{"id":351,"date":"2019-04-12T21:12:05","date_gmt":"2019-04-12T21:12:05","guid":{"rendered":"https:\/\/bootstrap-it.com\/blog\/?p=351"},"modified":"2020-11-22T16:50:20","modified_gmt":"2020-11-22T16:50:20","slug":"how-you-can-use-openvpn-to-safely-access-private-aws-resources","status":"publish","type":"post","link":"https:\/\/bootstrap-it.com\/blog\/?p=351","title":{"rendered":"How you can use OpenVPN to safely access private AWS resources"},"content":{"rendered":"<div id=\"s-share-buttons\" class=\"horizontal-w-c-circular s-share-w-c\"><a href=\"http:\/\/www.facebook.com\/sharer.php?u=https:\/\/bootstrap-it.com\/blog\/?p=351\" target=\"_blank\" title=\"Share to Facebook\" class=\"s3-facebook hint--top\"><\/a><a href=\"http:\/\/twitter.com\/intent\/tweet?text=How you can use OpenVPN to safely access private AWS resources&url=https:\/\/bootstrap-it.com\/blog\/?p=351\" target=\"_blank\"  title=\"Share to Twitter\" class=\"s3-twitter hint--top\"><\/a><a href=\"http:\/\/reddit.com\/submit?url=https:\/\/bootstrap-it.com\/blog\/?p=351&title=How you can use OpenVPN to safely access private AWS resources\" target=\"_blank\" title=\"Share to Reddit\" class=\"s3-reddit hint--top\"><\/a><a href=\"http:\/\/www.linkedin.com\/shareArticle?mini=true&url=https:\/\/bootstrap-it.com\/blog\/?p=351\" target=\"_blank\" title=\"Share to LinkedIn\" class=\"s3-linkedin hint--top\"><\/a><a href=\"mailto:?Subject=How%20you%20can%20use%20OpenVPN%20to%20safely%20access%20private%20AWS%20resources&Body=Here%20is%20the%20link%20to%20the%20article:%20https:\/\/bootstrap-it.com\/blog\/?p=351\" title=\"Email this article\" class=\"s3-email hint--top\"><\/a><\/div>\n<p><em>This article was adapted from part of my Pluralsight course, \u201c<\/em><a rel=\"noreferrer noopener\" href=\"http:\/\/pluralsight.pxf.io\/c\/1191769\/424552\/7490?subId1=solving&amp;u=https%3A%2F%2Fapp.pluralsight.com%2Fprofile%2Fauthor%2Fdavid-clinton\" target=\"_blank\"><em>Connecting On-prem Resources to your AWS Infrastructure<\/em><\/a><em>.\u201d<\/em><\/p>\n\n\n\n<p>Do you sometimes need to connect to resources you\u2019ve got running on Amazon Web Services? Accessing your public EC2 instances using SSH and encrypting your S3 data is, for all intents and purposes, secure enough. But what about getting into a back-end RDS database instance or working with AWS-based data that\u2019s not public? There are all kinds of reasons why admins keep such resources out of reach of the general public. But if you can\u2019t get at them when you need, what good are they likely to do you?<\/p>\n\n\n\n<p>So you\u2019ll need to find a safe and reliable way around the ACLs and security groups protecting your stuff. One solution I cover in&nbsp;<a href=\"http:\/\/pluralsight.pxf.io\/c\/1191769\/424552\/7490?subId1=solving&amp;u=https%3A%2F%2Fapp.pluralsight.com%2Fprofile%2Fauthor%2Fdavid-clinton\" rel=\"noreferrer noopener\" target=\"_blank\">my \u201cConnecting On-prem Resources to your AWS Infrastructure\u201d course on Pluralsight<\/a>&nbsp;is Direct Connect. But if Direct Connect\u2019s price tag is a budget-buster for your company, then some kind of VPN tunnel might do the trick.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"7111\">What\u2019s a Virtual Private&nbsp;Network?<\/h3>\n\n\n\n<p>Virtual Private Networks (VPNs) are often used to allow otherwise restricted network activity or anonymous browsing. But that\u2019s not what this article is about.<\/p>\n\n\n\n<p>A VPN is a point-to-point connection that lets you move data securely between two sites across a public network. Effectively, a tunnel can be designed to combine two geographically separated private sites into one single private network. In our context, that would mean connecting your local office network with the AWS VPC that\u2019s hosting your private resources.<\/p>\n\n\n\n<p>There are two ways to do this:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A managed VPN Connection built on top of an AWS Virtual Private Gateway<\/li><li>Using your own VPN.<\/li><\/ul>\n\n\n\n<p>This article will focus on the do it yourself method.