How to create a VPN server with AWS
Discover how to create and configure your private VPN server using AWS and Meshnet.
Introduction
As the internet has become an indispensable part of our daily lives, addressing its inherent challenges is more important than ever — be it maintaining privacy, securing connections, or accessing global content without restrictions. A personal VPN server can be an effective solution to these concerns, allowing you to navigate the digital world with greater control and peace of mind.
This article focuses on how to create a VPN server using a cloud-based approach in combination with Meshnet. With Meshnet's connectivity and traffic routing capabilities, you can access your VPN server securely from any location and device, without the need for advanced configuration.
When it comes to choosing a cloud provider for setting up a virtual machine, Amazon Web Services (AWS) stands out as a popular and reliable option. AWS provides an attractive free tier, enabling you to explore their services without any financial commitment.
Note
While setting up your own VPN server enhances your online privacy, it may not provide the same level of protection as connecting to a standard VPN server offered by NordVPN. NordVPN follows a strict no-logs policy, which is crucial for ensuring your online activities remain confidential.
Prerequisites
Before you begin, sign up for an AWS account and log in. During registration, you can choose from various support plans, including a free option.
Create a VM instance on AWS
Complete the following steps to prepare for launching a virtual machine (VM), referred to as an EC2 instance in the AWS environment.
Do any of the following:
On the Console home page, under Build a solution, choose Launch a virtual machine.
Open the EC2 console dashboard and, under Launch instance, select the Launch instance button, and then choose the Launch instance option.
Note
This guide primarily covers the setup of an Ubuntu-based VM, but AWS also supports Windows, macOS, and other operating system VMs for custom virtual servers.
To configure and launch a VM instance:
Under Name and tags, in the Name field, enter a name for your instance.
Under Application and OS Images (Amazon Machine Image), choose an operating system for your instance, like Ubuntu, and its preferred version. Consider choosing a version marked as Free tier eligible to avoid additional costs.
Under Instance type, you can select the hardware configuration for your instance. The instance type eligible for the free tier is already selected by default, so you can proceed without modifying it unless you need additional resources.
Under Key pair (login), choose the option to create a new key pair. Make sure to save the automatically downloaded private key file in a secure location. For additional details, refer to Amazon's documentation on creating a key pair.
Configure network settings for better security if needed. Default settings usually suffice for a typical setup, but customizing security groups adds extra protection. For more information, see the Create a security group procedure in Amazon's documentation.
You can leave the default options selected for the remaining configuration settings of your instance.
Under Summary, select Launch instance. It will take a few minutes for AWS to set up the instance.
Before connecting to your instance, ensure that it has passed all status checks displayed in the Status check column of the Instances pane, as shown:
Connect to your instance
Once your instance is running, you can access it from your local computer using SSH.
Setting permissions for the private key
To protect your private key, make sure that only you have read access to it by setting the appropriate permissions.
Right-click the downloaded private key.
Select Properties, choose the Security tab, and click Advanced.
Click Disable inheritance > Convert inherited permissions into explicit permission on this object.
Back in the Advanced security settings window, remove access for all users except your own account by selecting a permission entry and clicking Remove.
Click Apply, and then click OK to save changes.
Accessing your instance using an SSH client
Note
By default, password authentication and root login are disabled.
To establish an SSH connection to your VM instance:
Locate the public DNS address of your instance in the Public IPv4 DNS column of the Instances pane.
Open Command prompt (on Windows) or Terminal (on Linux and macOS).
Enter the following command, replacing the placeholders with the appropriate values for your VM instance, where:
</path/key-pair-name.pem>
is the path to your private SSH key file.<instance-username>
is the username associated with your VM. The default username is determined by the AMI selected when configuring the instance. For example, an Ubuntu AMI usesubuntu
as the username. For more information, consult the Manage users on your Linux instance article in Amazon’s documentation.<instance-public-dns-name>
is the public DNS address of your VM instance.
Example
You will receive a response similar to the one below. Type
yes
and press Enter to confirm the connection.
You should now be successfully connected to your instance.
Install NordVPN on the instance
To set up NordVPN on your instance, follow these steps:
Download and install the NordVPN Linux client by entering this command in the instance terminal:
Log in to your NordVPN account.
Log in to NordVPN
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
By running the
nordvpn login
command with the--token
flagBy running the
nordvpn login
command with the--callback
flag
Instructions for both methods are outlined below.
Tip
To preserve your token when logging out of the NordVPN app, use the nordvpn logout --persist-token
command. Otherwise, your token will be revoked.
Note
If you encounter the error message “Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock,” enter sudo usermod -aG nordvpn $USER
. Then, reboot your instance and log back in.
Enable Meshnet
On your instance, enable Meshnet by typing this command:
To view the Nord name and Meshnet IP address of your instance, enter the following command.
Additionally, you will see all the devices connected to your network. Depending on the permissions granted to each device, they will have access to this server via Meshnet.
Grant the traffic routing permission
To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command:
Example
For more information, see the Traffic routing permissions page.
Route traffic through your instance
To begin using your instance as a VPN server, you need to route traffic from a client device through the instance. Follow these steps:
On your client device, open NordVPN and log in to your account.
Start routing traffic through the linked host device you set up. For specific instructions, see Routing traffic in Meshnet.
Your device's IP address should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.
Last updated