How to create a VPN server with AWS
Discover how to create and configure your private VPN server using AWS and Meshnet.
As the internet has become an indispensable part of our daily lives, addressing its inherent challenges is more important than ever — be it maintaining privacy, securing connections, or accessing global content without restrictions. A personal VPN server can be an effective solution to these concerns, allowing you to navigate the digital world with greater control and peace of mind.
This article focuses on how to create a VPN server using a cloud-based approach in combination with Meshnet. With Meshnet's connectivity and traffic routing capabilities, you can access your VPN server securely from any location and device, without the need for advanced configuration.
When it comes to choosing a cloud provider for setting up a virtual machine, Amazon Web Services (AWS) stands out as a popular and reliable option. AWS provides an attractive free tier, enabling you to explore their services without any financial commitment.
While setting up your own VPN server enhances your online privacy, it may not provide the same level of protection as connecting to a standard VPN server offered by NordVPN. NordVPN follows a strict no-logs policy, which is crucial for ensuring your online activities remain confidential.
Before you begin, sign up for an AWS account and log in. During registration, you can choose from various support plans, including a free option.
Complete the following steps to prepare for launching a virtual machine (VM), referred to as an EC2 instance in the AWS environment.
- 1.From the navigation bar, select the Regions dropdown menu and choose the region where you want your server to be located.
- 2.Do any of the following:
- On the Console home page, under Build a solution, choose Launch a virtual machine.
- Open the EC2 console dashboard and, under Launch instance, select the Launch instance button, and then choose the Launch instance option.
This guide primarily covers the setup of an Ubuntu-based VM, but AWS also supports Windows, macOS, and other operating system VMs for custom virtual servers.
To configure and launch a VM instance:
- 1.Under Name and tags, in the Name field, enter a name for your instance.
- 2.Under Application and OS Images (Amazon Machine Image), choose an operating system for your instance, like Ubuntu, and its preferred version. Consider choosing a version marked as Free tier eligible to avoid additional costs.
- 3.Under Instance type, you can select the hardware configuration for your instance. The instance type eligible for the free tier is already selected by default, so you can proceed without modifying it unless you need additional resources.
- 4.Under Key pair (login), choose the option to create a new key pair. Make sure to save the automatically downloaded private key file in a secure location. For additional details, refer to Amazon's documentation on creating a key pair.
- 5.Configure network settings for better security if needed. Default settings usually suffice for a typical setup, but customizing security groups adds extra protection. For more information, see the Create a security group procedure in Amazon's documentation.
- 6.You can leave the default options selected for the remaining configuration settings of your instance.
- 7.Under Summary, select Launch instance. It will take a few minutes for AWS to set up the instance.
Before connecting to your instance, ensure that it has passed all status checks displayed in the Status check column of the Instances pane, as shown:
To protect your private key, make sure that only you have read access to it by setting the appropriate permissions.
From macOS or Linux
- 1.Right-click the downloaded private key.
- 2.Select Properties, choose the Security tab, and click Advanced.
- 3.Click Disable inheritance > Convert inherited permissions into explicit permission on this object.
- 4.Back in the Advanced security settings window, remove access for all users except your own account by selecting a permission entry and clicking Remove.
- 5.Click Apply, and then click OK to save changes.
- 1.Open Terminal.
- 2.Enter the following command, replacing
</path/key-pair-name.pem>with the path to the downloaded private key:chmod 400 </path/key-pair-name.pem>Example
By default, password authentication and root login are disabled.
To establish an SSH connection to your VM instance:
- 1.Locate the public DNS address of your instance in the Public IPv4 DNS column of the Instances pane.
- 2.Open Command prompt (on Windows) or Terminal (on Linux and macOS).
- 3.Enter the following command, replacing the placeholders with the appropriate values for your VM instance, where:
ssh -i </path/key-pair-name.pem> <instance-username>@<instance-public-dns-name>Example
</path/key-pair-name.pem>is the path to your private SSH key file.
<instance-username>is the username associated with your VM. The default username is determined by the AMI selected when configuring the instance. For example, an Ubuntu AMI uses
ubuntuas the username. For more information, consult the Manage users on your Linux instance article in Amazon’s documentation.
<instance-public-dns-name>is the public DNS address of your VM instance.
- 4.You will receive a response similar to the one below. Type
yesand press Enter to confirm the connection.
You should now be successfully connected to your instance.
To set up NordVPN on your instance, follow these steps:
- 1.Download and install the NordVPN Linux client by entering this command in the instance terminal:sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)
- 2.Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
- By running the
nordvpn logincommand with the
- By running the
nordvpn logincommand with the
Instructions for both methods are outlined below.
Log in using a token
Log in using a URL
- 1.On any device, log in to your Nord Account dashboard and, under NordVPN Meshnet free, select View details.
- 2.Scroll down until you see Manual setup, and select Set up NordVPN manually.
- 3.Enter the verification code sent to your email address.
- 4.Under Access token, select Generate new token.
- 5.In the dialog that appears, choose either a token that expires in 30 days or one that never expires, and then select Generate token.
- 6.Select Copy and close.
- 7.On your VM, enter the
nordvpn login --tokencommand along with the copied token:nordvpn login --token <your_token>Examplenordvpn login --token 3fe460cefb8dcf1478c92e45908cec9f9bdbadf7a456a6dfb35dc2c58ee39d5b
You should now see a welcome message.
To preserve your token when logging out of the NordVPN app, use the
nordvpn logout --persist-tokencommand. Otherwise, your token will be revoked.
- 1.Run the following command:nordvpn login
- 2.Open the provided link on any device in your browser.
- 3.Complete the login procedure.
- 4.Right-click the Continue button and select Copy link address.
- 5.Run the following command, replacing
<URL>with the previously copied link address:nordvpn login --callback "<URL>"Examplenordvpn login --callback "nordvpn://login?action=login&exchange_token=MGFlY2E1NmE4YjM2NDM4NjUzN2VjOWIzYWM3ZTU3ZDliNDdiNzRjZTMwMjE5YjkzZTNhNTI3ZWZlOTIwMGJlOQ%3D%3D&status=done"
You should now see a welcome message.
If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter
sudo usermod -aG nordvpn $USER. Then, exit and log back into your instance.
nordvpn set meshnet on
To view the Nord name and Meshnet IP address of your instance, enter the following command.
nordvpn meshnet peer list
Additionally, you will see all the devices connected to your network. Depending on the permissions granted to each device, they will have access to this server via Meshnet.
To begin using your instance as a VPN server, you need to route traffic from a client device through the instance. Follow these steps:
- 1.On your client device, open NordVPN and log in to your account.
- 2.Start routing traffic through the linked host device you set up. For specific instructions, see Routing traffic in Meshnet.
Your device's IP address should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.