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"b988\">The OpenVPN Access&nbsp;Server<\/h4>\n\n\n\n<p>As the name suggests,&nbsp;<a href=\"https:\/\/openvpn.net\/\" rel=\"noreferrer noopener\" target=\"_blank\">OpenVPN<\/a>&nbsp;is an open source project, and you\u2019re always able to download the free community edition and set things up on your own VPN server. But the OpenVPN company also provides a&nbsp;<a href=\"https:\/\/openvpn.net\/index.php\/access-server\/on-amazon-cloud.html\" rel=\"noreferrer noopener\" target=\"_blank\">purpose-built OpenVPN Access Server as an EC2 AMI<\/a>&nbsp;which comes out of the box with AWS-friendly integration and automated configuration tools.<\/p>\n\n\n\n<p>From what I can see, launching the AMI within your AWS VPC and opening it up for controlled remote connections has pretty much become the \u201cright\u201d way to get this job done.<\/p>\n\n\n\n<p>What does it cost? If you\u2019re only testing things out and don\u2019t plan to access the VPN using more than two connections at a time, then the AMI itself is free. You\u2019ll still be on the hook for the regular costs of an EC2 instance, but if your account is still eligible for the Free Tier, then you can get that for free, too.<\/p>\n\n\n\n<p>Once you put your VPN into active production, the license you purchase will depend on how many concurrent connections you\u2019ll need.&nbsp;<a href=\"https:\/\/docs.openvpn.net\/getting-started\/software-license-pricing\/\" rel=\"noreferrer noopener\" target=\"_blank\">This page<\/a>&nbsp;has the details you\u2019ll need.<\/p>\n\n\n\n<p>Here\u2019s what we\u2019re going to do in this guide:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Select, provision, and launch an Ubuntu AMI with OpenVPN Access Server pre-installed into my VPC<\/li><li>Access the server using SSH and configure the VPN<\/li><li>Set up an admin user<\/li><li>Set up a local machine as an OpenVPN client and connect to a private instance in my AWS VPC<\/li><\/ul>\n\n\n\n<p>Ready?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"5da7\">Launching an OpenVPN Access&nbsp;Server<\/h3>\n\n\n\n<p>From the EC2 dashboard\u200a\u2014\u200aand making sure we\u2019re in the right AWS region\u200a\u2014\u200alaunch an instance to act as our VPN server. Rather than using one of the Quick Start AMIs, I\u2019ll click on the AWS Marketplace tab and search for \u201copenvpn access server\u201d. OpenVPN provides a number of official images that are tied to licenses offering escalating numbers of connected clients.<\/p>\n\n\n\n<p>I\u2019m going to go with this Ubuntu image that works through a \u201cBring Your Own License\u201d arrangement. As I wrote earlier, we won\u2019t actually need a license for what we\u2019re going to be doing.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*Bz98uDAcZ_PzivTeXdQ5tg.png\" alt=\"\"\/><figcaption>OpenVPN Access Server AMIs available from the AWS Marketplace<\/figcaption><\/figure>\n\n\n\n<p>Selecting the AMI opens a popup telling us how much this image will cost us per hour using various instance types and EBS storage choices. Those are only regular AWS infrastructure costs, however, and don\u2019t include license fees.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*_lss26EgXf9gsUFdy1QwVg.png\" alt=\"\"\/><figcaption>OpenVPN Access Server AMI costs\u200a\u2014\u200abilled directly by&nbsp;AWS<\/figcaption><\/figure>\n\n\n\n<p>When it comes to instance type, I\u2019ll downgrade to a t2.micro to keep it within the free tier. A busy production server might require a bit more power.<\/p>\n\n\n\n<p>Because I\u2019m going to want to start up a second instance in the same subnet in a few minutes, I\u2019ll select, say, \u201cus-east-1b\u201d from the Configure Instance Details page, and make a note for later.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*DrYEESTjmcn2r_CMRnjw3w.png\" alt=\"\"\/><figcaption>Choose a subnet and note for&nbsp;later<\/figcaption><\/figure>\n\n\n\n<p>Now the Security Group page is where the OpenVPN AMI settings really shine. We\u2019re presented with a security group that opens up everything we\u2019ll need. Port 22 is for SSH traffic into the server, 943 is the port we\u2019ll use to access the admin GUI, 443 is TLS-encrypted HTTP traffic, and OpenVPN will listen for incoming client connections on port 1194.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*4vC1yj5A2GJ_PUJguIxzwA.png\" alt=\"\"\/><figcaption>The Security Group that comes with the OpenVPN&nbsp;AMI<\/figcaption><\/figure>\n\n\n\n<p><strong>Note<\/strong>: If practical, it would normally be a good idea to tighten those rules so only requests from valid company IP address ranges are accepted, but this will be fine for short-term testing.