Discover how to create and configure your private VPN server using AWS and Meshnet.
Last updated
Was this helpful?
As the internet has become an indispensable part of our daily lives, addressing its inherent challenges is more important than ever — be it maintaining privacy, securing connections, or accessing global content without restrictions. A personal VPN server can be an effective solution to these concerns, allowing you to navigate the digital world with greater control and peace of mind.
This article focuses on how to create a VPN server using a cloud-based approach in combination with Meshnet. With Meshnet's connectivity and , you can access your VPN server securely from any location and device, without the need for advanced configuration.
When it comes to choosing a cloud provider for setting up a virtual machine, (AWS) stands out as a popular and reliable option. AWS provides an attractive free tier, enabling you to explore their services without any financial commitment.
Before you begin, sign up for an and log in. During registration, you can choose from various support plans, including a free option.
Complete the following steps to prepare for launching a virtual machine (VM), referred to as an EC2 instance in the AWS environment.
From the navigation bar, select the Regions dropdown menu and choose the region where you want your server to be located.
Do any of the following:
On the Console home page, under Build a solution, choose Launch a virtual machine.
Open the and, under Launch instance, select the Launch instance button, and then choose the Launch instance option.
To configure and launch a VM instance:
Under Name and tags, in the Name field, enter a name for your instance.
Under Application and OS Images (Amazon Machine Image), choose an operating system for your instance, like Ubuntu, and its preferred version. Consider choosing a version marked as Free tier eligible to avoid additional costs.
Under Instance type, you can select the hardware configuration for your instance. The instance type eligible for the free tier is already selected by default, so you can proceed without modifying it unless you need additional resources.
You can leave the default options selected for the remaining configuration settings of your instance.
Under Summary, select Launch instance. It will take a few minutes for AWS to set up the instance.
Before connecting to your instance, ensure that it has passed all status checks displayed in the Status check column of the Instances pane, as shown:
To protect your private key, make sure that only you have read access to it by setting the appropriate permissions.
Right-click the downloaded private key.
Select Properties, choose the Security tab, and click Advanced.
Click Disable inheritance > Convert inherited permissions into explicit permission on this object.
Back in the Advanced security settings window, remove access for all users except your own account by selecting a permission entry and clicking Remove.
Click Apply, and then click OK to save changes.
To establish an SSH connection to your VM instance:
Locate the public DNS address of your instance in the Public IPv4 DNS column of the Instances pane.
Open Command prompt (on Windows) or Terminal (on Linux and macOS).
Enter the following command, replacing the placeholders with the appropriate values for your VM instance, where:
</path/key-pair-name.pem> is the path to your private SSH key file.
<instance-public-dns-name> is the public DNS address of your VM instance.
Example
You will receive a response similar to the one below. Type yes and press Enter to confirm the connection.
You should now be successfully connected to your instance.
To set up NordVPN on your instance, follow these steps:
Download and install the NordVPN Linux client by entering this command in the instance terminal:
Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
By running the nordvpn login command with the --token flag
By running the nordvpn login command with the --callback flag
Instructions for both methods are outlined below.
Tip
To preserve your token when logging out of the NordVPN app, use the nordvpn logout --persist-token command. Otherwise, your token will be revoked.
To view the Nord name and Meshnet IP address of your instance, enter the following command.
To begin using the VPN server, you need to grant the traffic routing permission for each peer device that you want to have access to the server. Enable this permission from the server machine using the following command:
Example
To begin using your instance as a VPN server, you need to route traffic from a client device through the instance. Follow these steps:
On your client device, open NordVPN and log in to your account.
Under Key pair (login), choose the option to create a new key pair. Make sure to save the automatically downloaded private key file in a secure location. For additional details, refer to .
Configure network settings for better security if needed. Default settings usually suffice for a typical setup, but customizing security groups adds extra protection. For more information, see the procedure in Amazon's documentation.
Once your instance is running, you can access it from your local computer using .
<instance-username> is the username associated with your VM.
The default username is determined by the AMI selected when configuring the instance. For example, an Ubuntu AMI uses ubuntu as the username. For more information, consult the article in Amazon’s documentation.
On any device, log in to your dashboard and select the Meshnet (by NordVPN) card.
On your instance, by typing this command:
Additionally, you will see all the devices connected to your network. Depending on the granted to each device, they will have access to this server via Meshnet.
For more information, see the page.
Start routing traffic through the linked host device you set up. For specific instructions, see .
should now match the public IP address of your instance. This way, your real IP address remains secure, and the websites you visit will detect the location of your VPN server instead of your actual device.
