This project helps you to quickly set up a working OpenVPN server on AWS, using AWS Client VPN.
This project helps you deploy a working OpenVPN server by using AWS Client VPN. It is a built-in service of AWS VPC that is typically used by developers to securely connect to resources within the VPC network. But it can also be used to access the public internet, just like any typical VPN service. Deploying a VPN server this way has many advantages over the traditional way of deploying a VPN server on an ec2 instance. For example, the bandwidth is not limited by the networking performance of the instance type.
This project provides a python script that does the deployment automatically. Due to the distinct nature of this deployment method, it is recommended to understand how it works in detail before using the script. To do so, you can read through the manual deployment tutorial here. Also, for more information on how to use the script, see this page.
I personally came up with this idea of deploying a VPN server as a workaround of the traditional VM-based solution, in order to better fit my usage scenario. But this deployment method also has its own drawbacks. Below is a clear comparison between the two.
| Traditional VM-based Script Deployment(on AWS and similar cloud platforms) | AWS Client VPN-based Deployment(this project) | |
|---|---|---|
| VPN protocol(s)* | not limited | OpenVPN |
| Billing Scheme | instance uptime + outbound traffic | endpoint association time** + connection time per user + outbound traffic |
| Deployment Time*** | minutes depending on the instance type and other factors | 15 minutes maximum |
| Networking Performance | solely depending on the instance type used | automatically scalable**** |
| Regions | all service regions where VM service is available | all AWS regions |
| Free Plan***** | 750 hours of free usage of t2.micro per month in the leading 12 months since account creation |
no free plan eligible |
Expand this section to see the notes.
* You can choose whatever protocols of VPN to install on your VM, such as IPSec, Shadowsocks. But when using the Client VPN, your choice is limited to only OpenVPN.
** The "association time" stands for the time when the endpoint is associated with the target subnet, not to be confused with the time when the user's client is connected to the endpoint, which in this case is "connection time per user".
*** To install a VPN server on a EC2-like VM, it takes time for the operating system to process the required software components.(e.g. compilation, certificate generations) Therefore the overall deployment time varies, as more powerful systems perform such tasks faster.
**** According to AWS, the networking performance of Client VPN is elastic, and automatically scales to your demand. In my personal experiences, the bandwidth available when using Client VPN directly depends on that of your home network bandwidth.
***** See this page for more info on AWS Free Plan.
Due to the changing nature of the AWS services that are being updated constantly(new regions, new functionalities, etc...), we need to ensure that the script is compatible with the latest developments of the AWS services. You are welcome to make contributions to the project because that would really help.
Copyright (C) 2020-2024 Scott X. Liang <scott.liang@pm.me>
Unless otherwise noted, the work in this repository is licensed under GNU General Public License Version 3.