<\/p>\n\n\n\n<p>From here, I\u2019ll review my settings, confirm that I\u2019ve got the listed SSH encryption key, and pull the trigger.<\/p>\n\n\n\n<p>Once the instance is launched, I\u2019ll be shown important login information\u200a\u2014\u200aincluding the fact that the user account we\u2019ll use to SSH into the server is called openvpnas\u200a\u2014\u200aand a Quick Start guide. I\u2019ll also receive an email containing links to the same information.<\/p>\n\n\n\n<p>Back in the EC2 instances console, while the new machine finishes booting, we\u2019re shown our public IP address. If we would ever need to reboot the instance, there\u2019s no guarantee that we\u2019d get that same IP again, which could cause a reasonable amount of mayhem. So it\u2019s a good idea to assign the instance an Elastic IP.<\/p>\n\n\n\n<p>To do that, I\u2019ll click Elastic IPs and then Allocate new address. Note the new address and close the page. Now, with that address selected, click Actions, and \u201cAssociate Address\u201d. I\u2019ll click once in the Instance box and my OpenVPN instance\u200a\u2014\u200awith its helpful tag\u200a\u2014\u200ais listed. I only need to select it, click \u201cAssociate\u201d and I\u2019m done. From now on, that will be the permanent public IP for accessing our server.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*h4QIzNDD1upqFeb95DRVlw.png\" alt=\"\"\/><figcaption>Associate your new Elastic IP address with your&nbsp;instance<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"a0ae\">Accessing the&nbsp;server<\/h3>\n\n\n\n<p>I\u2019ll paste the public IP address into the terminal as part of my SSH command that calls the key pair I set for this instance.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -i KeyPairName.pem openvpnas@&lt;PublicIPAddress&gt;<\/pre>\n\n\n\n<p>If you\u2019re accessing from a Windows or macOS machine, things might work a bit differently, but the documentation will give you all the help you\u2019ll need.<\/p>\n\n\n\n<p>Before I leave the Instances console, however, I\u2019ll perform one more important function. With the OpenVPN instance selected, I\u2019ll click Actions and then Networking and then \u201cChange Source\/Dest checking\u201d. I\u2019ll make sure that checking is disabled. Nothing much will be possible unless I do this.<\/p>\n\n\n\n<p>Now over to my SSH session. As soon as it begins, I\u2019m confronted by the OpenVPN EULA license agreement, and then the setup wizard. If you need to change a setting later you can always run the wizard again using this command:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ovpn-init \u2014 ec2.<\/pre>\n\n\n\n<p>Most of the wizard\u2019s defaults will work fine, but it\u2019s worth quickly explaining what\u2019s happening. Here are the questions and some color commentary where necessary:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">primary Access Server node? yes <em>[You\u2019d answer no if you were setting up a backup or failover node.]<\/em><br>specify the network interface and IP address to be used by the Admin Web UI <em>[1 \u2014 For all interfaces; can be changed to static later.]<\/em><br>specify the port number for the Admin Web UI <em>[default]<\/em><br>specify the TCP port number for the OpenVPN Daemon <em>[default]<\/em><br>Should client traffic be routed by default through the VPN? <em>[no--That\u2019s   not the kind of VPN we\u2019re building here. What we\u2019re doing is only about getting remote clients safely and securely into our VPC. The same applies to client DNS traffic.]<\/em><br>Should client DNS traffic be routed by default through the VPN? <em>[no]<\/em> <br>Use local authentication via internal DB? <em>[no \u2014 can be useful, but we\u2019ll use Linux\/AWS authentication for simplicity.]<\/em><br>Should private subnets be accessible to clients by default? <em>[yes \u2014 that\u2019s the whole point of the VPN, after all.]<\/em><br>login to the Admin UI as \u201copenvpn\u201d? <em>[yes]<\/em><br>Provide OpenVPN Access Server license key <em>[Unnecessary for testing.]<\/em><\/pre>\n\n\n\n<p>When the wizard completes, I\u2019m shown some connection information and advised to install the network time daemon NTP. That won\u2019t be necessary on this Ubuntu box, as it\u2019s already installed and running by default.