiting the URL: https://ECS_EIP:943/admin
vi) Goto "Network Settings" and change the Hostname to the EIP of ECS.
vii) Save the settings
viii) Update running server
There are other articles out there showcase how to setup the VPN clients on PC and Mac. For this article, we are going to set up a test client on an iPhone.
i) Download OpenVPN APP from the app store.
ii) Open the OpenVPN app and click on "Access Server"
iii) Fill in the details and click on ADD.
iv) Click on the switch to connect.
v) The SSL VPN is now connected
vi) The public IP of the iPhone is the same as the ECS EIP.
Consumer Insights: Empowering Customer 360 and Precision Marketing with Data Intelligence
2,593 posts | 789 followers
FollowAlibaba Clouder - August 19, 2020
Alibaba Clouder - August 2, 2019
Alibaba Cloud Community - September 27, 2021
Alibaba Clouder - July 6, 2021
Alibaba Clouder - January 11, 2021
Alibaba Clouder - August 2, 2019
2,593 posts | 789 followers
Follow
VPN Gateway
VPN Gateway is an Internet-based service that establishes a connection between a VPC and your on-premise data center.
Learn More
ECS(Elastic Compute Service)
Elastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn More
Certificate Management Service
You can use Certificate Management Service to issue, deploy, and manage public and private SSL/TLS certificates.
Learn MoreMore Posts by Alibaba Clouder
5387531503597926 September 13, 2021 at 9:47 am
using EIP is required?