<\/p>\n\n\n\n<p>As I mentioned earlier, I will need to give the openvpn user a password so I can use it to log into the web GUI. I do that as sudo with the passwd command.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo passwd openvpn<\/pre>\n\n\n\n<p>That\u2019s all the server-side stuff we\u2019ll need. Now I\u2019m going to use a browser to log into the web GUI. I use our server\u2019s public IP address with the secure https prefix, followed by slash and admin.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">https:\/\/&lt;PublicIPAddress&gt;\/admin<\/pre>\n\n\n\n<p>You\u2019ll get a \u201cYour connection is not private\u201d warning because we\u2019re using a self-signed certificate rather than one provided by a Certificate Authority.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*LT8-hloYmJCbjSQPah4mhw.png\" alt=\"\"\/><figcaption>This is normal when using self-signing certificates<\/figcaption><\/figure>\n\n\n\n<p>That\u2019s not a problem for us, since we\u2019re only exposing our VPN to select users from within our company, and they should be able to trust our certificate. So I\u2019ll click through the warning, sign in, and agree to the EULA&nbsp;.<\/p>\n\n\n\n<p>Feel free to spend some time exploring the features provided by the OpenVPN admin console on your own.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*1RtQnmPthmQoiee37FYaig.png\" alt=\"\"\/><figcaption>The OpenVPN admin&nbsp;console<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"0579\">Setting up a VPN&nbsp;client<\/h3>\n\n\n\n<p>Right now, however, I\u2019m going to open the client UI page using the web access address we were shown before, but this time without the slash admin. This is nothing more than a login screen where you can authenticate using the same openvpn user as before. (You can always create new users back in the admin console.)<\/p>\n\n\n\n<p>Behind the login screen, there\u2019s just this set of links with directions for installing the OpenVPN client app on any of those platforms. The final link, however, is called \u201cYourself.\u201d<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/cdn-images-1.medium.com\/max\/2400\/1*8tJmMrhdugVHWL1vVelg8g.png\" alt=\"\"\/><figcaption>The OpenVPN client&nbsp;page<\/figcaption><\/figure>\n\n\n\n<p>Clicking it will prompt you to download and save a file called client.ovpn. This file contains the configuration settings to match the server and the actual keys we\u2019ll use to authenticate. You definitely want to treat this file with care so it doesn\u2019t fall into the wrong hands. That would include not sending it through plain email across unencrypted connections.<\/p>\n\n\n\n<p>I\u2019ll open the file locally and copy the contents. Then, in a shell within a Linux virtual machine running in my local network, I\u2019ll create a new file called client.ovpn and paste the contents in. If you had clicked through to the \u201cOpenVPN for Linux\u201d link in the client UI earlier, you would have seen that the only additional step necessary was to install OpenVPN using the Apt package manager\u200a\u2014\u200aor Yum if you\u2019re on a CentOS or Red Hat machine. Well that\u2019ll take just one command. When it\u2019s done its job, we\u2019ll be all set.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nano client.ovpn<br>sudo apt update<br>sudo apt install openvpn<\/pre>\n\n\n\n<p>Next we\u2019ll open the VPN connection. As root\u200a\u2014\u200ausing sudo\u200a\u2014\u200aI\u2019ll type openvpn with the config flag pointing to the client.ovpn configuration file I just created.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo openvpn \u2014 config client.ovpn<\/pre>\n\n\n\n<p>When prompted to authenticate, use the openvpn account along with the password you created for it back on the server.<\/p>\n\n\n\n<p>Now I\u2019ll open a second shell session on my local client so I can try to ssh in to the OpenVPN server using its&nbsp;<em>local<\/em>&nbsp;IP address\u200a\u2014\u200asomething that would be impossible without a working VPN connection.<\/p>\n\n\n\n<p>First though, run ip a to list all the network interfaces active on this machine.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ip a<\/pre>\n\n\n\n<p>Besides your local network, you should also see one called tun0. This interface was created by OpenVPN and will usually lie within the 172.16.x.x range.<\/p>\n\n\n\n<p>I\u2019ll ssh into the remote server using my private key\u200a\u2014\u200awhich, of course, needs to exist locally\u200a\u2014\u200aand the server\u2019s&nbsp;<em>private<\/em>&nbsp;IP address. If it works, you\u2019ll have yourself a VPN!<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ssh -i KeyPairName.pem openvpnas@&lt;PrivateIPAddress&gt;<\/pre>\n\n\n\n<p>Finally, I\u2019ll demonstrate that the VPN, as it\u2019s currently configured, will allow us access to other private resources within our Amazon VPC. This could be useful if, for instance, you\u2019ve got a database instance running in the VPC that you can\u2019t expose to the public network.<\/p>\n\n\n\n<p>I\u2019m going to launch a standard Ubuntu EC2 instance but I&nbsp;<em>won\u2019t<\/em>&nbsp;give it a public IP. I\u2019ll specify the same us-east-1b subnet we used for the OpenVPN server to keep things simple. The security group I\u2019ll use will permit SSH access through port 22 but nothing else.<\/p>\n\n\n\n<p>Once that\u2019s running, I\u2019ll note its private IP address and head back to my local client. Once I\u2019m sure the instance is fully launched, I\u2019ll ssh in using the same private key, the \u201cubuntu\u201d username\u200a\u2014\u200asince that\u2019s the default for normal Ubuntu EC2 instances\u200a\u2014\u200aand the private address I just copied.<\/p>\n\n\n\n<p>Again. If it works, you\u2019ll have a fully-configured VPN connection into your AWS private resources. Savor the moment.<\/p>\n\n\n\n<p>Don\u2019t forget to shut down all your servers and release your Elastic IP address when you\u2019re done using them. You don\u2019t want to incur costs unnecessarily.<\/p>\n\n\n\n<p><em>This article was adapted from part of my new Pluralsight course, \u201c<\/em><a rel=\"noreferrer noopener\" href=\"http:\/\/pluralsight.pxf.io\/c\/1191769\/424552\/7490?subId1=solving&amp;u=https%3A%2F%2Fapp.pluralsight.com%2Fprofile%2Fauthor%2Fdavid-clinton\" target=\"_blank\"><em>Connecting On-prem Resources to your AWS Infrastructure<\/em><\/a><em>.\u201d There\u2019s lots more where that came from at my&nbsp;<\/em><a rel=\"noreferrer noopener\" href=\"https:\/\/bootstrap-it.com\/\" target=\"_blank\"><em>Bootstrap IT site<\/em><\/a><em>.<\/em> <em>If you&#8217;re interested in learning about the new and easy-to-use WireGuard VPN software, <a href=\"https:\/\/www.freecodecamp.org\/news\/how-to-set-up-a-vpn-server-at-home\/\">check out this article<\/a> by my son, Yehuda.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article was adapted from part of my Pluralsight course, \u201cConnecting On-prem Resources to your AWS Infrastructure.\u201d Do you sometimes need to connect to resources you\u2019ve got running on Amazon Web Services? Accessing your public EC2 instances using SSH and&hellip; <a href=\"https:\/\/bootstrap-it.com\/blog\/?p=351\" class=\"more-link\">Continue Reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":352,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-351","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.2.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How you can use OpenVPN to safely access private AWS resources - Bootstrap IT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bootstrap-it.com\/blog\/?p=351\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How you can use OpenVPN to safely access private AWS resources - Bootstrap IT\" \/>\n<meta property=\"og:description\" content=\"This article was adapted from part of my Pluralsight course, \u201cConnecting On-prem Resources to your AWS Infrastructure.\u201d Do you sometimes need to connect to resources you\u2019ve got running on Amazon Web Services? Accessing your public EC2 instances using SSH and&hellip; Continue Reading &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bootstrap-it.com\/blog\/?p=351\" \/>\n<meta property=\"og:site_name\" content=\"Bootstrap IT\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-12T21:12:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-11-22T16:50:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/bootstrap-it.com\/blog\/wp-content\/uploads\/openvpn-linux.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"dbclin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@davidbclinton\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"dbclin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=351\",\"url\":\"https:\/\/bootstrap-it.com\/blog\/?p=351\",\"name\":\"How you can use OpenVPN to safely access private AWS resources - Bootstrap IT\",\"isPartOf\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#website\"},\"datePublished\":\"2019-04-12T21:12:05+00:00\",\"dateModified\":\"2020-11-22T16:50:20+00:00\",\"author\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec\"},\"breadcrumb\":{\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=351#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/bootstrap-it.com\/blog\/?p=351\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/?p=351#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/bootstrap-it.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How you can use OpenVPN to safely access private AWS resources\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#website\",\"url\":\"https:\/\/bootstrap-it.com\/blog\/\",\"name\":\"Bootstrap IT\",\"description\":\"Learn technology using technology\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/bootstrap-it.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec\",\"name\":\"dbclin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g\",\"caption\":\"dbclin\"},\"sameAs\":[\"http:\/\/bootstrap-it.com\/\",\"dbclinton\",\"https:\/\/twitter.com\/davidbclinton\"],\"url\":\"https:\/\/bootstrap-it.com\/blog\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How you can use OpenVPN to safely access private AWS resources - Bootstrap IT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bootstrap-it.com\/blog\/?p=351","og_locale":"en_US","og_type":"article","og_title":"How you can use OpenVPN to safely access private AWS resources - Bootstrap IT","og_description":"This article was adapted from part of my Pluralsight course, \u201cConnecting On-prem Resources to your AWS Infrastructure.\u201d Do you sometimes need to connect to resources you\u2019ve got running on Amazon Web Services? Accessing your public EC2 instances using SSH and&hellip; Continue Reading &rarr;","og_url":"https:\/\/bootstrap-it.com\/blog\/?p=351","og_site_name":"Bootstrap IT","article_published_time":"2019-04-12T21:12:05+00:00","article_modified_time":"2020-11-22T16:50:20+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/bootstrap-it.com\/blog\/wp-content\/uploads\/openvpn-linux.png","type":"image\/png"}],"author":"dbclin","twitter_card":"summary_large_image","twitter_creator":"@davidbclinton","twitter_misc":{"Written by":"dbclin","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bootstrap-it.com\/blog\/?p=351","url":"https:\/\/bootstrap-it.com\/blog\/?p=351","name":"How you can use OpenVPN to safely access private AWS resources - Bootstrap IT","isPartOf":{"@id":"https:\/\/bootstrap-it.com\/blog\/#website"},"datePublished":"2019-04-12T21:12:05+00:00","dateModified":"2020-11-22T16:50:20+00:00","author":{"@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec"},"breadcrumb":{"@id":"https:\/\/bootstrap-it.com\/blog\/?p=351#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bootstrap-it.com\/blog\/?p=351"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bootstrap-it.com\/blog\/?p=351#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bootstrap-it.com\/blog"},{"@type":"ListItem","position":2,"name":"How you can use OpenVPN to safely access private AWS resources"}]},{"@type":"WebSite","@id":"https:\/\/bootstrap-it.com\/blog\/#website","url":"https:\/\/bootstrap-it.com\/blog\/","name":"Bootstrap IT","description":"Learn technology using technology","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bootstrap-it.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/ae0fb1d5b3b01558b92b6426d77766ec","name":"dbclin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bootstrap-it.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a93785d437350478a7f1dfcbec58d26bc28e0124e405179acbe1b4325c09f90a?s=96&d=mm&r=g","caption":"dbclin"},"sameAs":["http:\/\/bootstrap-it.com\/","dbclinton","https:\/\/twitter.com\/davidbclinton"],"url":"https:\/\/bootstrap-it.com\/blog\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=351"}],"version-history":[{"count":4,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/351\/revisions"}],"predecessor-version":[{"id":412,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/351\/revisions\/412"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=\/wp\/v2\/media\/352"}],"wp:attachment":[{"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bootstrap-it.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}